FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 06-05-2008, 01:35 AM
"Robert S"
 
Default Samba writes wrong file permissions

I have the following in my smb.conf:

[public]
path = /home/apache/files
force user = www-data
force group = www-data
read only = No
create mask = 0640
force directory mode = 755
guest ok = Yes

ls /home/apache/files/Dictation/XXXX/ -l
total 736
-rw-r----- 1 www-data www-data 318976 Jun 4 11:56 DS400039.DSS
-rw-r----- 1 www-data www-data 427520 Jun 4 13:32 DS400040.DSS
-rwxrwxrwx 1 www-data www-data 501 Jun 4 13:32 VoiceFolder.xml

I do not want to have world-writeable files. How do I fix this?


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 06-05-2008, 02:16 AM
Mike Bird
 
Default Samba writes wrong file permissions

On Wed June 4 2008 18:35:34 Robert S wrote:
> I have the following in my smb.conf:
>
> [public]
> path = /home/apache/files
> force user = www-data
> force group = www-data
> read only = No
> create mask = 0640
> force directory mode = 755
> guest ok = Yes
>
> ls /home/apache/files/Dictation/XXXX/ -l
> total 736
> -rw-r----- 1 www-data www-data 318976 Jun 4 11:56 DS400039.DSS
> -rw-r----- 1 www-data www-data 427520 Jun 4 13:32 DS400040.DSS
> -rwxrwxrwx 1 www-data www-data 501 Jun 4 13:32 VoiceFolder.xml
>
> I do not want to have world-writeable files. How do I fix this?

Take a look at "testparm -sv | grep map".

Do you have "map hidden" enabled in your smb.conf?

--Mike Bird


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 06-05-2008, 02:25 AM
"Robert S"
 
Default Samba writes wrong file permissions

>> I have the following in my smb.conf:
>>
>> [public]
>> path = /home/apache/files
>> force user = www-data
>> force group = www-data
>> read only = No
>> create mask = 0640
>> force directory mode = 755
>> guest ok = Yes
>>
>> ls /home/apache/files/Dictation/XXXX/ -l
>> total 736
>> -rw-r----- 1 www-data www-data 318976 Jun 4 11:56 DS400039.DSS
>> -rw-r----- 1 www-data www-data 427520 Jun 4 13:32 DS400040.DSS
>> -rwxrwxrwx 1 www-data www-data 501 Jun 4 13:32 VoiceFolder.xml
>>
> Take a look at "testparm -sv | grep map".
>

Thanks. I'm not familiar with "map hidden". What does it mean? Here it is:

schmidli@debian:~$ testparm -sv | grep map
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[printers]"
Processing section "[public]"
Processing section "[windows]"
Unknown parameter encountered: "read-only"
Ignoring unknown parameter "read-only"
Loaded services file OK.
Server role: ROLE_STANDALONE
map to guest = Never
username map =
use mmap = Yes
os2 driver map =
username map script =
ldap idmap suffix =
homedir map = auto.home
afs username map =
idmap backend =
idmap uid =
idmap gid =
acl map full control = Yes
map acl inherit = No
map archive = Yes
map hidden = No
map system = No
map readonly = yes
mangled map =
dmapi support = No


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 06-05-2008, 03:03 AM
Mike Bird
 
Default Samba writes wrong file permissions

On Wed June 4 2008 19:25:07 Robert S wrote:
> > Take a look at "testparm -sv | grep map".
>
> Thanks. I'm not familiar with "map hidden". What does it mean? Here it
> is:

I don't see the answer there. Can you post
your whole smb.conf, and your samba version?

--Mike Bird


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 06-05-2008, 03:30 AM
"Robert S"
 
Default Samba writes wrong file permissions

>> > Take a look at "testparm -sv | grep map".
>>
>> Thanks. I'm not familiar with "map hidden". What does it mean? Here it
>> is:
>
> I don't see the answer there. Can you post
> your whole smb.conf, and your samba version?
>

I think we might be on the wrong track here. I think that the Windows
client changes the file to world read/write/execute for all users and
groups, and this creates these permissions on the file on my debian
machine.

Is there any way that Samba can prevent these permissions from being
created? - I'd like to avoid world-writeable files on my system.

I think that "map hidden" refers to hidden files created on
DOS/Windows machines.
FYI here is my smb.conf:

[global]
panic action = /usr/share/samba/panic-action %d
workgroup = ONCOLOGY
server string = %h server (Samba %v)
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *EntersnewsUNIXspassword:* %n

*RetypesnewsUNIXspassword:* %n
.
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = No
invalid users = root
printing = cups
printcap name = cups
time server = yes
dos filetimes = yes
fake directory create times = yes
dos filetime resolution = yes
delete readonly = yes
# Added today:
map hidden = Yes

[homes]
comment = Home Directories
path = /home/%S/.doc
read only = No
create mask = 0700
directory mask = 0700
browseable = No
[printers]
comment = All Printers
path = /tmp
printable = Yes
browseable = Yes
[public]
path = /home/apache/files
force user = www-data
force group = www-data
read only = No
create mask = 0641
force directory mode = 755
guest ok = Yes


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 06-05-2008, 04:16 AM
Mike Bird
 
Default Samba writes wrong file permissions

On Wed June 4 2008 20:30:14 Robert S wrote:
> I think we might be on the wrong track here. I think that the Windows
> client changes the file to world read/write/execute for all users and
> groups, and this creates these permissions on the file on my debian
> machine.
>
> Is there any way that Samba can prevent these permissions from being
> created? - I'd like to avoid world-writeable files on my system.

In smb.conf:

directory security mask 0775
security mask 0775

You will also need to remove world-write permission from
files which already have it. Check this command carefully
before using it on your system but I suspect you want:

chmod -R o-w /home/apache/files

--Mike Bird


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 08:23 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org