more samba woes

[Ryan Duff]

On Fri, 5 Mar 2004 14:55:47 -0700, Eric Diamond <eric at ediamond.net> wrote:

>
>
>> Friday, March 05, 2004 11:46 AM, Ryan Duff said...
>>
>> this is what the share looks like in my samba.conf file
>>
>> [music]
>> 	valid user = ryan
>> 	path = /mnt/music
>> 	create mode = 0777
>> 	directory mode = 777
>> 	browseable = yes
>> 	comment = music
>> 	writeable = yes
>>
>> encrypt passwords is set to yes and security is set to share
>>
>> there is also a homes share
>>
>> [homes]
>> 	comment = Home Directories
>> 	browseable = yes
>> 	writeable = yes
>>
>> The shares show up in network neighborhood but when I click on them it 
>> tells me I don't have permission to access the share. My windows user 
>> and password match my linux user/pass and samba user/pass. Any more 
>> suggestions.
>
> Your share definitions look good, but you should change browsable to no 
> in
> the homes definition. You should also change the security setting to 
> user.
> Then make sure your directory permissions are set correctly.
>
> In user security mode, file and directory access are actually controlled 
> by
> linux, not samba. There are ways to use samba to fool the OS and manage
> security itself, but I've found that's much more trouble than it's worth.
>
> Home directories should be owned by their respective users. The group 
> should
> be the same as the user. Permissions should be 700 or rwx------.
>
> Your other share should also be owned by you and your group with the same
> permissions.
>
> Public shares should be owned by user nobody, a group of your own 
> choosing
> (I usually use users) and you should make sure all smb users are included 
> in
> that group. File permissions should be 777 or rwxrwxrwx.
>
> Group shares should have an appropriate user and group. I usually create 
> a
> dummy user so I get both the user and the group, but you could just as
> easily make the owner nobody and create a special purpose group. Make 
> sure
> the appropriate users are group members and then set the permissions to 
> 770
> or rwxrwx---.
>
> Managing your access this way also means you don't need valid user lists 
> in
> your share definitions. You can also manage the visibility of yor shares.
> Users who don't have read and excute permissions on a shared directory 
> won't
> see the share.
>
> (They may be able to get to it if they explicity code it's path, but if 
> they
> don't have complementary permissions they won't be able to do anything 
> with
> it. I'm still experimenting on making shares users don't have access to
> truly invisible to them while still allowing selective access. Watch this
> space, more on this later...)
>
> Eric Diamond
> eDiamond Networking & Security
> 303-246-9555
> eric at ediamond.net
>
>
>

I changed the security level to share and now my folder shows up, I'll 
change browseable to no on the homes share b/c I don't need to see that but 
I guess I need to check my permissions on my music folder because it still 
won't let me access that. I think I'm on the right track tho.

I just tried a chown -R ryan music and it told me operation not permitted. 
I was logged in as root and it says the owner and group are root. any 
suggestions on that one?

Thanks for the help.