HPE Community
Operating System - HP-UX
1826631 Members
3479 Online
109695 Solutions
New Discussion

Re: More Samba/CIFS fun user permissions.

 
Steven E. Protter
Exalted Contributor

‎09-14-2004 04:36 AM

‎09-14-2004 04:36 AM

More Samba/CIFS fun user permissions.

Since Sridar and company helped me solve the connectivity problem I merrily began trying to implement my little CIFS share environment.

Refer here for details
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=690672

I have operating systems users defined on all four nodes. Group permissions are consistent. What I mean by that is that on all 4 nodes user invest has the exact same numeric user and group id. The /etc/group and /etc/passwd numeric information are as consistent as one can get when three distinct operating systems are involed.

I have done smbpasswd -a username password

node1 mounts the share on node3 which is essentially a disk provider.

Copies in some files using cp -Rp

The -p comand blows up saying permissions can not be preserved. Copies the files but root, the usr that did the mount ends up owning all the files.


Did a google search on the topic.
http://www.google.com/search?hl=en&ie=UTF-8&q=samba+user+permission+configuration&btnG=Google+Search

This thread indicates something about password synching but didn't say how:
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=624156

I'd rather not do Windows PDC authentication because long term, I don't want a Windows PDC around anyway.

I've been through the itrc posts on the subject and not quite found what I needed.

Here is the smb.conf setup on the share. Providing the whole file would be difficult and cause security concerns.

[web]
comment Web Space
browseable = no
writeable = yes
path = /share/web

smbstatus shows the root user connected.

This is even when user invest is on the share poking around.

One suggestion I saw was making everything on the share 777. That scares me on security, though obviously it would solve the problem. I'm not going to do that.

Note that after file transfer I changed ownership on the local machine of all of user invests files to invest:web

It shows correct on the local machne and not on the mounting machine.

Objective:
I want user invest to own the files and have normal permissions on his files on the share machine.

Mount command was mount -t smbfs for the linux boxes, mount cifs for the HP-UX node. Results are the same.

Other changes to the standard smb.conf file:

I changed the workgroup.

Please read the itrc posts and prior thread and give me your suggestions.

Points as always will liberaly be assigned.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
13 REPLIES 13
Sundar_7
Honored Contributor

‎09-14-2004 05:10 AM

‎09-14-2004 05:10 AM

Re: More Samba/CIFS fun user permissions.

Hi SEP,

I can answer one of your questions for sure.

"This thread indicates something about password synching but didn't say how:"

/opt/samba/bin/smbpasswd is the command to syncup /etc/passwd with /var/opt/samba/private/smbpasswd file.

After using mount -F cifs command, I believe you need to authenticate yourself to the CIFS server using cifslogin command.

After mounting it, how did you authenticate yourself to the CIFS share ?

-- Sundar.
Learn What to do ,How to do and more importantly When to do ?
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎09-14-2004 05:20 AM

‎09-14-2004 05:20 AM

Re: More Samba/CIFS fun user permissions.

From the Linux boxes you can authenticate with the mount command -o username,password

From HP-UX i mount then cifslogin to authenticate.

Its also possible to do it in HP-UX with the Linux style methodology.

I will try that synch command and see if it helps.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
RAC_1
Honored Contributor

‎09-14-2004 05:21 AM

‎09-14-2004 05:21 AM

Re: More Samba/CIFS fun user permissions.

Read your thread. I am inclined to say, how about using map file in cifs share. mapfile=/etc/mapfile.txt. The file will contain share users and respective unix ids.

Anil
There is no substitute to HARDWORK
0 Kudos
Reply
Sundar_7
Honored Contributor

‎09-14-2004 05:27 AM

‎09-14-2004 05:27 AM

Re: More Samba/CIFS fun user permissions.

smbpasswd being out-of-wack could as well be the problem here. Try syncing smbpasswd file.
Learn What to do ,How to do and more importantly When to do ?
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎09-14-2004 06:13 AM

‎09-14-2004 06:13 AM

Re: More Samba/CIFS fun user permissions.

I could use a little more detail to fully solve the problem. I've always used Windows as the front end in past tests. Never realized Unix to Unix was different.

Need smb.conf recommended changes or a procedure or something.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Sundar_7
Honored Contributor

‎09-14-2004 06:20 AM

‎09-14-2004 06:20 AM

Re: More Samba/CIFS fun user permissions.

hmm...I take it you tried syncsmbpasswd and it didnt help ?
Learn What to do ,How to do and more importantly When to do ?
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎09-14-2004 08:21 AM

‎09-14-2004 08:21 AM

Re: More Samba/CIFS fun user permissions.

Went through this document:

http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/AccessControls.html#id2541425

Seems that if root is the user that does the mount, root owns the files no matter what the permissions are on the server side.

That makes no sense.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎09-14-2004 09:21 AM

‎09-14-2004 09:21 AM

Re: More Samba/CIFS fun user permissions.

Update:

hpux root user can mount just fine and seems to see user permissions correctly.

When sticky bit is set on the directory files created within the directly automatically get created by the owner of the directory.

non-root hpux user can'd cd into the directory. Permission denied.

Conclusions: The permissions on the samba/cifs share may be too tight. 777 is okay for the top of the share, but doesn't let the non-root user do anythng. The problem could be with the non-root hpux user.

On the Linux side, the samba software is anchient. 3.0.0.x I'm going to get the update in and see if that makes any difference.

Other suggestions and documents welcome.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎09-14-2004 04:59 PM

‎09-14-2004 04:59 PM

Re: More Samba/CIFS fun user permissions.

Well, after a rather tortuous and off topic battle, i got the old Samba off and a new Samba on the client. The client wasn't designed for the Linux Distribution but did lead to a small improvement.

The files still indicate root but the user that REALLY owns the files can change them, overwrite them and manipulate them.

Still bad permissions showing is kind of a mess.

I may go NFS for the short term because I think the right samba client isn't going to do any good.

The good news is that Windows and HP-UX samba/cifs client detect the server and file permissions correctly.

Since this seems to be a Red Hat ES issue and not a Samba configuration issue the issue is kinda closed.

I won't close the thread, because good suggestions are worth getting in this case.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎09-15-2004 06:12 AM

‎09-15-2004 06:12 AM

Re: More Samba/CIFS fun user permissions.

Well, obviously the issue here is the Samba that shipped with Linux. That makes it invalid for further pursuit in this particularly category.

I did finish the setup using good old nfs.

I set up nfs in /etc/exports on the shared disk system known as node3, set it to auto start and only allow access to priviledged servers.

Final status is samba or nfs mount works just fine from a HP-9000/HP-UX 11i cient. NFS will probably be used simply to be in sycnh with the two Linux Clients.

I'll be mirgrating the web conent to the common server and setting up for nightly backups to local storage. That will be failover should the shared disk array decide to drop off the network or fail.

Thanks for the suggestions. This is another example of why if the project has enough dollars I prefer HP-UX.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎11-10-2005 01:07 AM

‎11-10-2005 01:07 AM

Re: More Samba/CIFS fun user permissions.

RAC!

Please post an example of:

mapfile=/etc/mapfile.txt.

Or anyone else.

10 point bunny if it works
8 point bunny if not.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Geoff Wild
Honored Contributor

‎11-10-2005 01:35 AM

‎11-10-2005 01:35 AM

Re: More Samba/CIFS fun user permissions.

Here's what we used to do with mapfiles (now all my Samba's are ADS)...

# cat username.map.bak
gwild = gwild
user2 = user2
retail = retail
someadmin = someadmin, sapservice1
prdchq = user3, user4, user5, user6
qachq = user3, user4, user6, user7

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎11-10-2005 01:51 AM

‎11-10-2005 01:51 AM

Re: More Samba/CIFS fun user permissions.

This could turn out to be terribly useful.

I'm going to leave the thead open a few days and will gratefully reward further input.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.