LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 09-19-2011, 06:27 PM   #1
gankoji
Member
 
Registered: Nov 2007
Location: Southern California
Distribution: Slackware-13.0 x86_64, Slackware 12.2, slackware64-current
Posts: 225

Rep: Reputation: 35
Question Slackware Samba Server + Windows Network Permissions Issues


Hello all! Been a while since I've posted here, but I figured where better to go with a question like this?

Anyhow, please excuse my thread if it turns out to be a duplicate, I only searched briefly on the topic. My current situation is this: I have an HP server running Slackware 12.1 dedicated to only file serving at the moment. All machines on my small network (only 1 8-port switch so far) have access, with the right user credentials. Connectivity and file sharing with the windows boxes is done by Samba, and it works out pretty well. The problem is, anytime one user creates a new directory in the Samba share, all other users are prevented write access to the directory until I go and manually reset the permissions on the server, even if they're part of the same group as the creator. Since the network is small and we don't have a large number of folks accessing the share, I generally leave the permissions set to 755.

I'm guessing that maybe there's a config option in Samba that could fix this by giving new default permissions for file creation, but it lead me to a bigger question. For flexibility as the company (hopefully) grows, would it be better now to implement some sort of LDAP to aid in keeping windows user/group permissions in line with the samba permissions? Or, if I can change the default mask in samba, would that be easier to do given that I may need to expand the network to more than just two groups later?

As it stands now I'm pretty unclear on what software could accomplish what I'm looking for: For users of the same group on the windows network, file sharing with default permissions to allow the group to access whatever files or directories are created, and the ability to separate users' and groups' access to the different shares on the samba server. It's very possible that the problem here has something to do with the windows boxes on the network, but I'm taking a stab in the dark here hoping that one of you will have some insight to help me plan this thing out. I look forward to your responses. Thanks!
 
Old 09-19-2011, 07:10 PM   #2
mrmnemo
Member
 
Registered: Aug 2009
Distribution: linux
Posts: 527

Rep: Reputation: 51
If I am understanding you correctly, you may need to force perms on the directory / file. So, maybe something like:
Code:
comment = Your office Share
     path = /media/shares/uploads
     writeable = yes
     create mask = 0660
     directory mode = 0660
     force group = samba_wrkgrp
I believe you can set lock files as well. Google might show more on that. Either way, the above should force read/write for any file placed in uploads. I dont know if you want execute for everyone. The trick will be setting up where you want your users uploading to. Might check into something like ldap for setting all that up. Not sure if your share is work group based or a lil bit more involved. Hope this helps.
 
Old 09-20-2011, 12:08 PM   #3
gankoji
Member
 
Registered: Nov 2007
Location: Southern California
Distribution: Slackware-13.0 x86_64, Slackware 12.2, slackware64-current
Posts: 225

Original Poster
Rep: Reputation: 35
The shares are workgroup based. I only have one workgroup with one samba server. The config options you mentioned above, are those for the smb.conf? I might give that a go. What would I use LDAP for? I mean I've heard a few people suggest it but I've never used it and don't really know what sort of benefit it might have for all the work.
 
Old 09-20-2011, 03:12 PM   #4
mrmnemo
Member
 
Registered: Aug 2009
Distribution: linux
Posts: 527

Rep: Reputation: 51
LDAP could force some defaults on some share locations, bookmarks, workspace settings, etc..

Yeah, the above would typically be found at the tail of a tthe smb.conf. I think whats important to consider is that what I posted is a example. Your only going to need to add
create mask = 0660
directory mode = 0660
force group = samba_wrkgrp

Any ways, let me know how it plays out. The above is just going to create and enforce permissions for read write only with out any execute bit set. It should work as long as every one that tries to modify the file is a member of samba_wrkgrp. Now, you can create any group you want, I only use samba_wrkgrp for reference.

Hope this helps!
 
Old 09-20-2011, 04:46 PM   #5
gankoji
Member
 
Registered: Nov 2007
Location: Southern California
Distribution: Slackware-13.0 x86_64, Slackware 12.2, slackware64-current
Posts: 225

Original Poster
Rep: Reputation: 35
Ok, I'll give it a go this afternoon. The samba_wrkgrp you mentioned in a linux GID right? Thus, the machine accounts that are being used for credentials are the ones that will have to belong to that group?
 
Old 09-20-2011, 05:05 PM   #6
mrmnemo
Member
 
Registered: Aug 2009
Distribution: linux
Posts: 527

Rep: Reputation: 51
Quote:
The samba_wrkgrp you mentioned in a linux GID right?
Well, actually you can just create a group that suites your management needs. You could just as easily call the group account_samba, the name of the group is not that important. You also might want to read up on building user accounts with the /bin/false option. Reason: if the account is only used to access a samba share I dont see a need for shell access to the machine. You can also omit a home dir on a real simple set up. Other wise, you can map user home directories in samba; moreover, you can configure specific folders in each users home directory to be a samba share.

For simple workgroup level stuff on a very small network, I would just let users know where to place uploaded files that should be available for modification by everyone.

Going back to your first question: the group can be any name you decied on. It will be just that, a group, not so much a "machine" account. Hope this has helped.
 
  


Reply

Tags
ldap, permissions, samba, slackware


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Issues with Samba server (Permissions issue) jdw52 Linux - Server 1 02-26-2009 02:58 AM
Windows server and Samba server in one network bfrank Linux - Server 0 10-04-2007 06:31 AM
can's see the samba server at my windows network neiborhood crzlyn Linux - Enterprise 4 08-18-2006 04:32 AM
Samba domain member server (DMS) group permissions in network with a Samba PDC srosa Linux - Networking 0 05-01-2006 05:55 PM
Unable to print over network to Slackware 10 Server using Samba v3.0.5 DaneM Linux - Networking 6 02-04-2005 01:10 AM


All times are GMT -5. The time now is 05:12 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration