Shouldn't that be: valid users = @ipc ?? Eric Cope wrote: > Sorry for the late reply: > > The Linux permissions include: > > /ipc group:ipc user:ipc > > /ipc/ipc group:ipc user: ipc > /ipc/cbs group: cbs user:cbs > > Two companies (IPC, CBS) get each folder. IPC employees don't need > access to cbs, but cbs needs access to ipc. I created CBS users and > added them to the cbs group, the ipc group, and the ipc-users group. I > chmoded everything to 770. The users didn't have access. Below are my > samba settings > > [ipc] > path = /ipc > read only = no > create mask = 0775 > valid users = @ipc-users > > If I chmod to 777, they have access, if they change it to 770, they > don't, making me thing I don't have the groups properly setup. if I run > "groups ", it shows the correct groups added. > > Thanks, > Eric > > On Fri, Mar 13, 2009 at 8:38 PM, keith smith > wrote: > > > My configuration looks slightly different > > [bill] > path = /work/bill > writeable = yes > browseable = yes > valid users = bill > > The directory is owned by bill:bill with permissions at 755 which I > think is the default permissions. > > If I recall correctly when you try to map the drive in Windows you > will be promoted for the password. And every time there after. > > > ------------------------ > Keith > > > --- On *Fri, 3/13/09, Lisa Kachold / >/* wrote: > > From: Lisa Kachold > > Subject: RE: Samba Permissions > To: plug-discuss@lists.plug.phoenix.az.us > > Date: Friday, March 13, 2009, 7:14 PM > > > Eric Wrote: > > Hello all, > I have a FreeBSD box running Samba. I have the permission set to > 0770 so anyone in the group can read, write, or execute. I can > create files via the shell. However, I can't write anything > without 777 permissions. Any ideas? I'd rather not leave > permissions like that. > Thanks, > Eric > > Lisa responds: > > > > > A complete discussion of SAMBA permissions, like all security is > going to have to be in context. I.E. do you have shell users on > this box? What are you sharing and how do you need to limit it? > > Generally what escapes people starting to play with SAMBA is > that security is two tiered: > > (a) Linux *system permissions take precedence over Samba > permissions*. For example if a directory does not have Linux > write permission, setting samba writeable = Yes (see below) will > not allow to write to shared directory / share. (b) The > *filesystem permission cannot be take priority over Samba > permission.* For example if filesystem mounted as readonly > setting writeable = Yes will not allow to write to any shared > directory or share via samba server. > In short: > Limits set by kernel-level access control such as file > permissions, file system mount options, ACLs, and SELinux > policies cannot be overridden by Samba. Both the kernel and > Samba must permit the user to perform an action on a file before > that action can occur. > > > Samba Share Permission HowTo: > > Samba Basic permissions are as follows (configuration file is > smb.conf [/etc/samba/smb.conf]): > > * *read only*: This parameter controls whether an user has > the ability to create or modify files within a share. This > is default. > * *guest ok*: Uf this parameter is set to yes, the users > will have access to the share without > having to enter a password. This can pose security risk. > * *writeable*: Specifies users should have write access to > the share. > > You can create the share called "foofiles" with read only permission > || > |[foofiles] > path = /usr/share/docs > read only = Yes > | > You can create the share called salesdoc with write permission > |[salesdoc] > path = /home/shared/sales > writeable = Yes > | > You can also create a list of users to give write access to the > share with *write list* option. For example allow rocky and tony > to write to the share called sales: > |[salesdoc] > path = /home/shared/sales > write list = rocky tony > | > You can use following options > > * *read list*: This option accepts a list of usernames or a > group as its value. Users will be given read-only access > to the share. > * *valid users*: You can make a share available to specific > users. Usernames or group names can be passed on as its value. > * *invalid users*: Users or groups listed will be denied > access to this share. > > > Samba masks: > > Specify samba default file creation permission using mask. > > * *create mask*: This option is set using an octal value > when setting permissions for files. > * *directory mask*: Directories must have the execute bit > for proper access. Default parameter is 0755. > > | > [salesdoc] > path = /home/shared/sales > write list = rocky sys > create mask = 0775| > > excerpted from: > http://www.cyberciti.biz/tips/how-do-i-set-permissions-to-samba-shares.html > > *ERIC: Post your configuration with a complete diagram of > your network and use? * > > Nosis | Obnosis > | (503)754-4452 > PLUG Linux Security Labs > 2nd Saturday Each Month@Noon - 3PM > > ------------------------------------------------------------------------ > Express your personality in color! Preview and select themes for > HotmailĀ®. See how. > > > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > -- -Eric 'shubes' --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss