samba share with 2 folder giving problem centos 5.7 64bit
 

dear sirs,

i am encountering with samba strange issue, i try a lot i call log with redhat mor then 10 days passed they could not trouble shoot

i want to share with ur experience.

see i have attached detail file with this email

in fact there r 2 folder
/premia there r 2 user premiaadmin and premia, where premia share by user no delete permision, permiadmin use by IT to read write delete maintenace files
/backup this is backup of /premia in .tar.gz everyday, so it need to take backup on window machine, for this i create a user call backup

so what is the problem
problem is if backup start working from window then /premia does not work

if /premia start working then /backup does not work

i carefully review the full permission authorisation and other stuff

can you overlook and advise me possible, thank appreciate ur support as always

kind regards
khakpa


[root@tmsrvr2 ~]# ls -lath /backup
total 6.0G
-rw-r-xr--+ 1 backup backup 415K Jan 13 18:14 premia_app_tmsa_20120113.log
drwxr-xr-x 3 root root 4.0K Jan 13 17:35 .
-rwxr-xr-x+ 1 backup backup 0 Jan 13 17:35 end.txt
-rw-r-xr--+ 1 backup backup 1.3M Jan 13 17:35 premia_app_tmsa.log
-rw-r-xr--+ 1 backup backup 760M Jan 13 17:35 premia_app_tmsa.tar.gz
-rw-r-xr--+ 1 backup backup 760M Jan 13 17:32 premia_app_tmsa_20120113.tar.gz
-rwxr-xr-x+ 1 backup backup 0 Jan 13 17:30 start.txt
-rw-r-xr--+ 1 backup backup 415K Jan 12 18:13 premia_app_tmsa_20120112.log
-rw-r-xr--+ 1 backup backup 760M Jan 12 17:32 premia_app_tmsa_20120112.tar.gz
-rw-r-xr--+ 1 backup backup 415K Jan 11 18:14 premia_app_tmsa_20120111.log
-rw-r-xr--+ 1 backup backup 760M Jan 11 17:33 premia_app_tmsa_20120111.tar.gz
-rw-r-xr--+ 1 backup backup 415K Jan 10 18:23 premia_app_tmsa_20120110.log
-rw-r-xr--+ 1 backup backup 760M Jan 10 17:34 premia_app_tmsa_20120110.tar.gz
-rwxr-xr-x+ 1 backup backup 415K Jan 9 18:40 premia_app_tmsa_20120109.log
-rwxr-xr-x+ 1 backup backup 760M Jan 9 17:32 premia_app_tmsa_20120109.tar.gz
-rwxr-xr-x+ 1 backup backup 415K Jan 8 18:15 premia_app_tmsa_20120108.log
-rwxr-xr-x+ 1 backup backup 760M Jan 8 17:32 premia_app_tmsa_20120108.tar.gz
-rwxr-xr-x+ 1 backup backup 415K Jan 7 18:17 premia_app_tmsa_20120107.log
-rwxr-xr-x+ 1 backup backup 760M Jan 7 17:34 premia_app_tmsa_20120107.tar.gz
-rwxr-xr-x+ 1 backup backup 415K Jan 6 18:11 premia_app_tmsa_20120106.log
drwxr-xr-x 30 root root 4.0K Jan 1 10:24 ..
drwxr-xr-x+ 2 backup backup 4.0K Jun 25 2011 script


[root@tmsrvr2 ~]# ls -lath /premia
total 512K
drwxr-xr-x 30 root root 4.0K Jan 1 10:24 ..
drwxrwxr-x+ 4 root root 68K Dec 31 09:04 premiabin_tmsa3
drwxrwxrwx+ 14 root root 4.0K Dec 14 12:02 .
drwxrwxr-x+ 2 root root 4.0K Dec 13 15:36 shortcut
drwxr-xr-x+ 2 premiaadmin premiaadmin 4.0K Dec 12 14:14 icons_test
drwxrwxr-x+ 2 root root 4.0K Oct 4 10:35 app_tmsa
drwxrwxr-x+ 4 root root 72K Sep 28 14:01 premiabin_tmsa2
drwxrwxr-x+ 3 root root 40K Sep 10 14:22 finalbin_tmsa3
drwxrwxr-x+ 4 root root 40K Aug 29 13:21 payrollbin_tmsa3
drwxrwxr-x+ 3 root root 36K Jul 13 2011 finalbin_tmsa2
drwxrwxr-x+ 3 root root 60K Jun 22 2011 premiabin_tmsa
drwxrwxr-x+ 3 root root 28K Jun 21 2011 finalbin_tmsa
drwxrwxr-x+ 4 root root 36K Jun 21 2011 payrollbin_tmsa
drwxrwxr-x+ 4 root root 44K Jun 21 2011 payrollbin_tmsa2

[root@tmsrvr2 ~]# getfa
getfacl getfattr
[root@tmsrvr2 ~]# getfacl /backup
getfacl: Removing leading '/' from absolute path names
# file: backup
# owner: root
# group: root
user::rwx
group::r-x
other::r-x

[root@tmsrvr2 ~]# getfacl /premia
getfacl: Removing leading '/' from absolute path names
# file: premia
# owner: root
# group: root
user::rwx
user:premia:r-x
user:premiaadmin:rwx
group::r-x
mask::rwx
other::rwx

@ Reply
 

Hi khak.pa,

Welcome to LQ!!!

Could you please elaborate on this?

As I can see from the output it is owned by root. Will it not be good to change the owner to premiaadmin, changing the permission to 700 and setting up read and execute permission for premia user via acl?

Again we can setup backup user to be the owner of this directory and the permissions to 700. This user should also have read and execute rights on /premia so that it can access that directory while performing backup.

Another question for your. Do you use LDAP or NIS for authentication?

Could you paste you samba configuration file so that we can have a look at it.

dear sir here i have post the samba config file smb.conf

[root@server2 ~]# cat /etc/samba/smb.conf
[global]
workgroup = tmsa.com
server string = tmsrvr2
hosts allow = 10.0. 127.

security = user
; encrypt passwords = yes
; smb passwd file = /etc/samba/smbpasswd
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
smb ports = 139

# Debug logging information
log level = 3
#syslog = 1
log file = /var/log/samba/%m
max log size = 1000
; debug timestamp = yes
username map = /etc/samba/smbusers

[premia]
comment = premia
path = /premia
; browseable = yes
writable = yes
public = yes
readonly = yes
valid users = premia premiaadmin

[backup]
comment = backup
path = /backup
; browseable = yes
writable = yes
public = yes
readonly = yes
valid users = backup

@ Reply
 

Please don't call me sir. It is a community you can address us by our handle/username and that will suffice.

Still some of my queries are answered like:

1. If you are using LDAP or NIS?
2. I am still unable to understand what you mean by if /premia start working then /backup does not work?

The output brings up another query. In the smb.conf file I can see that these directories are not browseable. Are you using "net use" command to map these shares?

Another thing that conflicts in the quoted config is you have mentioned writeable=yes and then later you mentioned readonly=yes. You cannot have a directory that is readonly also and writeable also. Remove the readonly part as you are mentioning valid users later in the config so only those users will be able to write.

You said that you use backup user to backup /premia directory then backup user should be in valid users of /premia share.

I am still waiting for the queries to be answered which I mentioned in my previous post and this post.

dear sir

thank for support in advanced do find below detail

1. If you are using LDAP or NIS?
no i am not using any ldap or nis yet
2. I am still unable to understand what you mean by if /premia start working then /backup does not work?

this has problem
/premia has 2 user samba share by which it supposed to work, 1 is premiaadmin other is premia, premia to be work as read execute write, premiaadmin full permission. currently both work like, we cant add edit delete we can read and execute

2nd
/backup related issue has solved now i can readonly execute where now i can take backup on window machine

@ Reply
 

Please call me T3RM1NVT0R. I am no sir.

As I mentioned before:

Did you remove the readonly paramater from the section? As you cannot have both as they will contradict. The above section should look like following:

Because you do not need to write on /backup I have set it up with readonly=yes. As you need to be able to write on /premia by user premiaadmin I have set it up as writable=yes. You can use setfacl to prevent user premia from writing to this directory.

Make sure that you take a backup of any configuration file before editing. It is better to be safe then sorry :-)

hello T3RM1NVT0R,

i have done the changes so now it start writing, editing files from prema and premiaadmin users

[global]
workgroup = tmsa.com
server string = tmsrvr2
hosts allow = 10.0. 127.

security = user
; encrypt passwords = yes
; smb passwd file = /etc/samba/smbpasswd
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
smb ports = 139

# Debug logging information
log level = 3
#syslog = 1
log file = /var/log/samba/%m
max log size = 1000
; debug timestamp = yes
username map = /etc/samba/smbusers

[premia]
comment = premia
path = /premia
; browseable = yes
writable = yes
public = yes
valid users = premia premiaadmin

[backup]
comment = backup
path = /backup
; browseable = yes
public = yes
readonly = yes
valid users = backup

it shows the current permission like

~]# getfacl /premia
getfacl: Removing leading '/' from absolute path names
# file: premia
# owner: root
# group: root
user::rwx
user:premia:r-x
user:premiaadmin:rwx
group::r-x
mask::rwx
other::rwx

hello

i have done the setfacl as per given below

# setfacl -Rm u:premiaadmin:rwx /premia
# setfacl -m u:premia:rx /premia/*

but result is now from userid premiaadmin, i connect windows xp vista 7 machine i cant delete it. i am using map drive unc path
like //127.0.0.1/premia map to window drive like say T drive

@ Reply
 

If you will check my first post you will find that I have mentioned to make premiaadmin user account to be the owner of /premia and change the permission to 700. Once done you can then setfacl only for premia user. No need to set acl for premiaadmin when the user account is the owner of that directory.

Great! Hell0

it start working fine surprisingly,

Sir, i am trying hard to learn this linux due to not much knowledge so i face this problem

~]# chmod 700 /premia/*
~]# chown -R premiaadmin.premiaadmin /premia/*
~]# setfacl -m u:premia:rx /premia/*
~]# service smb restart
Shutting down SMB services: [ OK ]
Shutting down NMB services: [ OK ]
Starting SMB services: [ OK ]
Starting NMB services: [ OK ]

@ Reply
 

Great that you got it working!! It is good to hear that you are interested in linux and learning it. All the best for whatever learning/study that you will do in future.

Please mark this thread as solved.

Enjoy linux!!!