[mdlug] [Samba]: Permissions Problems

Robert Adkins II radkins at impelind.com
Thu Jul 26 11:40:58 EDT 2012 

Greg,

It's always going to show "Special Permissions" because that is part of how
Windows interprets what Samba is telling it relating to permissions. It
should also show you the User permissions of rw through the Windows
interface. (I would attach image samples, but that is frowned upon here.)

You have to have the files and directories setup with Unix permissions to
allow you to read/write/execute the files through Samba.

You should also set the sticky bit on the Unix filesystem so that when you
or another user creates a file/directory, it will be created with the User
and specific Group along with the rwx permissions you are looking for.

I'm sharing out around 10 different shares on our Samba PDC, splitting
departments here with some users having access to multiple groups. When user
'Steve' creates a file/directory in any of the shares that he has access to,
it will create those with the permissions Steve:Groupname, where Groupname
is the specific group of that share, such as Shipping or Purchasing or
Whatever. 

It works out great and because it also tags the file with the user name and
because Samba always uses the User name when effecting changes, it allows me
to create a "Recycle Bin" that Samba handles, which let me tell you is
freaking awesome.

If we have some disgruntled employee that marches out and on his way deletes
whole swaths of data that he/she has access to, the files "delete" to all
users, but Samba interprets that as a "move to a new folder called
Recyclebin" that only myself and a few other management team members have
access to via Samba.

Let me know if you have any additional questions on Samba. I've been running
it as a PDC here for 10 years now and have migrated the server hardware
roughly 4 times over that time.

Regards,
Rob

 

> -----Original Message-----
> From: mdlug-bounces at mdlug.org 
> [mailto:mdlug-bounces at mdlug.org] On Behalf Of Wojtak, Greg (Superfly)
> Sent: Thursday, July 26, 2012 11:26 AM
> To: MDLUG's Main discussion list
> Subject: [mdlug] [Samba]: Permissions Problems
> 
> I know there are a few people on here that are pretty 
> familiar with samba so I'm hoping I can get some help.
> 
> I have a CentOS 6 server that is running samba 3.5.10 for 
> sharing out home directories.  I can pull up my share, I get 
> disallowed from pulling up others' home directories, I can 
> create files/folders just fine.  I can't delete or rename any 
> files though.  I looked at the permissions from a Windows 
> machine and it says that my account has only special 
> permissions.  I checked the special permissions and 
> everything is checked allow.  In the "normal" permissions, 
> though, nothing is checked (allow or deny) which I'm guessing 
> is my problem.
> 
> Has anyone run into anything like this?  Any ideas on 
> troubleshooting?  Here is my smb.conf that I am using (I've 
> scrubbed some of the info):
> 
> [global]
>    workgroup = DOM
>    password server = dc1.dom.com dc2.dom.com
>    realm = DOM.COM
>    security = ads
>    idmap backend = nss
>    #idmap backend = tdb
>    idmap uid = 500-33554431
>    idmap gid = 500-33554431
>    template shell = /bin/bash
>    template homedir = /home/%U
>    winbind nss info = rfc2307bis
>    winbind use default domain = true
>    winbind offline logon = false
>    idmap config DOM:backend = ad
>    idmap config DOM:default = yes
>    idmap config DOM:range = 500-33554431
>    idmap config DOM:schema_mode = rfc2307bis
>    server string = Samba Server Version %v
>    passdb backend = tdbsam
>    load printers = no
>    printing = bsd
>    printcap = /dev/null
>    disable spoolss = yes
>    client ntlmv2 auth = yes
>    unix extensions = off
> 
> [homes]
>    comment = Home Directories
>    browseable = yes
>    writeable = yes
>    create mask = 0644
>    directory mask = 0755
>    valid users = %U %U-
>    force user = %U
>    write list = %U %U-
> 
> Greg Wojtak
> Sr. Unix Systems Engineer
> Office: (313) 373-4306
> Cell: (734) 718-8472
> 
> _______________________________________________
> mdlug mailing list
> mdlug at mdlug.org
> http://mdlug.org/mailman/listinfo/mdlug
>

More information about the mdlug mailing list