HPE Community
Operating System - Linux
1827892 Members
1886 Online
109969 Solutions
New Discussion

SAMBA/LINUX

 
Nobody's Hero
Valued Contributor

‎05-10-2004 03:53 AM

‎05-10-2004 03:53 AM

SAMBA/LINUX

Hi All,

I have successfully setup SAMBA 2.2.8a on Redhat Linux9. We use this for our production system/share for the NT side of the house. We share out the files through linux and mount them on the users desktop via NT. All permissions for the shares are controlled through the NT side/win2k. Here is my problem.

I made a change to one of my shares. The change I made was 'force user = psoft'. Well the way we have things set up, this opened the door for all directories under this share. Users that have access to the top level share 'hrprd', now have rwx to all folders under this share. Well, I removed the force user entry. Then I run a 'getfacl hrprd' and it all looks ok. Somehow samba is still holding the change I made, allowing all users to access folders under this specific share. All other shares are working fine. Only this share is messed up after I madt the force user change. Is there a way that samba holds the acl entries in a database or something? Is there something I can flush in an ACL database?
UNIX IS GOOD
0 Kudos
Reply
8 REPLIES 8
Alexander Chuzhoy
Honored Contributor

‎05-10-2004 04:07 AM

‎05-10-2004 04:07 AM

Re: SAMBA/LINUX

by running testparm utility on samba config file you can see the settings that are in a file and if you restart the samba service they will be applied.
So if samba's config file is /etc/samba/smb.conf:
testparm /etc/samba/smb.conf |less

What are other settings for this share?


0 Kudos
Reply
Nobody's Hero
Valued Contributor

‎05-10-2004 05:36 AM

‎05-10-2004 05:36 AM

Re: SAMBA/LINUX

Load smb config files from /etc/samba/smb.conf
WARNING: The "alternate permissions"option is deprecated
Processing section "[printers]"
Processing section "[HRPRD]"
Processing section "[FSPRD]"
Processing section "[HRPT]"
Processing section "[HRTST]"
Processing section "[FSTST]"
Processing section "[HRCNV8]"
Processing section "[HRPTDEV]"
Loaded services file OK.
Press enter to see a dump of your service definitions

# Global parameters
[global]
coding system =
client code page = 850
code page directory = /usr/local/samba/lib/codepages
workgroup = IHS-DOMAIN
netbios name = MAHIMAHI
netbios aliases =
netbios scope =
server string = Samba Server
interfaces = eth0
bind interfaces only = No
security = DOMAIN
encrypt passwords = Yes
update encrypted = No
allow trusted domains = Yes
hosts equiv =
min passwd length = 5
map to guest = Never
null passwords = No
obey pam restrictions = Yes
password server = *
smb passwd file = /usr/local/samba/private/smbpasswd
root directory =
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
passwd chat debug = No
username map = /etc/samba/smbusers
password level = 0
username level = 0
unix password sync = No
restrict anonymous = No
lanman auth = Yes
use rhosts = No
admin log = No
log level = 0
syslog = 1
syslog only = No
log file = /var/log/samba/%m.log
max log size = 0
timestamp logs = Yes
debug hires timestamp = No
debug pid = No
debug uid = No
protocol = NT1
large readwrite = Yes
max protocol = NT1
min protocol = CORE
read bmpx = No
read raw = Yes
write raw = Yes
acl compatibility =
nt smb support = Yes
nt pipe support = Yes
nt status support = Yes
announce version = 4.9
announce as = NT
max mux = 50
max xmit = 16644
name resolve order = lmhosts host wins bcast
max ttl = 259200
max wins ttl = 518400
min wins ttl = 21600
time server = No
unix extensions = No
change notify timeout = 60
deadtime = 0
getwd cache = Yes
keepalive = 300
lpq cache time = 10
max smbd processes = 0
max disk size = 0
max open files = 10000
name cache timeout = 660
read size = 16384
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
stat cache size = 50
use mmap = Yes
total print jobs = 0
load printers = Yes
printcap name = /etc/printcap
disable spoolss = No
enumports command =
addprinter command =
deleteprinter command =
show add printer wizard = Yes
os2 driver map =
strip dot = No
mangling method = hash
character set =
mangled stack = 50
stat cache = Yes
domain admin group =
domain guest group =
machine password timeout = 604800
add user script =
delete user script =
logon script =
logon path = \\%N\%U\profile
logon drive =
logon home = \\%N\%U
domain logons = No
os level = 20
lm announce = Auto
lm interval = 60
preferred master = Auto
local master = Yes
domain master = Auto
browse list = Yes
enhanced browsing = Yes
dns proxy = No
wins proxy = No
wins server = 172.16.8.51
wins support = No
wins hook =
kernel oplocks = Yes
lock spin count = 3
lock spin time = 10
oplock break wait time = 0
add share command =
change share command =
delete share command =
config file =
preload =
lock dir = /usr/local/samba/var/locks
pid directory = /usr/local/samba/var/locks
default service =
message command =
dfree command =
valid chars =
remote announce =
remote browse sync =
socket address = 0.0.0.0
homedir map =
time offset = 0
NIS homedir = No
source environment =
panic action =
hide local users = No
winbind uid = 10000-40000
winbind gid = 10000-40000
template homedir = /home/%D/%U
template shell = /bin/false
winbind separator = \
winbind cache time = 15
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
comment =
path =
alternate permissions = Yes
username =
guest account =
invalid users =
valid users =
admin users = IHS-DOMAIN\gmurrow IHS-DOMAIN\rmenefee IHS-DOMAIN\gwassman IHS-DOMAIN\maestro
read list =
write list =
printer admin =
force user =
force group =
read only = Yes
create mask = 0744
force create mode = 0744
security mask = 0777
force security mode = 0700
directory mask = 0750
force directory mode = 0770
directory security mask = 0770
force directory security mode = 00
force unknown acl user = 00
inherit permissions = No
inherit acls = No
guest only = No
guest ok = No
only user = No
hosts allow =
hosts deny =
status = Yes
nt acl support = Yes
profile acls = No
block size = 1024
max connections = 0
min print space = 0
strict allocate = No
strict sync = No
sync always = No
write cache size = 0
max print jobs = 1000
printable = No
postscript = No
printing = cups
print command = lpr -r -P%p %s
lpq command = lpq -P%p
lprm command = lprm -P%p %j
lppause command =
lpresume command =
queuepause command =
queueresume command =
printer name =
use client driver = No
default devmode = No
printer driver =
printer driver file = /etc/samba/printers.def
printer driver location =
default case = lower
case sensitive = No
preserve case = Yes
short preserve case = Yes
mangle case = No
mangling char = ~
hide dot files = Yes
hide unreadable = No
delete veto files = No
veto files =
hide files =
veto oplock files =
map system = No
map hidden = No
map archive = Yes
mangled names = Yes
mangled map =
browseable = Yes
blocking locks = Yes
csc policy = manual
fake oplocks = No
locking = Yes
oplocks = Yes
level2 oplocks = Yes
oplock contention limit = 2
posix locking = Yes
strict locking = No
share modes = Yes
copy =
include =
exec =
preexec close = No
postexec =
root preexec =
root preexec close = No
root postexec =
available = Yes
volume =
fstype = NTFS
set directory = No
wide links = Yes
follow symlinks = Yes
dont descend =
magic script =
magic output =
delete readonly = No
dos filemode = No
dos filetimes = No
dos filetime resolution = No
fake directory create times = No
vfs object =
vfs options =

[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No

[HRPRD]
path = /ASU/hrprd
force group = samba
read only = No
force create mode = 0764
hosts allow = 10. 172.

[FSPRD]
path = /ASU/fsprd
force group = ps_admin
read only = No
hosts allow = 10. 172. 10.21.2 192.

[HRPT]
path = /ASU/hrpt
force group = dba
read only = No
hosts allow = 10. 172.

[HRTST]
path = /ASU/hrtst
force group = ps_admin
read only = No
force create mode = 0754
hosts allow = 10. 172. 10.21.2 192.

[FSTST]
path = /ASU/fstst
force group = samba
read only = No
hosts allow = 10. 172. 10.21.2

[HRCNV8]
path = /ASU/hrcnv8
force user = psoft
force group = samba
read only = No
force create mode = 0764
hosts allow = 10. 172. 10.21.2 192.

[HRPTDEV]
path = /ASU/hrptdev
force group = samba
UNIX IS GOOD
0 Kudos
Reply
Nobody's Hero
Valued Contributor

‎05-10-2004 05:38 AM

‎05-10-2004 05:38 AM

Re: SAMBA/LINUX

Is there some sort of ACL database file that can be cleaned up? All my settings are OK. This system has been in production for over a year.
UNIX IS GOOD
0 Kudos
Reply
Nobody's Hero
Valued Contributor

‎05-10-2004 05:47 AM

‎05-10-2004 05:47 AM

Re: SAMBA/LINUX

Is there a way I can restore the previous ACL entries for this Dir using setfacl ?
UNIX IS GOOD
0 Kudos
Reply
Paul Cross_1
Respected Contributor

‎05-10-2004 06:27 AM

‎05-10-2004 06:27 AM

Re: SAMBA/LINUX

have you tried restarting samba?
0 Kudos
Reply
Nobody's Hero
Valued Contributor

‎05-10-2004 06:40 AM

‎05-10-2004 06:40 AM

Re: SAMBA/LINUX

Yes, but thanks. Way beyond that.
UNIX IS GOOD
0 Kudos
Reply
ger donohue_1
Advisor

‎05-10-2004 12:25 PM

‎05-10-2004 12:25 PM

Re: SAMBA/LINUX

Some thoughts

If a user has rwx share level access to a top level folder this will be applied to files and folders underneath this folder unless the File system permissions for each object underneth are more restrictive.

If there are folders which are shared underneath this folder, the shared permissions for these folders will not apply if the user gains access via the top level share.

Have you checked actual file ownership and permissions have not changed at file system level ??


0 Kudos
Reply
Pierrick herve
Advisor

‎05-10-2004 08:04 PM

‎05-10-2004 08:04 PM

Re: SAMBA/LINUX

hi,

your linux file-system should support ACL ! like XFS (for example)

regards,
Pierrick
learn and explain
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.