Re: FC3 - trying to join a Windows Workgroup

From: Ivan Marsh (annoyed_at_you.now)
Date: 05/17/05

  • Next message: sachindrasingh_at_gmail.com: "Need to know the bad block number." 
    Date: Tue, 17 May 2005 11:11:17 -0500

    On Tue, 17 May 2005 03:10:49 +0000, Leythos wrote:

    > In article <pan.2005.05.16.18.07.54.54199@you.now>, annoyed@you.now
    > says...
    >>
    >> Assuming all this has been done you shouldn't be able to tell the
    >> difference between your SAMBA server and any Windows box on your network
    >> (except maybe the SAMBA server doesn't fail quite as much... sorry, had to.)
    >>
    >> Beyond this you're out of the normal *gotcha* stuff for SAMBA and some
    >> detail troubleshooting will have to be done.
    >>
    >> Once you have this working I'll be happy to work out the: "well, now I can
    >> see the share but it always says access denied" question.
    >
    > Thanks for all the info. I have Windows 2003 servers that I'm trying to
    > access using my FC3 box, so it's not really a work group, but I
    > understand the idea.

    Workgroup/Domain... it's the same thing to anything that can't register
    itself in active directory.
     
    > I can use the netbios name instead of the DNS name, the FC3 box can ping
    > the server by name without any problem, I can get a full list of shares
    > and folders and even files, but when I double click on a document it
    > gives me a permission error.

    Okay... at this point you need to start thinking about SAMBA the same way
    you think about making shares under Windows.

    I'm assuming you've created the account mapping necessary with smbpasswd.
    If that mapping isn't there nothing is going to work right.

    Share permissions != filesystem permissions.

    If, under Windows, you create a share "test" that shares c:\tempdir and
    give the TESTSHARE group rights to the share, you still can't do anything
    with that share, even if you're a member of the TESTSHARE group, unless
    the TESTSHARE group has filesystem rights to c:\tempdir.

    The same is true of SAMBA.

    Creating a share under SAMBA:

    [myfiles]
       comment = test share
       browseable = yes
       path = /var/myfiles
       valid users = @users
       public = no
       writeable = yes
       printable = no
       create mask = 0660
       directory mask = 0770

    You can control read/write permissions to the share with the share...
    But you cannot give someone rights to the filesystem with the share.

    In this example if the group "users" doesn't have filesystem access to the
    /var/myfiles directory members of the "users" group still have no rights
    to the share.

    So, if /var/myfiles has permissions/ownership "drwxrwx--- root:root" you
    won't be able to get to the share even if you're a member of "users".

    I set up my SAMBA shares so they have the permissions/ownership they need
    and so they will maintain that p/o in all the subdirectories when new
    files/dirs are created.

    The /var/myfiles directory would then need to be "drwxrws--- root:users".

    If you're not familiar with the "s" in the directory permissions that's
    the SGID flag. Set it with chmod g+s <directory>. That flag means all
    directories created under that directory will keep the group ownership of
    the parent directory.

    With those permissions set and the create/directory mask entries in the
    shares all new files and dirs written to the share will maintain the
    correct p/o and file rights.

    Dropping a file into that share from Windows will create the file with the
    p/o "rw-rw---- <your user name>:users" and a new directory will be
    created as "drwxrws--- <your user name>:users" which is what you want.

    If the rights aren't set up to maintain proper p/o and file rights you
    will end up in a position where you can write a file to a share but then
    you and/or others in your group have no rights to the file because the
    file would end up marked with permissions from your default UMASK and will
    belong to <your user name>:<your personal group>. Which means you will
    still be able to get to the file but no one else from the "users" group
    will be able to.

    This may seem confusing at first but it's exactly the same way Windows
    works... it just seems like it isn't. 

    -- 
Life is short, but wide. -KV
  • Next message: sachindrasingh_at_gmail.com: "Need to know the bad block number."

    Relevant Pages

    • Re: file server
      ... Access Based Enumeration is available with W2K3 SP1. ... * This posting is provided "AS IS" with no warranties and confers no rights! ... In Windows, you must explicitly share a directory for it to become ... you only see directories and files you have permissions for. ...
      (microsoft.public.windows.server.active_directory)
    • Re: ubuntu xp vmware cluster f...er...filesharing
      ... used VMware shared folders and SAMBA in the past with no problems. ... problem as I need to store all of my project files on XP because that's ... VMware shared folders do not preserve user ID and permissions of the ... Unix and Windows NT/XP is dramatically different. ...
      (Ubuntu)
    • Re: Help: How to restore to default NTFS security/file permissions
      ... For starters, I am unable to run System Restore, User Groups, Windows ... Win Explorer, the little dog appears but that's about it. ... uninstalling AVG but I didnt have the rights to do so. ... Then I changed the permissions of the AVG directory and I could delete ...
      (microsoft.public.windowsxp.general)
    • Re: FC3 - trying to join a Windows Workgroup
      ... > Share permissions!= filesystem permissions. ... > give the TESTSHARE group rights to the share, ... > The same is true of SAMBA. ...
      (linux.redhat.misc)
    • Re: Determining Users Effective Rights
      ... thanks for the reply - PERMISSIONS only works for the ... only shows the Roles' rights. ... >> I am using Windows 2000 and SQL Server 2000 in Windows ...
      (microsoft.public.sqlserver.security)
    Loading