Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am newbie for linux. Actually i am looking to create SAMBA server. Samba is working fine but i am having problems in SHARE permissions. I have created an share named "Infosystems" and multiple samba users "admin" and "test" and "test1", "test2" and so on. The mode for Infosystem share is 777 for root user.
I want my admin user to have all the rights on files and directories being created in INFOSYSTEM share, but all other users must have only read permission and write permission. But i am not able to do so.
First of all you can't have "public = yes" in a share that requires authentication... "public = yes" is a synonym for "guest ok = yes", and guests are incompatible with "valid users".
Make root owner of the shared folder typing
Code:
sudo chown root:users [PATH_TO_SHARED_FOLDER]
Change "create mask = 0660" to "create mask = 0665"
and then restarted the samba service. But still when i am accessing the samba share in windows by my IP address and using credentials of admin user. And when i created an folder then this folder is not accessible by any other samba user like test, test1 and test2. I want this type of permission that my admin user will be only allowed to delete the new folders being created and other users can only access and write on these folders but cant delete any file from the subfolders within the INFOSYSTEM share.
Annielover thanks for ur responses but still i am facing problem.
Hey look i have created an samba share as CISPL and its status is as :
drwxr-xr-x. 8 root root 4096 Aug 18 15:17 CISPL
In addition i created following shares within CISPL and their status by default is as:
drwxr-xr-x. 2 root root 4096 Aug 18 15:17 BD
drwxr-xr-x. 2 root root 4096 Aug 18 15:16 Corporate
drwxr-xr-x. 3 root root 4096 Aug 18 16:30 InfoSystem
drwxr-xr-x. 2 root root 4096 Aug 18 15:17 Marketing
drwxr-xr-x. 2 root root 4096 Aug 18 15:17 Operation
drwxr-xr-x. 2 root root 4096 Aug 18 15:17 Trainee
My smb.conf file is as :
[CISPL]
comment = CISPL
path = /CISPL
valid users = admin
read only = No
[Corporate]
comment = Corporate
path = /CISPL/Corporate
valid users = admin, rakesh, arghya, triveni
read only = No
[Marketing]
comment = Marketing
path = /CISPL/Marketing
valid users = admin, rakesh, arghya, triveni
read only = No
[BD]
comment = BD
path = /CISPL/BD
valid users = admin, rakesh, amitsharma, arghya
read only = No
[Operation]
comment = Operation
path = /CISPL/Operation
valid users = admin, rakesh, amitsharma, arghya
read only = No
[InfoSystem]
comment = InfoSystem
path = /CISPL/InfoSystem
valid users = admin, sourabh, tayyab, arghya
read only = No
[Trainee]
comment = Trainee
path = /CISPL/Trainee
valid users = admin, pooja, shubhi, arghya, tayyab, sourabh
read only = No
My first level security is working fine as only valid users are able to access the specific directory.
Now i am moving for 2nd level security that i want only root user to create folders within these shares but valid users can neither create new folder in these share nor they can delete folders created by root user. Now this is default policy that when we create new folder from root it give 755 mask to that folder.
For eg i created Asset folder in Infosystem samba share. and its ownership is as:
drwxr-xr-x. 2 root root 4096 Aug 18 16:48 Assets
Now my 2nd level security is also completed that i am unable to create new folder in INFOSYSTEM share from some valid user other than root. I can access the folder ASSETS created by root but i am not able to delete or write in this folder. Delete is ok i dont want even any valid user to delete the file other than root but i want valid user to atleast write in ASSET directory but i am not able to do so. Just help me out in this 3rd level of security u can say. Hope to get the solution ......
Actually, I don't understand a part of your story: you want only root users to create new folders within the shares, right? And then your saying that other users cannot create folders in the shares, but that's okay, no? You only wanted root to be able to create new folders, right?
And indeed, if we look at the ASSESTS folder, only root has full control and other users can only read/write. Because you set the mask to 0755. If you change the mask to 0777, then other users are also able to write in that folder.
Now, you can change the user rights of the assests folder using
Yup right you understood it that i want only root user to create new directories within the shares with valid users able to read/write in these folders created by root, they should not be able to delete any file.
Exactly i want to say that i will create only specific folders within the INFOSYSTEM share. For eg. suppose i will create 2 folders ASSETS and IT POLICIES. Now i want each and every valid user to only work in these directories. Means they can write and read from these 2 directories ASSETS and IT POLICIES but they can't delete from these 2 directories ASSETS and IT POLICIES. In addition neither they can create any directory in INFOSYSTEM share other than these 2 directories created from root user.
As per your said i have chmod the ASSETS directory to 777. Now valid user is able to read and write from the ASSETS directory. But he is also able to delete the work done by other valid user in same ASSET directory. I just want the creater to delete his own work.
Last edited by sourabhmaggo; 08-20-2011 at 02:11 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
