Folder permissions and Samba - question
 

Bob Latham wrote:
> Hi everyone,
>
> I want to setup a series of about a dozen folders that each have a Samba
> share associated with them. Then I would like to place all of those inside
> another folder that a super user can access and consequently all of the
> lower ranking shared folders below.
>
> I've been experimenting and the results have clearly shown that what I
> expected to be the case certainly isn't. I thought I could create the
> super user and samba share his/her folder then create the sub folders and
> samba share them. I then thought it would be a simple case of setting the
> folder permissions to suit the required users but this doesn't work. There
> is obviously a bit more to it.
>
> Anyone spare a few minutes to point me in the right direction on...?
>
> 1. How to give samba access to a folder that is not in /home/<user>. Or
> more specifically not the normal home directory.I can get shares to
> work from the normal home dirs.
>
> 2. How to get the super user access from above?
>
>
> TIA.
>
> Bob.
>
What are the permissions of the base folder? If Samba does not have
permission to get a directory of the folder, then it can not access
the folders inside. (I normally use the dirm directory instead of
folder.)

If you are running SELinux, you will also need to set the context of
the folders to system_u:object_r:samba_share_t:s0

Mikkel
--

Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Folder permissions and Samba - question
 

In article <48B5662B.5020109@infinity-ltd.com>,
Mikkel L. Ellertson <mikkel@infinity-ltd.com> wrote:
> Bob Latham wrote:
> > Hi everyone,
> >
> > I want to setup a series of about a dozen folders that each have a
> > Samba share associated with them. Then I would like to place all of
> > those inside another folder that a super user can access and
> > consequently all of the lower ranking shared folders below.
> >
> > I've been experimenting and the results have clearly shown that what I
> > expected to be the case certainly isn't. I thought I could create the
> > super user and samba share his/her folder then create the sub folders
> > and samba share them. I then thought it would be a simple case of
> > setting the folder permissions to suit the required users but this
> > doesn't work. There is obviously a bit more to it.
> >
> > Anyone spare a few minutes to point me in the right direction on...?
> >
> > 1. How to give samba access to a folder that is not in /home/<user>.
> > Or more specifically not the normal home directory.I can get shares to
> > work from the normal home dirs.
> >
> > 2. How to get the super user access from above?


> What are the permissions of the base folder?

I'm sorry, I don't know what you mean by 'base folder'.

> If Samba does not have permission to get a directory of the folder, then
> it can not access the folders inside.

Yes, that is what I thought. What I did was to share a home directory and
check that it worked for the specific user. Then changed the path in the
smb.conf to another folder and copied the permissions from the original
folder. I did this by right button clicking => properties => Permissions
tab. It didn't work.

> I normally use the dirm directory instead of folder.

Right, that's fine directory it is then.

> If you are running SELinux, you will also need to set the context of the
> folders to system_u:object_r:samba_share_t:s0

That's horrid! I don't have a clue what that means or how to do it.

I'm sure I don't need SELinux at all but can't find a way to stop it
running, certainly the services application doesn't list it as such. That
would be too easy wouldn't it.

When I was testing a shared home directory, it kept popping up a window
telling me it had blocked connections but they still seem to work ok.

How do you turn it off?

Thanks for your help.


Bob.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Folder permissions and Samba - question
 

In article <4fd5d0097ebob.latham@castlehigh.plus.com>,
Bob Latham <bob.latham@castlehigh.plus.com> wrote:

> > If you are running SELinux, you will also need to set the context of
> > the folders to system_u:object_r:samba_share_t:s0

OK, I've worked out how to disabled SELinux and done it so we needn't
worry about that for now.

It wasn't the problem though as I can still only seem to share home
directories.

I just shared a home directory and then changed the path in smb.conf to
point to another directory that I had copied permissions from the
original. Now my client machine says the share does not exist.

Sorry to follow up my own post.

Thanks for your help.


Bob.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Folder permissions and Samba - question
 

Bob Latham wrote:
> In article <48B5662B.5020109@infinity-ltd.com>,
> Mikkel L. Ellertson <mikkel@infinity-ltd.com> wrote:
>> Bob Latham wrote:
>>> Hi everyone,
>>>
>>> I want to setup a series of about a dozen folders that each have a
>>> Samba share associated with them. Then I would like to place all of
>>> those inside another folder that a super user can access and
>>> consequently all of the lower ranking shared folders below.
>>>
>
>
>> What are the permissions of the base folder?
>
> I'm sorry, I don't know what you mean by 'base folder'.
>
The folder that you the other folders inside of. You normally
picture a set of folders as a tree - The base folder if the folder
that all the others are inside of like branches of a tree.

| - <Share 1>
<base folder> + - <Share 2> | - <Share 3.1>
| - <Share 3> + - <Share 3.2>
| - <Share 3.3>

Mikkel
--

Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Folder permissions and Samba - question
 

In article <48B6FB71.7010900@infinity-ltd.com>,
Mikkel L. Ellertson <mikkel@infinity-ltd.com> wrote:

> Bob Latham wrote:
> > In article <48B5662B.5020109@infinity-ltd.com>,
> > Mikkel L. Ellertson <mikkel@infinity-ltd.com> wrote:
> >> Bob Latham wrote:
> >>> Hi everyone,
> >>>
> >>> I want to setup a series of about a dozen folders that each have a
> >>> Samba share associated with them. Then I would like to place all of
> >>> those inside another folder that a super user can access and
> >>> consequently all of the lower ranking shared folders below.
> >>>
> >
> >
> >> What are the permissions of the base folder?
> >
> > I'm sorry, I don't know what you mean by 'base folder'.
> >
> The folder that you the other folders inside of. You normally
> picture a set of folders as a tree - The base folder if the folder
> that all the others are inside of like branches of a tree.

> | - <Share 1>
> <base folder> + - <Share 2> | - <Share 3.1>
> | - <Share 3> + - <Share 3.2>
> | - <Share 3.3>


Oh right I see what you mean, I think. Please see end of post for all
information.

I had the setup below for some hours and had no problem using the share
from the staff area [manage] but couldn't get the SG1 or SG2 shares to
work. After playing with permissions ie. giving more and more in the chain
hoping to discover what the problem was I suddenly had the daft thought
that there might be a problem with the SG1 and SG2 passwords and that I
really should set them again to make sure.

I tried 'smbpasswd -a SG1' but after taking the second copy of the
password, it said it had failed to change it. Stumped again! I looked back
in my notes and found that in the past I had used a program to create the
smb pass word file from the main user pass word file. My understanding in
my old notes was that the data was never auto copied to the SMB password
file and had to be done by hand after every user was created. I don't know
if that is or was true. I wish someone would clarify for me.

So I decided to copy across the passwords with the command I used some
time ago ...

cat /etc/passwd | mksmbpasswd.sh > /usr/bin/smbpasswd

Now trying to use 'smbpasswd -a SG1' gave a permissions error - wonderful.

A little investigation showed that 'smbpasswd' had no execute permission
and so I added that and tried again. Now when you try it the terminal
starts listing user names and group names with "Command not Found" on each
line. Honestly, this is all so hard to do something that should be so
simple and yet again I've hit a brick wall with no solution unless
someone tells me.

Here's how I have it set up...


| | | SG1 (drwxrwxrwx SG1 staffuser)
NetShares | Staff | Student_Shares | SG2 (drwxrwxrwx SG2 staffuser)
| | | SG3 (drwxrwxrwx SG3 staffuser)
drwxr-xrwx drwxr-xr-x drwxr-xrwx
root staff staff
root staffuser staffuser


The shares from smb.conf

[manage]
path = /NetShares/Staff
writeable = yes
browsable = yes

[sg1]
path = /NetShares/Staff/Student_Shares/SG1
writeable = yes
browsable = yes

[sg2]
path = /NetShares/Staff/Student_Shares/SG2
writeable = yes
browsable = yes


Thanks for your help I do appreciate it.

I've tried to set this simple sharing tree up and running again and again
this year, spending days and days on it and every time I give up and leave
it for a few weeks and come back and have another go. I always hit another
wall and fail again. I could do the whole thing in half an hour on a
windows server. I wonder if I should give up altogether.


Cheers,

Bob.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Folder permissions and Samba - question
 

Bob Latham wrote:
>
> I tried 'smbpasswd -a SG1' but after taking the second copy of the
> password, it said it had failed to change it. Stumped again! I looked back
> in my notes and found that in the past I had used a program to create the
> smb pass word file from the main user pass word file. My understanding in
> my old notes was that the data was never auto copied to the SMB password
> file and had to be done by hand after every user was created. I don't know
> if that is or was true. I wish someone would clarify for me.
>
Dumb question, is there a Linux user SG1? (not sg1 - they are not
the same.)

> So I decided to copy across the passwords with the command I used some
> time ago ...
>
> cat /etc/passwd | mksmbpasswd.sh > /usr/bin/smbpasswd
>
I can see problems with doing this, as you will create entries for
all the system accounts as well. Also, I think that the command was
something like:

cat /etc/passwd | mksmbpasswd.sh >> /etc/samba/smbpasswd

because I don't think the output of mksmbpasswd is in the correct
for for smbpasswd. (I could be wrong.)

> Now trying to use 'smbpasswd -a SG1' gave a permissions error - wonderful.
>
> A little investigation showed that 'smbpasswd' had no execute permission
> and so I added that and tried again. Now when you try it the terminal
> starts listing user names and group names with "Command not Found" on each
> line. Honestly, this is all so hard to do something that should be so
> simple and yet again I've hit a brick wall with no solution unless
> someone tells me.
>
This is strange, as the install from the RPM should have
/usr/bin/smbpasswd set with the correct permissions.

> Here's how I have it set up...
>
>
> | | | SG1 (drwxrwxrwx SG1 staffuser)
> NetShares | Staff | Student_Shares | SG2 (drwxrwxrwx SG2 staffuser)
> | | | SG3 (drwxrwxrwx SG3 staffuser)
> drwxr-xrwx drwxr-xr-x drwxr-xrwx
> root staff staff
> root staffuser staffuser
>
With the permissions on Staff and Student_Shares, if you are a
member of the staffuser group, but not user staff, you can not write
to it. (I know it seams strange, but that is the way permissions work.

Also, if SG1 is for user SG1, then I would change the permissions to
drwx-------- or drwxdrwx--- so that other users can not access it.
>
> The shares from smb.conf
>
> [manage]
> path = /NetShares/Staff
> writeable = yes
> browsable = yes
>
> [sg1]
> path = /NetShares/Staff/Student_Shares/SG1
> writeable = yes
> browsable = yes
>
> [sg2]
> path = /NetShares/Staff/Student_Shares/SG2
> writeable = yes
> browsable = yes
>
>
> Thanks for your help I do appreciate it.
>
I am sorry it took so long to get back to you...

> I've tried to set this simple sharing tree up and running again and again
> this year, spending days and days on it and every time I give up and leave
> it for a few weeks and come back and have another go. I always hit another
> wall and fail again. I could do the whole thing in half an hour on a
> windows server. I wonder if I should give up altogether.
>
>
Are you actually trying to use user names like SG1, with capital
letters? If so, you are going to run into problems. Because Windows
user names are not case sensitive, they are probably being changed
to sg1. At least that is what I remember - someone correct me if I
am wrong.

Mikkel
--

Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines