[Gllug] Getting required read / write / access permissions
Chris Bell
chrisbell at chrisbell.org.uk
Wed Apr 6 10:04:34 UTC 2011
On Wed 06 Apr, Bruce Richardson wrote:
> On Wed, Apr 06, 2011 at 09:40:04AM +0100, Chris Bell wrote:
> > Hello,
> > I am trying to get the correct access permissions automatically for a
> > number of users accessing a server running Debian Lenny at present, with all
> > users accessing the server from Microsoft PCs via Samba. The requirements
> > are personal home directories with R/W access only by the owner,
>
> Very simple and standard to create in samba. The example configs should
> be sufficient.
And that worked.
>
> > a directory
> > with full recursive R/W access to all files to all, but only all, on a
> > restricted list, plus a directory with full recursive R/W access to all
> > listed users.
>
> Are these to be separate shares or two directories on the same share?
They were created as two separate groups, each associated with its own
single directory in /home
> > Individual users need to be able to create sub-directories and
> > new files. [ snip ] It would be best if shared files can not be
> > deleted once created.
>
> That last bit is simply not possible. If users have sufficient
> permissions to create files, they have sufficient to delete them. It is
> possible to set up a situation where users can modify the contents of
> files but not create, rename or delete them but that's very little use
> in real life.
The files are a mix containing catalogue lists and progress reports, and
should be writable by all in the group.
> > Some users also need access from their normal computers via
> > OpenVPN.
>
> That doesn't make much sense. OpenVPN gives people access to a network,
> not to a computer's files. How are the OpenVPN users going to be
> accessing the files after they have gained access to the network via
> OpenVPN?
Yes, they access the network and then logon to the server.
>
> > I have created two additional groups (not users), one restricted, the
> > other to include all. I have edited /etc/samba/smb.conf to set access
> > permissions to 770 on each of the directories, together with the required
> > user lists for each.
>
> Can you post the relevant parts of smb.conf? Anything relating to
> access permissions in the global config, plus the share sections.
>
> > If I look at man chmod I see that I can specify 770 but
> > there are six possible attributes, rwxXst, and when I use ls -al I only see
> > three.
I have been able to do things such as +s as root and see it happen, but I
would like the correct setup to happen automatically if possible.
>
> I think you need to read up on Unix file permissions and then re-read
> the chmod man page.
>
> http://www.zzee.com/solutions/unix-permissions.shtml
It looks as if I should set the /etc/samba/smb.conf permissions to 2770
instead of 770 for the shared directories, I will try that when I have access.
>
> > I am still being told that not all the required users have write access
> > to all neccessary new files. Have I missed something? Would Microsoft
> > limited access permissions over-ride those set by Samba?
>
> Too little information. That would need to be looked at on a case by
> case basis, eliminating problems as they are discovered, till there are
> no more problems.
>
>
> --
> Bruce
Thanks for the help, I will modify the smb.conf file and see what
happens.
--
Chris Bell www.chrisbell.org.uk (was www.overview.demon.co.uk)
Microsoft sells you Windows ... Linux gives you the whole house.
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list