HPE Community
Operating System - HP-UX
1834146 Members
2334 Online
110064 Solutions
New Discussion

Re: problems samba write list

 
SOLVED
Go to solution
Alexander Meyer
Occasional Contributor

‎05-31-2006 12:04 AM

‎05-31-2006 12:04 AM

problems samba write list

Hi,

i have a samba based HP CIFS Server 2.2.12 A.01.11.03 running.
So i dont use winbind.

Security = domain, no problems with that.

Every user of my domain should be able to read files on this share, but only i should be permitted to write, modify and delete them.

I have this share:
---------------------------------
comment = Share only writeable for me
path = /path
force user = dummy
force group = dummy
read only = yes
write list = my_user
browseable = no
public = yes
---------------------------------

Both, user dummy and group dummy are local on the node.
my_user is a domain user, not locally saved on the node.
I am not mapping my_user to dummy because other shares are also forced to user dummy (permissons for local applications on the server).

But with this setting i am not allowed to write my files.
When i set read only = no, it still ignores my write list and everyone is allowed to write my files.
I thought write list ignores the read only = yes and permits the following users to write files but it doesnt work.
Can anyone help me with that?

thx,

kind regards,

Alexander Meyer
0 Kudos
Reply
5 REPLIES 5
Peter Nikitka
Honored Contributor

‎05-31-2006 03:01 AM

‎05-31-2006 03:01 AM

Re: problems samba write list

Hi Alexander,

I suspect the file system does not have set the permissions in that way, that AFTER switching to the UID of 'force user' and/or GID 'force group', the required access rights are granted.

Check via 'smbstatus' the uid and gid of the smbd in request and check against the file/directory permissions on the server.

Having the same CIFS-version but security=share works for me.

mfG Peter
The Universe is a pretty big place, it's bigger than anything anyone has ever dreamed of before. So if it's just us, seems like an awful waste of space, right? Jodie Foster in "Contact"
0 Kudos
Reply
Alexander Meyer
Occasional Contributor

‎05-31-2006 03:21 AM

‎05-31-2006 03:21 AM

Re: problems samba write list

------------------------
Hi Alexander,

I suspect the file system does not have set the permissions in that way, that AFTER switching to the UID of 'force user' and/or GID 'force group', the required access rights are granted.

Check via 'smbstatus' the uid and gid of the smbd in request and check against the file/directory permissions on the server.

Having the same CIFS-version but security=share works for me.

mfG Peter
--------------------------------------

thx for this tip but all directories have permissions set to 0777 (the whole directory tree to this share).

The directory which is shared is owned by my dummy:dummy the directories above by root.

I have also tried to set
read only = no
plus
write list = my_user
but this way all users can modify my files. It seems that both modifications dont work together properly (which is pretty logical to me) but i am pretty desperate now, no housewife, but desperate ;).

I didn't want to map domain users to excisting node accounts but maybe it's the only way to realize a 'secure' write list.

Are there any other things i can try?

thx,

alex
0 Kudos
Reply
Peter Nikitka
Honored Contributor

‎05-31-2006 03:43 AM

‎05-31-2006 03:43 AM

Solution

Re: problems samba write list

Hi,

the directives
read only = yes
write list = userlist
really work together in denying all but 'userlist' write access to the share.
Like I said, with
security=share
this works for me.
Perhaps it is enough to setup a smbpasswd entry for 'my_user' and/or create 'my_user' as a local user at the SMB-server.

mfG Peter
The Universe is a pretty big place, it's bigger than anything anyone has ever dreamed of before. So if it's just us, seems like an awful waste of space, right? Jodie Foster in "Contact"
Reply
Alexander Meyer
Occasional Contributor

‎05-31-2006 03:58 AM

‎05-31-2006 03:58 AM

Re: problems samba write list

thx again for your tip.

But i simplyfied the problem with only one user (my_user) as an expample.

In fact there are a lot of users allowed to write but without having a local login account and some hundred users which are not allowed to modify these files.

- 5 minutes break to test something -

Ok i tried to map the domain users to the forced user and it works this way.

I couldnt find this restriction in a samba documentation or howto but it seems to exist.

A write list needs local groups or users to work correctly.

Thx for your help,

best regards,

alex
0 Kudos
Reply
Peter Nikitka
Honored Contributor

‎05-31-2006 04:20 AM

‎05-31-2006 04:20 AM

Re: problems samba write list

Hi Alexander,

since you are new to this forum, I want to put your attention to the point system:

http://forums1.itrc.hp.com/service/forums/helptips.do?#28

mfG Peter
The Universe is a pretty big place, it's bigger than anything anyone has ever dreamed of before. So if it's just us, seems like an awful waste of space, right? Jodie Foster in "Contact"
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.