Re: more samba woes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 5 Mar 2004 14:55:47 -0700, Eric Diamond <eric@xxxxxxxxxxxx> wrote:



Friday, March 05, 2004 11:46 AM, Ryan Duff said...

this is what the share looks like in my samba.conf file

[music]
	valid user = ryan
	path = /mnt/music
	create mode = 0777
	directory mode = 777
	browseable = yes
	comment = music
	writeable = yes

encrypt passwords is set to yes and security is set to share

there is also a homes share

[homes]
	comment = Home Directories
	browseable = yes
	writeable = yes

The shares show up in network neighborhood but when I click on them it tells me I don't have permission to access the share. My windows user and password match my linux user/pass and samba user/pass. Any more suggestions.

Your share definitions look good, but you should change browsable to no in
the homes definition. You should also change the security setting to user.
Then make sure your directory permissions are set correctly.


In user security mode, file and directory access are actually controlled by
linux, not samba. There are ways to use samba to fool the OS and manage
security itself, but I've found that's much more trouble than it's worth.


Home directories should be owned by their respective users. The group should
be the same as the user. Permissions should be 700 or rwx------.


Your other share should also be owned by you and your group with the same
permissions.

Public shares should be owned by user nobody, a group of your own choosing
(I usually use users) and you should make sure all smb users are included in
that group. File permissions should be 777 or rwxrwxrwx.


Group shares should have an appropriate user and group. I usually create a
dummy user so I get both the user and the group, but you could just as
easily make the owner nobody and create a special purpose group. Make sure
the appropriate users are group members and then set the permissions to 770
or rwxrwx---.


Managing your access this way also means you don't need valid user lists in
your share definitions. You can also manage the visibility of yor shares.
Users who don't have read and excute permissions on a shared directory won't
see the share.


(They may be able to get to it if they explicity code it's path, but if they
don't have complementary permissions they won't be able to do anything with
it. I'm still experimenting on making shares users don't have access to
truly invisible to them while still allowing selective access. Watch this
space, more on this later...)


Eric Diamond
eDiamond Networking & Security
303-246-9555
eric@xxxxxxxxxxxx




I changed the security level to share and now my folder shows up, I'll change browseable to no on the homes share b/c I don't need to see that but I guess I need to check my permissions on my music folder because it still won't let me access that. I think I'm on the right track tho.


I just tried a chown -R ryan music and it told me operation not permitted. I was logged in as root and it says the owner and group are root. any suggestions on that one?

Thanks for the help.




[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux