[Gllug] Getting required read / write / access permissions

Chris Bell chrisbell at chrisbell.org.uk
Wed Apr 6 10:04:34 UTC 2011 

On Wed 06 Apr, Bruce Richardson wrote:
> On Wed, Apr 06, 2011 at 09:40:04AM +0100, Chris Bell wrote:
> > Hello,
> >    I am trying to get the correct access permissions automatically for a
> > number of users accessing a server running Debian Lenny at present, with all
> > users accessing the server from Microsoft PCs via Samba. The requirements
> > are personal home directories with R/W access only by the owner,
> 
> Very simple and standard to create in samba.  The example configs should
> be sufficient.

   And that worked.

> 
> > a directory
> > with full recursive R/W access to all files to all, but only all, on a
> > restricted list, plus a directory with full recursive R/W access to all
> > listed users.
> 
> Are these to be separate shares or two directories on the same share?

   They were created as two separate groups, each associated with its own
single directory in /home


> > Individual users need to be able to create sub-directories and
> > new files. [ snip ] It would be best if shared files can not be
> > deleted once created.
> 
> That last bit is simply not possible.  If users have sufficient
> permissions to create files, they have sufficient to delete them.  It is
> possible to set up a situation where users can modify the contents of
> files but not create, rename or delete them but that's very little use
> in real life.

   The files are a mix containing catalogue lists and progress reports, and
should be writable by all in the group.

> > Some users also need access from their normal computers via
> > OpenVPN. 
> 
> That doesn't make much sense.  OpenVPN gives people access to a network,
> not to a computer's files.  How are the OpenVPN users going to be
> accessing the files after they have gained access to the network via
> OpenVPN?

   Yes, they access the network and then logon to the server.

> 
> >    I have created two additional groups (not users), one restricted, the
> > other to include all. I have edited /etc/samba/smb.conf to set access
> > permissions to 770 on each of the directories, together with the required
> > user lists for each. 
> 
> Can you post the relevant parts of smb.conf?  Anything relating to
> access permissions in the global config, plus the share sections.
> 
> > If I look at man chmod I see that I can specify 770 but
> > there are six possible attributes, rwxXst, and when I use ls -al I only see
> > three.

   I have been able to do things such as +s as root and see it happen, but I
would like the correct setup to happen automatically if possible.

> 
> I think you need to read up on Unix file permissions and then re-read
> the chmod man page.
> 
> http://www.zzee.com/solutions/unix-permissions.shtml

   It looks as if I should set the /etc/samba/smb.conf permissions to 2770
instead of 770 for the shared directories, I will try that when I have access.

> 
> >    I am still being told that not all the required users have write access
> > to all neccessary new files. Have I missed something? Would Microsoft
> > limited access permissions over-ride those set by Samba?
> 
> Too little information.  That would need to be looked at on a case by
> case basis, eliminating problems as they are discovered, till there are
> no more problems.
> 
> 
> -- 
> Bruce

   Thanks for the help, I will modify the smb.conf file and see what
happens.

-- 
Chris Bell www.chrisbell.org.uk (was www.overview.demon.co.uk)
Microsoft sells you Windows ... Linux gives you the whole house.

--
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

More information about the GLLUG mailing list