LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 10-26-2006, 10:20 PM   #1
jstars
Member
 
Registered: Jun 2005
Location: Edmonton, Canada
Distribution: SuSE 10
Posts: 51

Rep: Reputation: 15
Unhappy Troubleshoot permissions in a Samba share


I am having trouble setting read-only permissions for my kids account on my home server (running Samba). I have set-up a documents share that I want my wife and I to have "rw-" access to, but my children only "r--" access (so they don't delete stuff).

I have several users on two different WinXP machines (PC1 and PC2) in my house. They are set-up in the following groups (taken from /etc/groups):

g-children:x:60006:children
g-parents:x:60007:alfred,parents,sophia
g-admin:x:60008:alfred


The following is an excerpt from the Samba config file for the "flex-documents" share:

[flex-documents]
path = /var/flexshare/shares/documents
comment = Documents
create mask = 0664
force group = g-parents
public = yes
browseable = yes
writeable = yes


However, when I log into a windows machine under the username "children", I still have write access to this share! I don't want my kids to delete family pictures by mistake! What am I doing wrong with the permissions???
 
Old 10-26-2006, 10:28 PM   #2
chakkerz
Member
 
Registered: Dec 2002
Location: Brisbane, Australia
Distribution: RedHat (RHEL, FC, CentOS), openSuSE, Mac OS X
Posts: 653

Rep: Reputation: 32
# A publicly accessible directory, but read only, except for people in
# the "staff" group
;[public]
; comment = Public Stuff
; path = /home/samba
; public = yes
; writable = yes
; printable = no
; write list = @staff

so drop the force group and instead add write list = @g-parents
 
Old 10-26-2006, 11:34 PM   #3
jstars
Member
 
Registered: Jun 2005
Location: Edmonton, Canada
Distribution: SuSE 10
Posts: 51

Original Poster
Rep: Reputation: 15
Works great, thanks. I no longer have write access to files I do not own when logged in as "children".

However, now I don't seem to have visibility to the contents of sub-directories when logged in as "children". For example, some share sub-directories have files in them, but these files are not visible when logged in as "children". They are only visible when logged in as "parents". Does this have something to do with "browseable" or "printable" options in Samba?
 
Old 10-26-2006, 11:38 PM   #4
chakkerz
Member
 
Registered: Dec 2002
Location: Brisbane, Australia
Distribution: RedHat (RHEL, FC, CentOS), openSuSE, Mac OS X
Posts: 653

Rep: Reputation: 32
yeah
it's the browseable option
 
Old 10-27-2006, 04:28 PM   #5
jstars
Member
 
Registered: Jun 2005
Location: Edmonton, Canada
Distribution: SuSE 10
Posts: 51

Original Poster
Rep: Reputation: 15
Okay, I played with the browseable option but I couldn't seem to get it to work. Instead I looked at the linux file permissions. I read somewhere that to access the contents of a directory, the user must have execute permission to the directory. Therefore I did a "chmod o=rx * -R -v" to the share. This recursively made ALL files and directories executable to "other" users (Not the best idea, but I don't know how to restrict the command to just directories). Anyway the contents of directories can now be accessed in the children account now.

Accordingly I changed the samba share create mask from "0664" to "0665".

I'm new to linux permissions. If someone can show me how to make just the directories executable, that would be appreciated.
 
Old 10-29-2006, 03:18 PM   #6
chakkerz
Member
 
Registered: Dec 2002
Location: Brisbane, Australia
Distribution: RedHat (RHEL, FC, CentOS), openSuSE, Mac OS X
Posts: 653

Rep: Reputation: 32
Elaborate example follows:

None the less use the find comand at the root you require looking for type d(irectory)

ie find ./tester -type d

and use that in your chmod as the target for the chmod command

ie chmod 711 `find ./tester -type d`

NOTE those quotes are the charater under the tilde/~ (usually next to the 1)

SO the setup for the test:
Quote:
[chakkerz@tigerente ~]$ mkdir tester
[chakkerz@tigerente ~]$ cd tester
[chakkerz@tigerente tester]$ touch something else test 1 2 3 4
[chakkerz@tigerente tester]$ mkdir directory
[chakkerz@tigerente tester]$ touch directory/1 directory/2 directory/3
[chakkerz@tigerente tester]$ ls -F
1 2 3 4 directory/ else something test
[chakkerz@tigerente another]$ touch test you me and irene
[chakkerz@tigerente another]$ ls
and irene me test you
The verification, change and final verification (and a type f for good measure) :

Quote:
[chakkerz@tigerente ~]$ cd ~
[chakkerz@tigerente ~]$ ls -ld `find ./tester/ -type d`
drwxrwx--- 3 chakkerz chakkerz 4096 Oct 30 07:11 ./tester/
drwxrwx--- 3 chakkerz chakkerz 4096 Oct 30 07:12 ./tester/directory
drwxrwx--- 2 chakkerz chakkerz 4096 Oct 30 07:12 ./tester/directory/another
[chakkerz@tigerente ~]$ chmod 711 `find ./tester/ -type d`
[chakkerz@tigerente ~]$ ls -ld `find ./tester/ -type d`
drwx--x--x 3 chakkerz chakkerz 4096 Oct 30 07:11 ./tester/
drwx--x--x 3 chakkerz chakkerz 4096 Oct 30 07:12 ./tester/directory
drwx--x--x 2 chakkerz chakkerz 4096 Oct 30 07:12 ./tester/directory/another
[chakkerz@tigerente ~]$ ls -ld `find ./tester/ -type f`
-rw-rw---- 1 chakkerz chakkerz 0 Oct 30 07:11 ./tester/1
-rw-rw---- 1 chakkerz chakkerz 0 Oct 30 07:11 ./tester/2
-rw-rw---- 1 chakkerz chakkerz 0 Oct 30 07:11 ./tester/3
-rw-rw---- 1 chakkerz chakkerz 0 Oct 30 07:11 ./tester/4
-rw-rw---- 1 chakkerz chakkerz 0 Oct 30 07:11 ./tester/directory/1
-rw-rw---- 1 chakkerz chakkerz 0 Oct 30 07:11 ./tester/directory/2
-rw-rw---- 1 chakkerz chakkerz 0 Oct 30 07:11 ./tester/directory/3
-rw-rw---- 1 chakkerz chakkerz 0 Oct 30 07:12 ./tester/directory/another/and
-rw-rw---- 1 chakkerz chakkerz 0 Oct 30 07:12 ./tester/directory/another/irene
-rw-rw---- 1 chakkerz chakkerz 0 Oct 30 07:12 ./tester/directory/another/me
-rw-rw---- 1 chakkerz chakkerz 0 Oct 30 07:12 ./tester/directory/another/test
-rw-rw---- 1 chakkerz chakkerz 0 Oct 30 07:12 ./tester/directory/another/you
-rw-rw---- 1 chakkerz chakkerz 0 Oct 30 07:11 ./tester/else
-rw-rw---- 1 chakkerz chakkerz 0 Oct 30 07:11 ./tester/something
-rw-rw---- 1 chakkerz chakkerz 0 Oct 30 07:11 ./tester/test
 
Old 10-29-2006, 05:10 PM   #7
jstars
Member
 
Registered: Jun 2005
Location: Edmonton, Canada
Distribution: SuSE 10
Posts: 51

Original Poster
Rep: Reputation: 15
Holy schniky! Thanks. But now that I have made every file and directory executable, how do I do the inverse of `find ./tester -type d`? That is, apply the chmod to every item other than directories.

Surely I can't say `find ./tester -type b c p f l s D` or is there a better way?
 
Old 10-29-2006, 06:33 PM   #8
chakkerz
Member
 
Registered: Dec 2002
Location: Brisbane, Australia
Distribution: RedHat (RHEL, FC, CentOS), openSuSE, Mac OS X
Posts: 653

Rep: Reputation: 32
BANG !

use a ! (not) to negate the type and invert the search request

Quote:
[chakkerz@tigerente ~]$ find ./tester/ ! -type d
./tester/2
./tester/4
./tester/3
./tester/test
./tester/something
./tester/else
./tester/1
./tester/directory/2
./tester/directory/3
./tester/directory/1
./tester/directory/another/you
./tester/directory/another/irene
./tester/directory/another/me
./tester/directory/another/and
./tester/directory/another/test
 
Old 10-29-2006, 10:53 PM   #9
jstars
Member
 
Registered: Jun 2005
Location: Edmonton, Canada
Distribution: SuSE 10
Posts: 51

Original Poster
Rep: Reputation: 15
Sweet. Thanks.
 
  


Reply

Tags
groups, permissions, samba, shares, users


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
samba share permissions keisinger Linux - Enterprise 1 08-13-2006 08:56 AM
Samba share permissions anorman Linux - Software 1 10-22-2005 02:49 AM
samba share permissions? psychomaniac Linux - Software 4 04-29-2004 02:22 PM
samba share permissions keep resetting Red Squirrel Linux - Newbie 0 03-03-2004 08:55 PM
Samba Share Permissions stever Linux - Newbie 4 05-17-2003 02:26 AM


All times are GMT -5. The time now is 08:43 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration