topic Re: samba user access to /var/www in Operating System - Linux

samba user access to /var/www

joseph wholey — Mon, 23 Oct 2006 15:54:06 GMT

I have a few users in which I need to give full permissions to in the /var/www directory and all sub-dirs. Currently /var/www is owned access is root:root. Does anyone have any recommendations as to how to set these few users up using samba so they can access /var/www and all subdirs without having to change the group permissions? thx.

Re: samba user access to /var/www

Ivan Ferreira — Mon, 23 Oct 2006 17:08:08 GMT

You don't have too many options, you do have to change the group and permissions for the directories under /var/www or starting with /var/www.

For example:

groupadd webdev
find /var/www -type d -exec chgrp webdev {} \;
find /var/www -type d -exec chmod 775 {} \;

In the samba share, use the option:

valid users = @webdev

Add the users to the webdev group.

Re: samba user access to /var/www

joseph wholey — Mon, 23 Oct 2006 20:36:43 GMT

Ivan, thanks for the reply. For some reason, when I put "valid users = @webdev", windows prompts me for a user name and password when logging in. However, it does not accept what actually is the correct username and password. To get around this, I have to use the "force group = webdev", and then I can access the samba share. Unfortunately, so can anyone else. Here is my smb.conf. Any ideas?

[global]
workgroup = AMRS
; security = DOMAIN
security = user
encrypt passwords = Yes
map to guest = Bad User
password server = *
log file = /var/log/smb.log
keepalive = 30
os level = 2
use mmap = no
socket options = SO_KEEPALIVE TCP_NODELAY
wins server = 146.125.26.201;170.240.224.201;146.125.26.202;170.240.224.202

[WEBDEV]
comment = Web Developers
force group = webdev
path = /var/www
public = yes
writable = yes
printable = no
create mask = 0770

Re: samba user access to /var/www

Stuart Browne — Mon, 23 Oct 2006 23:00:24 GMT

Joseph,

Dumb question: Did you set up the 'group' called 'webdev', and add those selected users to that group?

You need to have the 'valid users = @webdev'. You can leave the 'force group = webdev', but the lack of 'valid users' is what's allowing everybody access.

Re: samba user access to /var/www

Alexander Chuzhoy — Tue, 24 Oct 2006 07:12:00 GMT

You can achieve what you want with admin users directive in your smb.conf.

Below is an example:

[web]
path = /var/www
admin users = user1 user2 user3

Of course user1,user2,user3 must exist.

Re: samba user access to /var/www

joseph wholey — Tue, 24 Oct 2006 13:18:13 GMT

Thanks for the responses:

re: Dumb question: yes, I did setup the group and I did put the users in it. By adding that parameter, 'valid users = @webdev', it actually causes SAMBA to "break" (it prompts me for username and password, but doesn't accept them). When I remove it, I'm able to map the share... but so is everyone else.

re: admin users: same situation as above.

Of course user1,user2,user3 must exist.

Re: samba user access to /var/www

Ivan Ferreira — Tue, 24 Oct 2006 13:58:21 GMT

Remove the password server option. You should not use the password server with security = user.

Ensure that you added the user using smbpasswd -a.

Re: samba user access to /var/www

joseph wholey — Tue, 24 Oct 2006 14:16:16 GMT