Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[Samba] Samba permissions

0 views
Skip to first unread message

Curtis Vaughan

unread,
May 27, 2003, 3:20:15 PM5/27/03
to
Well, I thought I knew Samba permissions, but I guess I don't.

Currently, any user that has an account on the Samba server has access
to the share "Accounting".

So, let's say I have user1, user2, user3, user4
I have added user1, user2 and user3 to the accounting group. user4 is
not a member of accounting.

On the server itself (not for Samba), I set up permissions for the
folder as 774 for all directories and files therein. User/group
permission are set as admin.accounting

The samba section for this share reads:

[Accounting]
comment = Accounting
path = /home/accounting
read only = No
create mask = 0770
force create mode = 0770
security mask = 0770
directory mask = 0770
force directory mode = 0770
directory security mask = 0770
inherit permissions = Yes


If any local user access this share, they also automatically become part
of the accounting group (as far as samba is concerned).

Now, if I add a line "valid users = user1, user2, user 3" then of
course, just they can get in. But that doesn't seem to be the right
solution. The right solution would be to permit only accounting group
users into the folder. What am I doing wrong?

--
Curtis Vaughan
North Pacific Corporation

http://www.angelfire.com/wa/noentry/home.htm
WashTech (CWA Local 37083)
IWW x353203


--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba

Kyle Loree

unread,
May 27, 2003, 4:10:18 PM5/27/03
to

I have a share setup to allow only a specific group.
eg.
[projects]
path = /Volumes/iRAID/projects
public = NO
read only = NO
comment = Project Files


force directory mode = 0770

force create mode = 0770

valid users = @projects

the valid users = @group makes it so that the user must be in that
specific group to enter.
It is in the smb.conf manual.
try man smb.conf or find it on your mirror of samba.org

>> snip
valid users (S)

This is a list of users that should be allowed to login to this
service. Names starting with '@', '+' and '&' are interpreted using the
same rules as described in the invalid users parameter.
If this is empty (the default) then any user can login. If a username
is in both this list and the invalid users list then access is denied for
that user.
The current servicename is substituted for %S . This is useful in the
[homes] section.
See also invalid users
Default: No valid users list (anyone can login)
Example: valid users = greg, @pcusers
<<

Kyle Loree
Rendek Communications
Ky...@caisnet.com

Curtis Vaughan

unread,
May 27, 2003, 5:00:15 PM5/27/03
to

Great the @group seemed to do the job.

Now another more difficult question.
Accounting group contains user1, user2, user3
These people must have read and write permissions to this directory.
But user4 must have read only permission.
All other users should have no access period.
How would I configure that?

Curtis

John H Terpstra

unread,
May 27, 2003, 5:30:24 PM5/27/03
to
On Tue, 27 May 2003, Curtis Vaughan wrote:

> Great the @group seemed to do the job.
>
> Now another more difficult question.
> Accounting group contains user1, user2, user3
> These people must have read and write permissions to this directory.
> But user4 must have read only permission.
> All other users should have no access period.
> How would I configure that?

Curtis,

The following document will help you sort out your access control issues:

http://samba.org/~jht/NT4migration/Samba-HOWTO-Collection.pdf

Refer to chapter 11. Contact me if you still have a problem after
digesting this.


- John T.
--
John H Terpstra
Email: j...@samba.org

0 new messages