> Friday, March 05, 2004 11:46 AM, Ryan Duff said... > > this is what the share looks like in my samba.conf file > > [music] > valid user = ryan > path = /mnt/music > create mode = 0777 > directory mode = 777 > browseable = yes > comment = music > writeable = yes > > encrypt passwords is set to yes and security is set to share > > there is also a homes share > > [homes] > comment = Home Directories > browseable = yes > writeable = yes > > The shares show up in network neighborhood but when I click > on them it > tells me I don't have permission to access the share. My > windows user and > password match my linux user/pass and samba user/pass. Any more > suggestions. Your share definitions look good, but you should change browsable to no in the homes definition. You should also change the security setting to user. Then make sure your directory permissions are set correctly. In user security mode, file and directory access are actually controlled by linux, not samba. There are ways to use samba to fool the OS and manage security itself, but I've found that's much more trouble than it's worth. Home directories should be owned by their respective users. The group should be the same as the user. Permissions should be 700 or rwx------. Your other share should also be owned by you and your group with the same permissions. Public shares should be owned by user nobody, a group of your own choosing (I usually use users) and you should make sure all smb users are included in that group. File permissions should be 777 or rwxrwxrwx. Group shares should have an appropriate user and group. I usually create a dummy user so I get both the user and the group, but you could just as easily make the owner nobody and create a special purpose group. Make sure the appropriate users are group members and then set the permissions to 770 or rwxrwx---. Managing your access this way also means you don't need valid user lists in your share definitions. You can also manage the visibility of yor shares. Users who don't have read and excute permissions on a shared directory won't see the share. (They may be able to get to it if they explicity code it's path, but if they don't have complementary permissions they won't be able to do anything with it. I'm still experimenting on making shares users don't have access to truly invisible to them while still allowing selective access. Watch this space, more on this later...) Eric Diamond eDiamond Networking & Security 303-246-9555 eric@xxxxxxxxxxxx
