Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 03-19-2010, 03:17 PM   #1
Registered: Dec 2007
Posts: 71

Rep: Reputation: 16
Linux vs. Windows Security Questions

Ok, I've got a samba share on a linux server, connecting to it with a windows 2k3 server via tools > map network drive. The goal is to be able to use windows to change the security of the samba share. The good news is it works! The bad news is it's not QUITE perfect:

The share is called /company. I started with the following to give everyone access to everything, set the owner of the share to administrator (my domain admin on the Windows domain), and set the group owner to domain users (group that everyone on the domain is part of):

chmod -R 777 /company
chown -R administrator /company
chgrp -R domain users /company
I then mapped the drive as a regular user, and of course, can access/modify/delete/rename/create anything I want. Then I picked a folder to lock down. Let's call it /company/myFolder. I did this on the Windows server by mapping the drive as administrator (the owner), right click > properties > security tab > advanced > highlight "domain users" and "everyone" and click edit > clear all (i.e. remove all access). Go back to Linux and
ls -la /company | grep myFolder
shows that the permissions on unix are now drwx------. Perfect!

I go back to the drive mapped as a regular user, try to get into company/myFolder and...............access is denied. Perfect again!

The only issue that remains is that I am able to rename/delete "myFolder" as a regular user. I thought this was coming from the "acl map full control = true" parameter in smb.conf, but I changed it to false and verified the change and it still happens. If I remove group and world write access to /company, I am no longer allowed to rename/delete myFolder, but then I can't create a new folder. If I add group write access back in I can create files but can also rename/delete folders within /company that have --- specified for group access.

Any ideas what I need to tweak to make this right?


Last edited by StupidNewbie; 03-19-2010 at 03:20 PM.
Old 03-19-2010, 03:25 PM   #2
Senior Member
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,233

Rep: Reputation: 406Reputation: 406Reputation: 406Reputation: 406Reputation: 406
not 100% sure but i believe permissions for the root of the share can only be set on the server end, though i'm sure permissions of the CONTENTS of the shares can be set on the client end
my recomendation would be to put all the windows users into a group and base the share permissions on this group
hope this helps
i could be completely wrong but just a suggestion


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Security in Linux, and questions about a few programs Mr. Geek Linux - Software 14 12-06-2009 03:49 PM
Linux security versus Windows security garylmartin Linux - General 2 09-11-2009 09:41 AM
Questions on Security Enhanced Linux swagner7 Linux - Security 4 04-27-2008 01:39 PM
New to Linux; had questions on the security of it Pck21 Linux - Security 3 09-14-2006 10:03 PM
General security questions about Linux (RH() glenn69 Linux - Security 2 07-20-2004 01:23 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:21 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration