HPE Community
Operating System - HP-UX
1754305 Members
2601 Online
108813 Solutions
New Discussion юеВ

Samba and share not writeable

 
SOLVED
Go to solution
Coolmar
Esteemed Contributor

тАО09-29-2005 02:51 AM

тАО09-29-2005 02:51 AM

Samba and share not writeable

Hi,

I have a few shares setup on an HPUX system. I have the security level at DOMAIN. The directories that are shared are set to 775 and the owned by Bob and the group ABC. Everyone can access the shares and see the files within the shares. What I need though is all users who belong to the unix group ABC to be able to write as well, but not anybody else. When anyone comes in through Samba, they don't come in as "Bob" or group "ABC", but "other" and therefore only get rx rights.

TIA,
Sally
0 Kudos
12 REPLIES 12
Peter Nikitka
Honored Contributor

тАО09-29-2005 11:23 PM

тАО09-29-2005 11:23 PM

Re: Samba and share not writeable

Hi,

I think, the users get a guest login, which is mapped to the UNIX-user 'other'.
Check for the correct authentication in smb.conf . If there are only few users, that access the shares, a smbpasswd file is sufficent.

mfG Peter
The Universe is a pretty big place, it's bigger than anything anyone has ever dreamed of before. So if it's just us, seems like an awful waste of space, right? Jodie Foster in "Contact"
0 Kudos
Arunvijai_4
Honored Contributor

тАО09-29-2005 11:28 PM

тАО09-29-2005 11:28 PM

Re: Samba and share not writeable

You can swat to configure Samba on HP-UX. It runs in http://:901

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
0 Kudos
Coolmar
Esteemed Contributor

тАО10-04-2005 04:07 AM

тАО10-04-2005 04:07 AM

Re: Samba and share not writeable

I didn't think I would need the smbpasswd file because we are using winbind.
0 Kudos
Geoff Wild
Honored Contributor

тАО10-04-2005 04:18 AM

тАО10-04-2005 04:18 AM

Re: Samba and share not writeable

You can't do that directly - with winbind...

That said, what you could do is create 2 shares - point to the same location - one read only and the other write....then add the appropiate users to each share.

[shareW]
path = /myshare
valid users = NTDOM+user1, NTDOM+user2
force user = bob
force group = abc


[shareR]
path = /myshare
valid users = NTDOM+user5, NTDOM+user6
read only = yes



Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Geoff Wild
Honored Contributor

тАО10-04-2005 04:47 AM

тАО10-04-2005 04:47 AM

Re: Samba and share not writeable

Sigh - obviously I havn't waken up this morning - man I hate being on call (lucky for me its only once every 8 weeks)...

write list is where its at...
write list (S)
This is a list of users that are given read-write access to a service. If the connecting user is in this list then they will be given write access, no matter what the read only option is set to.



[shareW]
path = /myshare
valid users = NTDOM+user1, NTDOM+user2, NTDOM+user5, NTDOM+user6
force user = bob
force group = abc
read only = yes
write list = NTDOM+user1, NTDOM+user2

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Coolmar
Esteemed Contributor

тАО10-04-2005 05:31 AM

тАО10-04-2005 05:31 AM

Re: Samba and share not writeable

Thanks Geoff....however, I can't even access the share now. I have set the directory permissions to rwxrwxr-x and now I can't even see the files much less add or delete any. I should, at the very least, be able to see the files. So I must have something else wrong...but I have no idea what. Is there also a way to say "valid group" rather than users? The maintenance would be a real pain as users would have to be added to the shares all the time.

S.
0 Kudos
Geoff Wild
Honored Contributor

тАО10-04-2005 07:23 AM

тАО10-04-2005 07:23 AM

Solution

Re: Samba and share not writeable

Yes, you can use groups - the same way you do users:

valid users = NTDOM+NTGROUP1


Course, sset NTDOM to you NT omain name and set NTGROUP1 to the actual group name...

Also, set the winbind separator in the Global section of smb.conf:

winbind separator = +
winbind enum users = No
winbind enum groups = No

Can you post your smb.conf file as well as a snippet from the logs of those trying to connect?

/var/opt/samba/log.ip or log.userntworkstation

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Coolmar
Esteemed Contributor

тАО10-04-2005 08:27 AM

тАО10-04-2005 08:27 AM

Re: Samba and share not writeable

Thanks for the help Geoff!

[global]
workgroup = ABC
netbios name = SERVERA
server string = samba
security = DOMAIN
map to guest = Bad User
password server = PWSERVER
syslog = 0
log file = /var/opt/samba/log.%m
max log size = 1000
wins server = winsserver
idmap uid = 10000-200000
idmap gid = 10000-200000
winbind separator = +
winbind enum users = No
winbind enum groups = No
short preserve case = No
dos filetime resolution = Yes

[TESTDIR]
comment = test Samba
path = /usr/local/admin/sambatest
valid users = foo.ca+GROUP-GISK
force group = GISK
read only = yes
write list = foo.ca+GROUP-GISK

LOG SNIPPET:

[2005/10/04 11:21:23, 1] smbd/service.c:make_connection_snum(648)
workstation (10.x.x.x) connect to service TESTDIR initially as user WORKGROUP\me (uid=10000, gid=10000) (pid 15187)
[2005/10/04 11:21:23, 0] smbd/service.c:set_current_service(50)
chdir (/usr/local/admin/sambatest) failed
[2005/10/04 11:21:23, 0] smbd/service.c:set_current_service(50)
chdir (/usr/local/admin/sambatest) failed

0 Kudos
Coolmar
Esteemed Contributor

тАО10-04-2005 08:33 AM

тАО10-04-2005 08:33 AM

Re: Samba and share not writeable

Hi again Geoff,

It seems to put me in some generic group because of the idmap (I think). So even though I say only users of that particular group can write, and I am a member of that group, judging by the logs I am uid 10000 and gid 10000...rather than the proper group from winbind.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.