Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

write permissions being ignored
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
digix
n00b
n00b


Joined: 30 Sep 2005
Posts: 19
PostPosted: Wed Mar 14, 2007 7:20 pm    Post subject: write permissions being ignored Reply with quote
i have a samba pdc with ldap backend and everything seems to work fine except for these permissions...

i can grant read access to groups no problem, but when i grant write access, it seems as though it is ignored.

ive double-checked all my acl stuff and made sure i have all the right flags set, etc. but i know there is something else wrong with my configuration that is keeping this from working right.

in the samba log for my test client, i have these entries:

Code:
[2007/03/14 14:04:46, 5] auth/auth_util.c:debug_nt_user_token(448)
  NT user token: (NULL)
[2007/03/14 14:04:46, 5] auth/auth_util.c:debug_unix_user_token(474)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups


i think this is really the stem of my problem but ive no idea where to start debugging this.

here are the relevant areas of my smb.conf:

Code:
[global]
   netbios name = servername
   workgroup = domainname
   server string = servername
   username map = /etc/samba/smbusers
   hosts allow = 192.168.37.0/24
   security = user
   encrypt passwords = yes
   enable privileges = yes
   smb port = 139
   local master = yes
   os level = 65
   domain master = yes
   preferred master = yes
   null passwords = no
   hide unreadable = yes
   hide dot files = yes
   domain logons = yes
   logon script = logon.bat
   logon path =
   logon drive = H:
   logon home = \\%L\%U
   wins support = yes
   name resolve order = wins bcast hosts
   time server = yes
   log file = /var/log/samba/log.%m
   max log size = 50
   log level = 5
   syslog = 0
   printing = cups
   printcap name = CUPS
   cups options = raw
   print command =
   lpq command = %p
   show add printer wizard = yes
   add user script = /usr/sbin/smbldap-useradd -m "%u"
   add machine script = /usr/sbin/smbldap-useradd -w -i "%u"
   add group script = /usr/sbin/smbldap-groupadd -p "%g"
   add user to group script = /usr/sbin/smbldap-usermod -G "%g" "%u"
   delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
   set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
   delete user script = /usr/sbin/smbldap-userdel -r "%u"
   delete group script = /usr/sbin/smbldap-groupdel "%g"
   passdb backend = ldapsam:ldap://localhost
   ldap suffix = dc=domainname,dc=net
   ldap admin dn = cn=Manager,dc=domainname,dc=net
   ldap group suffix = ou=groups
   ldap user suffix = ou=users
   ldap machine suffix = ou=users
   ldap idmap suffix = ou=idmap
   idmap backend = ldap:ldap://localhost
   idmap uid = 10000-20000
   idmap gid = 10000-20000


[data]
   comment = data
   path = /storage/data
   public = yes
   writable = yes


the [data] share is the main share that everyone uses. i can grant read access to the share and everything in it, but i cant seem to grant write access to anyone but the domain admins. my test user owns a folder on the share, his group owns it as well, and his group has full control in the windows security tab, but he cannot write anything to it... receives access denied.

any help is greatly appreciated.

thanks in advance,

-Digix
Back to top
View user's profile Send private message
justincataldo
Guru
Guru


Joined: 15 Jun 2005
Posts: 376
Location: Australia
PostPosted: Thu Mar 15, 2007 1:23 am    Post subject: Reply with quote
Which user actually owns the data share?

Try
Code:
chown nobody:nobody /storage/data -R

and
Code:
chmod 755 /storage/data -R


And in your smb.conf file:
Code:

[data]
   comment = data
   path = /storage/data
   public = yes
   writable = yes
   directory mode = 0755
   force create mode = 0755


It works for me. :)
Back to top
View user's profile Send private message
digix
n00b
n00b


Joined: 30 Sep 2005
Posts: 19
PostPosted: Thu Mar 15, 2007 4:45 pm    Post subject: Reply with quote
thanks for the response justin, but none of that made any difference either.

after further messing with the config, ive been able to add write access for my domain admin user, but i am unable to grant write access for any other users in specific groups...

the folder is owned by the group on the server, and windows permissions have been granted to the group and user for full control, but still unable to write.

ive verified with getfacl <folder> that the acl's are being written, but they seem to be ignored.

im completely stumped...
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy