| View previous topic :: View next topic |
| Author |
Message |
fredu
n00b
Joined: 23 Jul 2003
Posts: 62
Location: Turku, Finland
|
 Posted: Fri Nov 18, 2005 9:19 pm Post subject: samba users don't have permissions to read,only write[solvd] |
 |
|
I have a sambaserver running om my linux which I can access both via my windows and mac machine. I have this partition shared that I can write to but I can't seem to be able to read files from it. It says I don't have permission!
[stuff]
comment = Stuff folder
browseable = yes
path = /stuff
writeable = yes
write list = @users
What I would ideally want is that only one user has write access and other users have read access but right now nobody has read access!...
_________________
I saw this tag first!
Last edited by fredu on Sat Nov 19, 2005 8:08 am; edited 1 time in total |
|
| Back to top |
|
 |
Will Scarlet
Apprentice
Joined: 19 Mar 2004
Posts: 239
|
| Posted: Fri Nov 18, 2005 10:39 pm Post subject: |
|
|
Here is my share that does what you are trying to accomplish:
| Code: | [Downloads]
path = /home/downloads
write list = +downloads
force group = downloads
create mask = 0770
directory mask = 0770 |
This works for me for the following reasons (all quotes are from the smb.conf man file):
1. read only option set to yes (so no one can write to the share)
| Quote: | read only (S)
An inverted synonym is writeable.
If this parameter is yes, then users of a service may not create or modify files in the service's directory.
Note that a printable service (printable = yes) will ALWAYS allow writing to the directory (user privileges permitting), but only via spooling operations.
Default: read only = yes |
2. write list option set to the group I want to be able to write to the share
| Quote: | write list (S)
This is a list of users that are given read-write access to a service. If the connecting user is in this list then they will be given write access, no matter what the read only option is set to. The list can include group names using the @group syntax.
Note that if a user is in both the read list and the write list then they will be given write access.
This parameter will not work with the security = share in Samba 3.0. This is by design.
Default: write list =
Example: write list = admin, root, @staff |
3. force group set to group allowed to access share (whatever group is assigned to the directory)
| Code: | ls -ld downloads/
drwxrwx--- 9 root downloads 4096 Nov 17 09:40 downloads/ |
| Quote: | force group (S)
This specifies a UNIX group name that will be assigned as the default primary group for all users connecting to this service. This is useful for sharing files by ensuring that all access to files on service will use the named group for their permissions checking. Thus, by assigning permissions for this group to the files and directories within this service the Samba administrator can restrict or allow sharing of these files.
In Samba 2.0.5 and above this parameter has extended functionality in the following way. If the group name listed here has a '+' character prepended to it then the current user accessing the share only has the primary group default assigned to this group if they are already assigned as a member of that group. This allows an administrator to decide that only users who are already in a particular group will create files with group ownership set to that group. This gives a finer granularity of ownership assignment. For example, the setting force group = +sys means that only users who are already in group sys will have their default primary group assigned to sys when accessing this Samba share. All other users will retain their ordinary primary group.
If the force user parameter is also set the group specified in force group will override the primary group set in force user.
Default: force group =
Example: force group = agroup |
4. Permissions of directory set to create and directory mask.
So, being able to write to the share depends if they actually belong to the group allowed to write to it.
Hope this helps...  |
|
| Back to top |
|
|
fredu
n00b
Joined: 23 Jul 2003
Posts: 62
Location: Turku, Finland
|
| Posted: Sat Nov 19, 2005 8:07 am Post subject: |
|
|
Thanks Will Scarlet!
I got it to work by including the directory mask and create mask:
| Code: |
[stuff]
comment = Stuff folder
browseable = yes
path = /stuff
writeable = yes
write list = fredu
create mask = 0755
directory mask = 0755
|
Now only user 'fredu' has write access and others in his group have read access
_________________
I saw this tag first! |
|
| Back to top |
|
|
pjp
Administrator
Joined: 16 Apr 2002
Posts: 20589
|
| Posted: Sun Nov 20, 2005 7:10 pm Post subject: |
|
|
Moved from Other Things Gentoo.
_________________
Quis separabit? Quo animo? |
|
| Back to top |
|
|
|
Networking & Security
