The authentication is work well.
I've a problem with share permission, the condition is :
1. I've group named "warehouse"
2. I've user named "wh01", with home dir /home/wh01, and be a group
member of "warehouse"
Both created via webmin.
3. Next I created share, named "warehouse"
[warehouse]
comment = Files of warehouse
writeable = yes
path = /hdd2/samba/groupfiles/warehouse
when I create that share via webmin i use option :
a. mode : 775
b. Create user : Root
c. Create Group : warehouse.
4. From my XP station , I login to that domain with user name "wh01",
the results is :
a. Successfull login
b. wh01 can create a file in the home directory (/home/wh01)
But, wh01 can not write file to share "warehouse"
why wh01 didn't have enough permission to "warehouse" while :
A. The share is created using group "warehouse", and
B. wh01 IS the group member of "warehouse", and
C. "warehouse" share is set to be available, and browseable.
Kindly please give me any enlightment to fix the problem
Sincerely
-bino-
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
> I use webmin to do the samba PDC configuration
IMHO, insuffisient
>
> [warehouse]
> comment = Files of warehouse
> writeable = yes
> path = /hdd2/samba/groupfiles/warehouse
>
> when I create that share via webmin i use option :
> a. mode : 775
> b. Create user : Root
> c. Create Group : warehouse.
>
> 4. From my XP station , I login to that domain with user name "wh01",
> the results is :
> a. Successfull login
> b. wh01 can create a file in the home directory (/home/wh01)
>
> But, wh01 can not write file to share "warehouse"
Which permission to the new file? May be 644? :)
IMHO, user have right to write directory, but have not right to write file.
Look man smb.conf for "force create mode", "force directory mode" or http://wiki.samba.org/index.php/Frequently_Asked_Questions#inherit_permissions
Bye. Serg
>> [warehouse]
>> comment = Files of warehouse
>> writeable = yes
>> path = /hdd2/samba/groupfiles/warehouse
>>
>> when I create that share via webmin i use option :
>> a. mode : 775
>> b. Create user : Root
>> c. Create Group : warehouse.
>>
>> 4. From my XP station , I login to that domain with user name "wh01",
>> the results is :
>> a. Successfull login
>> b. wh01 can create a file in the home directory (/home/wh01)
>>
>
>
>> But, wh01 can not write file to share "warehouse"
>>
> Which permission to the new file? May be 644? :)
> IMHO, user have right to write directory, but have not right to write file.
> Look man smb.conf for "force create mode", "force directory mode" or http://wiki.samba.org/index.php/Frequently_Asked_Questions#inherit_permissions
>
>
Thankyou for your enlightment
I read that documentation, but I don't want uuser to be able to execute
things in directory
So I chage the share to :
[warehouse]
create mode = 660
path = /hdd2/samba/groupfiles/warehouse
directory mode = 660
force group = warehouse
(and the dircory is auto created with user:group as root:warehouse)
Still the user with group "warehouse" can not access (event just "open")
the directory
so I try to delete the share ... manualy remove the dir , and re create
the share (and dir) with :
[warehouse]
create mode = 760
path = /hdd2/samba/groupfiles/warehouse
directory mode = 760
force group = warehouse
Still the user with group "warehouse" can not access (event just "open")
the directory
Again, I try to delete the share ... manualy remove the dir , and re
create the share (and dir) with :
[warehouse]
create mode = 770
path = /hdd2/samba/groupfiles/warehouse
directory mode = 770
force group = warehouse
And ... voila ... the user can access (read-write) into the shares ...
But it'll means that the user can also "execute" somethings inside
directory ... right ?
Why we need the "execute" bit in directory permission just to let the
user to "read and write only" ?
Just fyi, my system is based on :
++ Ubuntu Jaunty
++ Samba 3.32
Sincerely
-bino-
That is how UNIX filesystem permissions work. 'Execute' on a directory
allows traversal of (ie access into) the directory.
From Wikipedia (http://en.wikipedia.org/wiki/File_system_permissions):
There are three specific permissions on Unix-like systems that apply to
each class:
* The read permission, which grants the ability to read a file. When
set for a directory, this permission grants the ability to read the
names of files in the directory (but not to find out any further
information about them such as contents, file type, size, ownership,
permissions, etc.)
* The write permission, which grants the ability to modify a file.
When set for a directory, this permission grants the ability to modify
entries in the directory. This includes creating files, deleting files,
and renaming files.
* The execute permission, which grants the ability to execute a
file. This permission must be set for executable binaries (for example,
a compiled c++ program) or shell scripts (for example, a Perl program)
in order to allow the operating system to run them. When set for a
directory, this permission grants the ability to traverse its tree in
order to access files or subdirectories, but not see files inside the
directory (unless read is set).
Search Google for "unix permissions" if you need more understanding.
-Brian
Thankyou for your fast enlightment
Brian H. Nelson wrote:
> Bino Oetomo wrote:
>> And ... voila ... the user can access (read-write) into the shares ...
>> But it'll means that the user can also "execute" somethings inside
>> directory ... right ?
>>
>> Why we need the "execute" bit in directory permission just to let the
>> user to "read and write only" ?
>>
>
> That is how UNIX filesystem permissions work. 'Execute' on a directory
> allows traversal of (ie access into) the directory.
>
Understood.
I Knew that for every "execute" will need "read", thats why every
allow-execute will consequently allow-read.
But how if i need allo-write (consequently will allow-read) + deny-execute ?
AFAIK it will "6" or "2" in permission bit, right ?
Sincerely
-bino-
From your previous email, it sounds like you want is ==>
create mode = 660
directory mode = 770
For other control parameters, see the "force" parameters regarding
create/directory/security.
For Ubuntu:
Having the swat and samba-doc packages installed provides an excellent
way to see all the
available parameters with a corresponding link to an explanation of what
each does, and
what its default value is.
Dale