Re: [opensuse] cifs files always created as owner root



On Saturday 15 Oct 2011 09:53:05 lynn wrote:
On Friday 14 Oct 2011 19:18:26 John Andersen wrote:
On 10/13/2011 11:42 PM, Roger Oberholtzer wrote:
On Thu, 2011-10-13 at 18:07 -0700, John Andersen wrote:
The key was to disallow the local machine from setting uid/gid on the
server, and allow samba to do this via the rules in the smb.conf.

We always set the smb.conf to force some things:
[datashares]

comment = Company Files
path = /raid/.......
force group = +datashare
read only = No
create mask = 0660
force create mode = 0660
security mask = 0770
directory mask = 0770
force directory mode = 0770
directory security mask = 0770

It seems that you have sort of focused on group permissions rather than
user permissions. I suspect that this is the only approach for CIFS.
Then, all users that should share a volume are a member of that
volume's group. You could, I guess, have a group for each share.

Exactly right Roger.

We had to do that because we had a mix of Windows and Linux machines
on the network, and folks had to share documents in a common
directory. We wanted to maintain owner (creater) info, but still
allow full group access (read/write, etc).

For the user's server based Home directory we used
different permissions of course.

The fact still remains that CIFS does not know what the the user:group
permissions are of the user who has just authenticated. What is clear is
that new files will be created with either:

1. The uid of the user who mounts the share. Or,
2. The uid and gid specified on the mount line.

What I need is this:

mount -t cifs //hh1.com/users /home -o rw,user,uid=$USER,gid=users

but of course $USER is only available after the user has authenticated. Is
there a script that runs immediately after the user has authenticated where
I could place this line?

Thanks.

Duh. Sorry. I would also need an environment variable for password=. Can's see
how to set that although google tells me that it is available somewhere.

x
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx



Relevant Pages

  • Re: [opensuse] cifs files always created as owner root
    ... server, and allow samba to do this via the rules in the smb.conf. ... directory security mask = 0770 ... It seems that you have sort of focused on group permissions rather than ... The uid of the user who mounts the share. ...
    (SuSE)
  • Re: write with cURL
    ... execute permissions. ... of potential security risks from other users on the same server. ... I made this suggestion because their web host appears to run Apache ... risk to allow Apache's group write access, since all PHP scripts ran ...
    (alt.php)
  • RE: Windows 2003 Server - Everyone Group
    ... this folder only accessable by the users in the "special" group. ... Configure User and Group Access on an Intranet in Windows Server ... NTFS files system permissions control ... group that you want to set permissions for, click Check Names to verify the ...
    (microsoft.public.win2000.networking)
  • Fail DBD::Mysql 4.003 installation
    ... This test requires a running server and write permissions. ... permissions, then retry. ... Failed 9/9 tests, 0.00% okay ...
    (perl.dbi.users)
  • Re: write with cURL
    ... execute permissions. ... of potential security risks from other users on the same server. ... I made this suggestion because their web host appears to run Apache ... risk to allow Apache's group write access, since all PHP scripts ran ...
    (alt.php)