Samba and permissions/share


Results 1 to 9 of 9

Thread: Samba and permissions/share

  1. #1
    Join Date
    Mar 2005
    Location
    US
    Posts
    300

    Smile Samba and permissions/share

    My first post so be gentle with me

    I have a server running samba which all of the PCs are backed up to. I can see all the users directories across the Windows Network, I can add myself using smbpasswd and then I can access my directory on the server, all fine and dandy, I cannot access anybody elses directory, all fine and dandy as thats how I want it, users can only access their own directories. However, there is a directory for our file server whcih I can access and I cannot figure out why I can access this. I've checked smb.conf

    [fileserver]
    path = /mirror/PC/fileserver
    valid users =
    create mask = 0750

    under valid user thet is no entry so how come I have access to this?

    Sorry if I haven't explained that well.

  2. #2
    Join Date
    Mar 2002
    Location
    Pennsylvania, USA
    Posts
    1,713
    The default setting for the valid users option is to be left blank. This means there is no list of valid users, everyone has access. This is what you have in your share definition. The man page on the smb.conf file explains this.

    If you actually wanted to block access to the share to everyone the best solution is to stop sharing the directory.
    If God hadn't meant for us to use GUI tools, there wouldn't have been a Xerox PARC.

  3. #3
    Join Date
    Mar 2005
    Location
    US
    Posts
    300
    Thanks for the quicky reply.

    I originally had myself listed as a valid user, but still had the same problem so I then removed myself and it made no difference. I keep trying things I guess.

  4. #4
    Join Date
    Aug 2001
    Location
    Somewhere, Texas
    Posts
    9,627
    Did you restart the smb services? (smb and nmb)

    Samba is very tricky and can be a pain, at best

    Here's my smb.conf which has a public share for everyone and a private share where only one user has access to. It's mostly default, I should really clean it up but it is only a small home internal network

    [global]
    workgroup = ARRAKIS
    server string = Samba Server %v
    printcap name = cups
    load printers = yes
    printing = cups
    printer admin = @adm
    log file = /var/log/samba3/log.%m
    max log size = 50
    map to guest = bad user
    security = user
    encrypt passwords = yes
    smb passwd file = /etc/samba/private/smbpasswd
    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    dns proxy = no
    default case = lower
    case sensitive = no

    [homes]
    comment = Home Directories
    browseable = yes
    writable = yes

    [printers]
    comment = All Printers
    path = /var/spool/samba
    browseable = no
    guest ok = yes
    writable = no
    printable = yes
    create mode = 0700

    [print$]
    path = /var/lib/samba/printers
    browseable = yes
    read only = yes
    write list = @adm root
    guest ok = yes

    [tmp]
    comment = Temporary file space
    path = /stuff
    read only = no
    public = yes

    [icarus]
    comment = Icarus place
    path = /home/icarus
    valid users = icarus
    public = no
    writable = yes
    printable = no


    And when the server is querried using smbclient...
    Code:
    icarus@Daedalus icarus $ smbclient -L //10.1.1.5/
    Password:
    Anonymous login successful
    Domain=[ARRAKIS] OS=[Unix] Server=[Samba 3.0.10]
    
            Sharename       Type      Comment
            ---------       ----      -------
            homes           Disk      Home Directories
            print$          Disk
            tmp             Disk      Temporary file space
            icarus          Disk      Icarus place
            IPC$            IPC       IPC Service (Samba Server 3.0.10)
            ADMIN$          IPC       IPC Service (Samba Server 3.0.10)
    Anonymous login successful
    Domain=[ARRAKIS] OS=[Unix] Server=[Samba 3.0.10]
    
            Server               Comment
            ---------            -------
            MINOS                Samba Server 3.0.10
    
            Workgroup            Master
            ---------            -------
            ARRAKIS              MINOS
            MSHOME               LUNY2NY
    Obviously I have an unconfigured WinXP on the network that I need to get off my arse and fix someday

  5. #5
    Join Date
    Mar 2005
    Location
    US
    Posts
    300
    I've now fixed it. It just seems to take a minute or two to click over. I've more or less got it set-up as a I wanted. Each user can browse the backup shares at a top level, but only have access to their share, after entering a password. I've added my username as a valid users for the file server so I can see the file server backups. Ideally I would have liked to have certain shares only visible to certain users, not an all or nothing approach i.e. certain shares are invisible to certain users.

    I use rsync on the PCs to backup to the mirror server at night (crontab). It's working as sweet as nut at the moment, I now have a bunch of happy users!

    Yep - Samba does seem a bit of a trick beast to tame, lots of parameters to fiddle with!!
    Last edited by fishface; 03-03-2005 at 10:49 AM.

  6. #6
    Join Date
    Aug 2001
    Location
    Somewhere, Texas
    Posts
    9,627
    I believe you can setup samba groups and add users to those groups to do what you want. It's been a while since I've read the samba manual (early version 2 I think )

    This should help with all of that...
    http://k12linux.mesd.k12.or.us/using_samba/ch06_01.html

  7. #7
    Join Date
    Mar 2005
    Location
    US
    Posts
    300
    Thanks for the link. Have to admit I'm running Samba2.2.3a on the mirror server and an even older version on another server. Would upgrading to Samba3 be useful? I know it has extra security and stuff, but at the moment I working on the principal "if ain't broke don't fix it"

  8. #8
    Join Date
    Aug 2001
    Location
    Somewhere, Texas
    Posts
    9,627
    If it ain't broke, tweak it until it is!

    If 2.2 is working good for you, leave it
    but look into 3 to see if there is anything you can gain from using it

  9. #9
    Join Date
    Mar 2002
    Location
    Pennsylvania, USA
    Posts
    1,713
    Even with Samba 3 you won't be able to make it so only certain users can see the share on the network. It's all or nothing there.
    You can, of course, restrict access to the share to only certain users.

    If you're on a closed secure network, there would be no need to upgrade if Samba is working the way you want. However, there have been a lot of security issues fixed since 2.2.3. You could look at the Samba change logs on the Samba.org site if it's something that concerns you.
    If God hadn't meant for us to use GUI tools, there wouldn't have been a Xerox PARC.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •