more samba woes
Ryan Duff
ryan at duff-duff.net
Sat Mar 6 03:11:35 UTC 2004
On Fri, 05 Mar 2004 21:54:53 -0500, Ryan Duff <ryan at duff-duff.net> wrote:
> On Fri, 5 Mar 2004 14:55:47 -0700, Eric Diamond <eric at ediamond.net>
> wrote:
>
>>
>>
>>> Friday, March 05, 2004 11:46 AM, Ryan Duff said...
>>>
>>> this is what the share looks like in my samba.conf file
>>>
>>> [music]
>>> valid user = ryan
>>> path = /mnt/music
>>> create mode = 0777
>>> directory mode = 777
>>> browseable = yes
>>> comment = music
>>> writeable = yes
>>>
>>> encrypt passwords is set to yes and security is set to share
>>>
>>> there is also a homes share
>>>
>>> [homes]
>>> comment = Home Directories
>>> browseable = yes
>>> writeable = yes
>>>
>>> The shares show up in network neighborhood but when I click on them it
>>> tells me I don't have permission to access the share. My windows user
>>> and password match my linux user/pass and samba user/pass. Any more
>>> suggestions.
>>
>> Your share definitions look good, but you should change browsable to no
>> in
>> the homes definition. You should also change the security setting to
>> user.
>> Then make sure your directory permissions are set correctly.
>>
>> In user security mode, file and directory access are actually controlled
>> by
>> linux, not samba. There are ways to use samba to fool the OS and manage
>> security itself, but I've found that's much more trouble than it's
>> worth.
>>
>> Home directories should be owned by their respective users. The group
>> should
>> be the same as the user. Permissions should be 700 or rwx------.
>>
>> Your other share should also be owned by you and your group with the
>> same
>> permissions.
>>
>> Public shares should be owned by user nobody, a group of your own
>> choosing
>> (I usually use users) and you should make sure all smb users are
>> included in
>> that group. File permissions should be 777 or rwxrwxrwx.
>>
>> Group shares should have an appropriate user and group. I usually create
>> a
>> dummy user so I get both the user and the group, but you could just as
>> easily make the owner nobody and create a special purpose group. Make
>> sure
>> the appropriate users are group members and then set the permissions to
>> 770
>> or rwxrwx---.
>>
>> Managing your access this way also means you don't need valid user lists
>> in
>> your share definitions. You can also manage the visibility of yor
>> shares.
>> Users who don't have read and excute permissions on a shared directory
>> won't
>> see the share.
>>
>> (They may be able to get to it if they explicity code it's path, but if
>> they
>> don't have complementary permissions they won't be able to do anything
>> with
>> it. I'm still experimenting on making shares users don't have access to
>> truly invisible to them while still allowing selective access. Watch
>> this
>> space, more on this later...)
>>
>> Eric Diamond
>> eDiamond Networking & Security
>> 303-246-9555
>> eric at ediamond.net
>>
>>
>>
>
> I changed the security level to share and now my folder shows up, I'll
> change browseable to no on the homes share b/c I don't need to see that
> but I guess I need to check my permissions on my music folder because it
> still won't let me access that. I think I'm on the right track tho.
>
> I just tried a chown -R ryan music and it told me operation not
> permitted. I was logged in as root and it says the owner and group are
> root. any suggestions on that one?
>
> Thanks for the help.
>
>
I figured it out, It had to do w/ the fstab file and the fat32 partition. I
changed the setting in the fstab file to umount = 0000 0 0 and remounted it
and it's fine now.
More information about the users
mailing list