Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 05-13-2008, 01:14 PM   #1
LQ Newbie
Registered: Feb 2008
Posts: 11

Rep: Reputation: Disabled
How best to implement user-level security within LINUX/SAMBA/WINDOWS

I have a SAMBA server running RHEL5 with SELINUX on permissive
SAMBA server is member server of 2003 AD domain
Using ADC security

I have a test share that within linux
default owner is root
default group is root
default chmod is 770
default ACL for user is rwx
default ACL for group is rwx
default ACL for other is ---

Within SAMBA for this share:

force group = root
read only = No
force create mode = 0770
force directory mode = 0770

Samba version is 3.0.25b-1.el5_1.4

In XP the ACLs are as expected, specifically Everyone has blank rights to any file within this share.

However if I create a file from an XP client within the share and look at the Properties/Security of the file, Everyone has Read access!

I am not sure how Windows is interpreting the LINUX ACL or SAMBA file properties, and would like to be able to remove Read access to Everyone
Old 05-24-2008, 07:13 PM   #2
Registered: Jan 2005
Location: germany
Distribution: suse, opensuse, debian, others for testing
Posts: 307

Rep: Reputation: 33
what are the linux perms of said file ?

the way windows interprets the acl settings is not perfect, but it only matters what's set on the server !

I'd make sure samba creates the files with the correct linux perms and not care about what' s visible on the clients as long as they show correct behavior.
Old 05-24-2008, 07:28 PM   #3
Registered: Mar 2005
Location: england
Distribution: slackware, win2k
Posts: 364

Rep: Reputation: 35
I don't have an answer, but i do strongly suggest that you move away from using root as the owner and group. Instead create a lower privileged owner and group.



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Help needed with Fedora/Samba/User-level security essdeeay Linux - General 1 01-12-2006 01:31 AM
Slow User Level Security in Samba drumltd Linux - Networking 0 01-10-2005 04:23 PM
Samba - Combination of user and share level security? kleptophobiac Linux - Software 0 07-20-2004 02:15 PM
samba PDC - user level access ilumin8d Linux - Networking 0 08-19-2001 03:09 PM > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 04:48 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration