[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SMB Permissions



David Frascone wrote:
> 
> I have been running samba for some time, but I can't seem to get
> permissions right for the following:
> 
> My file server has two users, me and my wife.  I'd like to make 3
> shares, plus a home directory:
> 
> /media (rw to me and my wife, ro for guests)
> /public (rw to me and my wife, ro for guests)
> /private (rw to me and my wife, no other access)
> 
> And, normal (rw) to owners of /home/USER.
> 
> However, I run into tons of permissions problems when I create a file,
> and she reads it, and vice versa.
> 
> So, the actual questions:
> 
> 1) How do I implement a "guest" account?  Make a third account?
> 2) Is there any way to have both accounts (mine and my wife) create
> files with permissions 777 when we write to shared space, but normal
> permissions (700) when we write to our home directories?
> 
> Guess that's about it.  Thanks in advance,
> 
> 
1: The guest account is mapped to user nobody by default. I usualy
create a user pcguest and mape guest to that. I give that user a
group that will be able to read the files Samba is going to share.
You have to be carefull, because even if Samba gives access, the
user and group IDs used still have to have permission to access the
files. (You can use force user and force group to get around this.)
Samba access permissions are normally on top of the file system
permissions.

# Uncomment this if you want a guest account, you must add this to
/etc/passwd
# otherwise the user "nobody" is used
  guest account = pcguest

2: You can control the permissions used by Samba on any share.
Running man smb.conf will show you all the different options for the
shares. The force create mode and force directory mode are probably
the options you want.

Another way to share files is to directory owned samba works, and
use force user = samba on the share so that all files/directories
will be owned by samba. You can then use the write list = to limit
writing to you and your wife. The disadvantages to this is that you
will not be able to tell when create the file/directory without
looking at the Samba logs, and you may not be able to access then
with your normal account when logged into the machine...

Mikkel
-- 

  Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]