-
Samba and permissions/share
My first post so be gentle with me
I have a server running samba which all of the PCs are backed up to. I can see all the users directories across the Windows Network, I can add myself using smbpasswd and then I can access my directory on the server, all fine and dandy, I cannot access anybody elses directory, all fine and dandy as thats how I want it, users can only access their own directories. However, there is a directory for our file server whcih I can access and I cannot figure out why I can access this. I've checked smb.conf
[fileserver]
path = /mirror/PC/fileserver
valid users =
create mask = 0750
under valid user thet is no entry so how come I have access to this?
Sorry if I haven't explained that well.
-
The default setting for the valid users option is to be left blank. This means there is no list of valid users, everyone has access. This is what you have in your share definition. The man page on the smb.conf file explains this.
If you actually wanted to block access to the share to everyone the best solution is to stop sharing the directory.
If God hadn't meant for us to use GUI tools, there wouldn't have been a Xerox PARC.
-
Thanks for the quicky reply.
I originally had myself listed as a valid user, but still had the same problem so I then removed myself and it made no difference. I keep trying things I guess.
-
Did you restart the smb services? (smb and nmb)
Samba is very tricky and can be a pain, at best
Here's my smb.conf which has a public share for everyone and a private share where only one user has access to. It's mostly default, I should really clean it up but it is only a small home internal network
[global]
workgroup = ARRAKIS
server string = Samba Server %v
printcap name = cups
load printers = yes
printing = cups
printer admin = @adm
log file = /var/log/samba3/log.%m
max log size = 50
map to guest = bad user
security = user
encrypt passwords = yes
smb passwd file = /etc/samba/private/smbpasswd
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = no
default case = lower
case sensitive = no
[homes]
comment = Home Directories
browseable = yes
writable = yes
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = yes
writable = no
printable = yes
create mode = 0700
[print$]
path = /var/lib/samba/printers
browseable = yes
read only = yes
write list = @adm root
guest ok = yes
[tmp]
comment = Temporary file space
path = /stuff
read only = no
public = yes
[icarus]
comment = Icarus place
path = /home/icarus
valid users = icarus
public = no
writable = yes
printable = no
And when the server is querried using smbclient...
Code:
icarus@Daedalus icarus $ smbclient -L //10.1.1.5/
Password:
Anonymous login successful
Domain=[ARRAKIS] OS=[Unix] Server=[Samba 3.0.10]
Sharename Type Comment
--------- ---- -------
homes Disk Home Directories
print$ Disk
tmp Disk Temporary file space
icarus Disk Icarus place
IPC$ IPC IPC Service (Samba Server 3.0.10)
ADMIN$ IPC IPC Service (Samba Server 3.0.10)
Anonymous login successful
Domain=[ARRAKIS] OS=[Unix] Server=[Samba 3.0.10]
Server Comment
--------- -------
MINOS Samba Server 3.0.10
Workgroup Master
--------- -------
ARRAKIS MINOS
MSHOME LUNY2NY
Obviously I have an unconfigured WinXP on the network that I need to get off my arse and fix someday
-
I've now fixed it. It just seems to take a minute or two to click over. I've more or less got it set-up as a I wanted. Each user can browse the backup shares at a top level, but only have access to their share, after entering a password. I've added my username as a valid users for the file server so I can see the file server backups. Ideally I would have liked to have certain shares only visible to certain users, not an all or nothing approach i.e. certain shares are invisible to certain users.
I use rsync on the PCs to backup to the mirror server at night (crontab). It's working as sweet as nut at the moment, I now have a bunch of happy users!
Yep - Samba does seem a bit of a trick beast to tame, lots of parameters to fiddle with!!
Last edited by fishface; 03-03-2005 at 10:49 AM.
-
I believe you can setup samba groups and add users to those groups to do what you want. It's been a while since I've read the samba manual (early version 2 I think )
This should help with all of that...
http://k12linux.mesd.k12.or.us/using_samba/ch06_01.html
-
Thanks for the link. Have to admit I'm running Samba2.2.3a on the mirror server and an even older version on another server. Would upgrading to Samba3 be useful? I know it has extra security and stuff, but at the moment I working on the principal "if ain't broke don't fix it"
-
If it ain't broke, tweak it until it is!
If 2.2 is working good for you, leave it
but look into 3 to see if there is anything you can gain from using it
-
Even with Samba 3 you won't be able to make it so only certain users can see the share on the network. It's all or nothing there.
You can, of course, restrict access to the share to only certain users.
If you're on a closed secure network, there would be no need to upgrade if Samba is working the way you want. However, there have been a lot of security issues fixed since 2.2.3. You could look at the Samba change logs on the Samba.org site if it's something that concerns you.
If God hadn't meant for us to use GUI tools, there wouldn't have been a Xerox PARC.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|