more samba woes

[Ryan Duff]

On Fri, 05 Mar 2004 21:54:53 -0500, Ryan Duff <ryan at duff-duff.net> wrote:

> On Fri, 5 Mar 2004 14:55:47 -0700, Eric Diamond <eric at ediamond.net> 
> wrote:
>
>>
>>
>>> Friday, March 05, 2004 11:46 AM, Ryan Duff said...
>>>
>>> this is what the share looks like in my samba.conf file
>>>
>>> [music]
>>> 	valid user = ryan
>>> 	path = /mnt/music
>>> 	create mode = 0777
>>> 	directory mode = 777
>>> 	browseable = yes
>>> 	comment = music
>>> 	writeable = yes
>>>
>>> encrypt passwords is set to yes and security is set to share
>>>
>>> there is also a homes share
>>>
>>> [homes]
>>> 	comment = Home Directories
>>> 	browseable = yes
>>> 	writeable = yes
>>>
>>> The shares show up in network neighborhood but when I click on them it 
>>> tells me I don't have permission to access the share. My windows user 
>>> and password match my linux user/pass and samba user/pass. Any more 
>>> suggestions.
>>
>> Your share definitions look good, but you should change browsable to no 
>> in
>> the homes definition. You should also change the security setting to 
>> user.
>> Then make sure your directory permissions are set correctly.
>>
>> In user security mode, file and directory access are actually controlled 
>> by
>> linux, not samba. There are ways to use samba to fool the OS and manage
>> security itself, but I've found that's much more trouble than it's 
>> worth.
>>
>> Home directories should be owned by their respective users. The group 
>> should
>> be the same as the user. Permissions should be 700 or rwx------.
>>
>> Your other share should also be owned by you and your group with the 
>> same
>> permissions.
>>
>> Public shares should be owned by user nobody, a group of your own 
>> choosing
>> (I usually use users) and you should make sure all smb users are 
>> included in
>> that group. File permissions should be 777 or rwxrwxrwx.
>>
>> Group shares should have an appropriate user and group. I usually create 
>> a
>> dummy user so I get both the user and the group, but you could just as
>> easily make the owner nobody and create a special purpose group. Make 
>> sure
>> the appropriate users are group members and then set the permissions to 
>> 770
>> or rwxrwx---.
>>
>> Managing your access this way also means you don't need valid user lists 
>> in
>> your share definitions. You can also manage the visibility of yor 
>> shares.
>> Users who don't have read and excute permissions on a shared directory 
>> won't
>> see the share.
>>
>> (They may be able to get to it if they explicity code it's path, but if 
>> they
>> don't have complementary permissions they won't be able to do anything 
>> with
>> it. I'm still experimenting on making shares users don't have access to
>> truly invisible to them while still allowing selective access. Watch 
>> this
>> space, more on this later...)
>>
>> Eric Diamond
>> eDiamond Networking & Security
>> 303-246-9555
>> eric at ediamond.net
>>
>>
>>
>
> I changed the security level to share and now my folder shows up, I'll 
> change browseable to no on the homes share b/c I don't need to see that 
> but I guess I need to check my permissions on my music folder because it 
> still won't let me access that. I think I'm on the right track tho.
>
> I just tried a chown -R ryan music and it told me operation not 
> permitted. I was logged in as root and it says the owner and group are 
> root. any suggestions on that one?
>
> Thanks for the help.
>
>

I figured it out, It had to do w/ the fstab file and the fat32 partition. I 
changed the setting in the fstab file to umount = 0000 0 0 and remounted it 
and it's fine now.