Server :: Samba Force Multiple Groups
Jun 21, 2010
I am currently using the following code in order to set a user's primary group in samba.Code: force group = +group.This almost does what I need but I was wondering if it is possible to list multiple groups. Something like this would be exactly what I need.
Code:#If user is in group1 set it as primary group, if in group2 set it as primary.force group = +group1, +group2. Does anyone know if this is possible or if I could use a script to force the primary group?
View 2 Replies
ADVERTISEMENT
Aug 30, 2010
I have a folder, called Vault, that we want to share only with certain people. Because it will contain confidential information.
I want the unix group trustees to have read-only access I want the unix group administrators (and root) to have read/write access
All other users should have no access.
the implementation I have so far is:
folder owner: root:administrators
folder permissions: 770
section from smb.conf
[Code]....
However, this is not working as expected. It currently works as follows:
Normal user: No access (expected) Trustees member: No access (fail. Trustees should be able to read) Administrators member: Read/write access (expected)
View 3 Replies
View Related
May 6, 2010
I am using mount.cifs to mount a remote samba share (both client and server are Ubuntu server 8.04) like this:mount.cifs //sambaserver/samba /mountpath -o credentials=/path/.credentials,uid=someuser,gid=1000.I mounted a user from local system with username and password with mount.cifs but the problem is that the user is part of multiple groups on the remote system and with mount.cifs I can only specify one gid. Is there a way to specify all the gids that the remote user has?
Mount the remote samba with multiple groups on the local system?Browse the mount from 1) with the terminal since I want to pass some files from samba as arguments to local programs.which runs through gvfs; but the newer gnome does not write to disk the ~/.gvfs anymore so I can't browse it in terminal. And the last solution would be NFS but that means that I have to synchronize the uids and gids on the local system with the ones from the server.
View 1 Replies
View Related
Nov 4, 2009
I'm using my Linux (SLES 10) server as a File Server at this point. I need to set File Permissions to nested folders differently to different groups. For example:
homesharedengineering* should be read only for groupA
homesharedengineeringadmin should be read & write for groupB Plus read only for groupA
homesharedengineeringautocad should be read & write for groupC Plus read only for groupA
I've been using Webmin and Putty to set permissions but Putty only allows me the Default Group, it won't allow me to set several groups on the same directory. Webmin seems to allow me to add multiple groups (Webmin --> Others --> File Manager --> Info & ACL tab will provide extended abilities) but when I add multiple groups, they don't seem to take effect? I'm wondering if my setup at the 'Share' level or at the hierarchy of my folder structure (unix based) needs to be set specifically?
View 1 Replies
View Related
Feb 2, 2011
I'm having the following problem:I have a machine logging into Win2003, which is working to authenticate. But when any user logs in, it appears some ID's that do not exist.
Example:
root @ ubuntu: ~ # su - nomades
groups: can not find name for group ID 10003
[code]....
View 1 Replies
View Related
Feb 4, 2010
I have configured a file server with samba and winbind in RHEL5.I am able to allot permission for the active directory groups to my Linux folder.No issues.But i want to set multiple groups of active directory to get ownership to a single directory. Say there are 3 groups a,b,c to have permissions to a folder of the Linux machine.
Code:
chown -R root:Active_directory_group_name path_to_linux directory
I have set
Code:
chmod 770 /myshare
meaning that user and group would have full rights to /myshare
Code:
chown root:a
works great I tried with the option of
Code:
chown -R --reference=/etc/shares_own.txt /myshare
In reference file(shares_own.txt) i gave the entry as
Code:
root:a,b,c
This is not working.
View 7 Replies
View Related
Feb 9, 2011
this is really a brainstorming thread seeking advise on how to setup some samba shares within a small office network. For the quick judgers:
-no I'm not an IT expect and I'm not even the IT at the office, I just fill in this gap too.
-I have looked into several samba 'by example' tutorials - none seems to fit my needs or answer some of my Qs.
So I seek advise from your experience: What do I know:
-the functionality of the setgid to have subfolders inherit the group owner of the parent folder
-the fact that I don't want samba in 'share' level in order to register the owners of files
-the functionality of acls that enables inheritance of rwx permissions to subfoldrs of a parent folder.
- the groupmod -o option but that doesn't help apparently.
So this is a 25ppl civil engineer consulting office. The physical groups of ppl working here are: engineers, drafters (those who generate the drawings , i'm not sure if thats the correct term), and secretaries. The job usually is done in the following way, once a project commences a project folder gets generated and everything is done in there. incoming mail arrives there (secretaries put it there), engineers do they calculations on speadsheets, write reports and do draft drawings and, finally, drafters take the draft drawings and finalize them. So pretty much everyone of these 3 groups needs write access to the main project folder.
How do I accomplish that? as which group should I create the project folders? It came to mind the notion of group of groups. Now that the actual owner of the file is not so important anymore (several engineers will need to have write access to the folder) and group becomes important, it would be nice to have the ability to add... groups (instead of users) to groups! so that the permissions to a group are inherited by its children groups... Does such functionality exist of can it be implemented somehow?
How do I go about giving access to everyone and at the same time, NOT giving up on the 'user' secutiry level of samba (and NOT just giving rwx permission to 'others'? Is it possible? or Should I instead forget about individuals and match the 'physical groups' to 'linux users' and 'groups of groups' to 'linux groups'? ( This means I should give on ownership of files by individuals )? Since its a small office some work is mixed - engineers might pickup incoming email, a secretary might do abit of drafting work etcetc.
View 4 Replies
View Related
Apr 26, 2010
How to create multiple Logical Groups out of a single Physical Volume? Here is the Physical Volume I have created:
Code:
# pvdisplay
--- Physical volume ---
PV Name /dev/sda9
VG Name myVG1
PV Size 54.88 MB / not usable 2.88 MB
Allocatable yes
PE Size (KByte) 4096
Total PE 13
Free PE 11
Allocated PE 2
PV UUID bon4Ao-vmgC-aP1h-EC9X-w3tN-YXNu-0N2dAw
This is how I am creating a Logical Group out of the above Physical Volume:
Code:
# vgcreate myVG1 -s 4m /dev/sda9
Display:
Code:
# vgdisplay
--- Volume group ---
VG Name myVG1
System ID
Format lvm2
Metadata Areas 1
Metadata Sequence No 5
VG Access read/write
VG Status resizable
MAX LV 0
Cur LV 2
Open LV 1
Max PV 0
Cur PV 1
Act PV 1
VG Size 52.00 MB
PE Size 4.00 MB
Total PE 13
Alloc PE / Size 2 / 8.00 MB
Free PE / Size 11 / 44.00 MB
VG UUID O6ljYC-bflz-EUTd-nf34-8gYe-Fh39-Bh3cOg
But I am unable to create one more Logical Group out of this Physical Volume. Can we accomplish it? Or do we always extend our current Logical Group to utilize the available space of a Physical Volume?
View 2 Replies
View Related
Sep 11, 2010
I have setup a Centos5.5 VMWare guest with Samba and Winbind for Active Directory integration, using GUI tools. Authentication works flawlessly, with automatic home directory creation. What I want to achieve now is using local UNIX groups to controll access to shared folders, to avoid bothering AD administrators with groups management. This is my smb.conf global section:
workgroup = COGITANS
password server = domainserver.hq.cogitans.it
realm = HQ.COGITANS.IT
security = ads
[code]....
'finance' is a local UNIX group where I added user 'COGITANSalberto' (I also tried with 'alberto') as a secondary group (primary group is 'domain users' and it cannot be changed). I am sure the user is added, because it is listed in 'getent group'. If I specify user COGITANSalberto in valid users it works, i.e. only that use can access the share, the others get a NT_STATUS_ACCESS_DENIED error. But if I use +finance, access is denied to everybody, and this is the log:
[2010/09/11 14:12:37, 10] smbd/share_access.c:user_ok_token(211)
User COGITANSalberto not in 'valid users'
[2010/09/11 14:12:37, 2] smbd/service.c:make_connection_snum(617)
user 'COGITANSalberto' (from session setup) not permitted to access this share (finance)
[code]....
It seems like winbind cannot recognize finance as a local group. For the same reason, I guess, 'force group = finance' does not work either (files are created with 'domain users' group ownership). My /etc/nsswitch.conf:
passwd: files winbind
shadow: files winbind
group: files winbind
Grants and ownership on the '/repositories/shared/finance' folder are
root:domain users with permissions 775
View 2 Replies
View Related
Mar 2, 2011
How do I configure samba such that AD authentication still works when a DC is down? Do I need multiple kdc, admin_server, and kpasswd_server entries in krb5.conf?
View 3 Replies
View Related
Jan 22, 2010
I'm new to LVM. I use Red Hat and CentOS 5. I'm setting up a database server and I want to setup the local drives for performance. My plan is to have three storage locations, 1st for Linux, 2nd for the application, and 3rd for the data files. Each location will be appropriately redundant. The OS and application drives will be local. Because my goal is to dedicate one spindle for the OS and another for the application, is there a best practice that would say I should create two LVM volume groups.
Each with one logical volume associated with one of the physical partitions or one LVM volume group with two logical volumes each associated with one of the physical partitions? I've read that a physical disk can only belong to one volume group. So if I want to add 70GB to both logical volumes, I could add a single 140GB drive to a single volume group and then add half to each logical volume. If I have two volume groups, I would need to add two additional disks. I may be missing an obvious consideration or be missing a basic concept of LVM.
View 11 Replies
View Related
May 23, 2011
Looking for a way to add multiple groups to a folder. This feature is obviously available in most other platforms (Mac, Windows). Why can't I find any reference to this, or better yet, why doesn't this feature exist?
View 5 Replies
View Related
Aug 7, 2009
I created a user and I want the particular user in multiple groups. How Should I and after creating the user,If I want to delete that user from a particular group.
View 1 Replies
View Related
Jul 3, 2010
I've been searching around the web for help and have been really pulling my hair on this one. I have a Windows 2003 Server w/ AD on it. I have two linux machine, both running the same version of RHEL 5 (compute-1, compute-4)
When I log into compute-1, and do an "id dhuynh", I get this:
uid=1501(dhuynh) gid=1500(domain users) groups=1500(domain users),2013(dusers),1501(certsvc_dcom_access),1507 (BUILTIN+users)
When I log into compute-4, do do the same command, I get this:
uid=1500(dhuynh) gid=1504(domain users) groups=1504(domain users),1505(certsvc_dcom_access),1501(BUILTIN+user s)
Notice that the uid and gid are different. How do I get them to be the same? This is affective the file permissions in certain shared directories. I've check /etc/samba/smb.conf and they are identical. I also check /etc/nsswitch.conf and they are identical too.
View 2 Replies
View Related
Feb 12, 2009
this directory has permissions 750 and is owned by user1 and group user1 I have an admin user that is primarily a part of group admin, but also a part of group user1 what would stop admin from having read and execute permissions on this directory? I'm running clamav and have a clamd daemon running as user admin (I could run it as any user, and I may make a special user later, but I don't want to run it as user1, user2, etc).
I have 2 (technically lots more, but let's just say 2 for now) users, user1 and user2 that have home directories /home/user1 and /home/user2. each is owned and group owned by user1:user1 and user2:user2 respectively with permissions of 750. my admin user is part of groups admin, user1, and user2 I need this to be able to scan my user's directories using the command (is this correct?):
clamdscan --move=/files/quarantine/ --config-file=/etc/clamd.d/adm.conf /home/user1/file
doing this gives the error:
/home/user1/file: lstat() failed. ERROR
If I change the directory permissions to 755, it works fine.Or if I leave the permissions 750 and change the directory group ownership to admin, it works fine. So, why would this be? Obviously it is a permissions issue, but why is it not reading admin as part of the user1 group and allowing the same permissions as it does when making the directory group-owned by admin?
View 7 Replies
View Related
Nov 30, 2010
I have a fileserver that I want to share out samba shares. However, i configured samba to have another netbios (SAN) and my windows box still sees whoopn-SAN which is the name I gave to my server when i installed it. Now I am using 9.10 and I know that i can create a share from the gnome gui in nautilus and that appears to be a windows like share. How can I turn OFF the windows like shares that ubuntu does out of the box and use ONLY samba? I ask because there appears to be a conflict of permissions b/w samba and this stuff.
View 7 Replies
View Related
Mar 10, 2010
I am running Webmin Squid and Dansguardian. Works great. Trying to set up multiple groups now. In the Dansguardian module it has an icon to set up lists and configs for multiple groups. I click it and I get the following:
Global symbol "$debug" requires explicit package name at /usr/share/webmin/dansguardian/setupfiltergroups.cgi line 114.
It repeats this same error message for line 123 138 139 141 302 and 315. I am running Ubuntu 9.10 desktop. Ubuntu is up to date. Not sure if I need another package or not? When I installed Webmin, I installed apt-get install perl libnet-ssleay-perl openssl libauthen-pam-perl libpam-runtime libio-pty-perl libmd5-perl when I set it up, so I am not sure if I need another module or anything to help with the error?
View 2 Replies
View Related
Jul 14, 2009
I have a Samba File Server that can authenticate users in my Windows AD to log into the server. Anyways, I have a good amount of Windows Admins on staff but our org wants to cut budget so our first "slash" as it were is cutting down the actual Windows based File Servers.So my question is, now that I have this test server up and authenticating for logins using Windbind....is there a way I can get system-config-samba to "see" winbind users and groups so that file servers can still be "point and click" for my Windows Admins?
View 3 Replies
View Related
Nov 2, 2010
I have a remote directory shared over NFS called tech with perms set as 0750 and owner set to root:tech. I have 2 groups: tech, and techAdmin. tech can read and execute within tech/. techAdmin can read, write, execute. I have 4 users: user1, user2, user3, user4. user1 and user2 is a member of techAdmin, user3 and user4 are members of tech. simple so far...but wait here's the problem. If user1 creates a file inside tech, user2 cant read or modify it because user1 owns it. Here's a few sites that reference this problem:
[code]....
View 4 Replies
View Related
Feb 5, 2010
I am setting up a samba server to operate in a windows AD domain. I want to set permissions for multiple groups to have different levels of access to one group of files, and it looks to me like unix permissions will not do that? I always hear about how robust linux is, and it seems to me that their file permissions model is WEAK compared to microsoft's?
View 2 Replies
View Related
Sep 2, 2010
when I start my application it creates a message queue and forks a process. The child process reads multicast packets from the network and writes to message queue. The parent process reads packets from message queue and compares source ip and sequence number (it is part of payload) with last 64K packets received to see if it has received a duplicate packet. I am using message queue as a buffer because I do not want child process to drop any packets while it is comparing it with previously received packets. The message queue is large enough to contain 64K packets. To compare the old packets I am using array of structures as circular buffer. During a spike I may receive 100 - 120 packets per milli second.
When I run my application, the parent process keeps up with the child process, I can see that with "ipcs -q". After about 30 seconds it cannot keep up and the size of message queue keeps increasing until it is full. When I run "top" I can see that one CPU/core is hundred percent busy while other 7 cores are idle. It seems that both processes are running on same core and the child process gets interrupts everytime there is a packet on the net and starves the parent process.I am running RHEL 5. The system has 24GB memory and my application is the only application running on it. It is a HP G6 server.
View 3 Replies
View Related
Jan 12, 2011
Have an issue with my CentOS server. I have a fully updated Centos 5.5 server and I have samba set up to serve shares to a couple of groups in my home office. I have it set up to force user/group and force directory create mode 770 and force file mode of 770. This set up works perfectly well for normal connections to the server; no matter who connects, all files and directories are owned by the specified users/group and create modes I specify. The problem is when I try to rsync some files to the same shares. When I do this, rsync ignores the directory/file forced create mode. It will honor the user/group, however. As an example, if I create a directory on one machine connected to the samba share, I get the following:
drwxr-x--- 3 nobody users 0 2010-12-26 20:42 Misc Pics
View 14 Replies
View Related
Feb 4, 2011
I already know of a work around to fix this problem, but I guess my question is why is this not working as expected? I am using a Windows Server 2008 R2 Active Directory for authentication.
I have run auth-client-config for the ldap profile and pam-auth-update. When running getent passwd, I get a list of both the local users and the users in the active directory (with populated information in the Unix schema extension). When running getent group I get a list of both the local groups and the groups in the active directory (with populated information in the Unix schema extension).
Interestingly enough, though, when I run su DOMAINUSER, after the prompt for the password I get an authentication error. In /var/log/auth.log I can see an entry with pam_ldap: missing "host" in file "/etc/ldap.conf". The SRV records in the DNS servers resolve correctly. I've checked this with nslookup and I have seen the records within my zone file. Obviously if the ldap.conf file is working with getent and the ldap server is resolving from the SRV records, it is working fine.
The interesting part is that the Windows Server 2008 R2 AD machine shows in the event viewer that there was a successful authentication, yet the Ubuntu box says no. When I add the host within the ldap.conf file, everything works...getent and the actual authentication, either initial login or su.
[Code]...
View 1 Replies
View Related
Oct 12, 2010
I am currently trying to set up a Samba domain server. In the Samba-HOWTO-Collection I found an
example file.(Point 3.3.3.1) In the explanations of the example below, the author says I need to map UNIX Groups to NT Groups. He writes a shell-script of how one could do it, but when I copy it and then execute it, I get the error:
Bad option: rid=512
Bad option: rid=513
Bad option: rid=514
The other groups do get mapped, just the Domain Admins, Domain Users and Domain Guests dont. This is the shell from the HOWTO:
#!/bin/bash
#### Shell-Skript f ̈r sp ̈tere Verwendung aufbewahren
net groupmap modify ntgroup="Domain Admins" unixgroup=ntadmins rid=512
net groupmap modify ntgroup="Domain Users" unixgroup=users rid=513
net groupmap modify ntgroup="Domain Guests" unixgroup=nobody rid=514
[Code]...
View 2 Replies
View Related
Jun 8, 2010
So i am at the stage of about to install the basic system and am using a derivation of the package management provided by Matthias S. Benkmann. To this end I am using his useradd and groupadd scripts to update the files:
/etc/passwd
/etc/group
My issue is that when I run the commands(created as part of temporary system when installing coreutils):
Code:
/tools/bin/su linux
#then as user
/tools/bin/groups
(here linux is the name of the user) This only returns the user being in the group named after user but not the additional group of 'install' Also, prior to logging in as user, if I use this command as root:
Code:
/tools/bin/groups linux
linux install This then returns that the user is in the correct groups. Lines from relevant files look like:
Code:
#/etc/passwd
linux:x:10000:10000::/usr/src/build:/bin/bash
#/etc/group
[code].....
View 8 Replies
View Related
Feb 8, 2010
I need to know is there any way to record or tracking or make logging if when user samba delete files or folders i can know that, cause sometimeon samba server some users complain they lost files, though i have daily backup and i can restore their files, i just want to know if or maybe some other users in one group accidentally move or delete the files.
View 1 Replies
View Related
Feb 25, 2010
I have a centos 5.4 64-bit machine. I installed the directory server following those steps.
I then added some users using the Centos Management Consolecentos-idm-console -a http://localhost:3890 &
View 3 Replies
View Related
Aug 1, 2010
I have a FTP server (vsftpd), and would like to setup different file permissions for different groups:
-"ftpusers" group should only be able to browse and download.
-"ftpadmins" group should be able to browse, download, AND WRITE (RNFR, RNTO, MKDIR....).
Let's say my main directory is /var/ftp/docs/. It should be accessible by "ftpusers" group, but only writeable by "ftpadmins" group. Other groups or users may not access it. Which permissions and ownership should I give? My problem is that the dir can't be owned by two groups...
View 2 Replies
View Related
Nov 5, 2009
I am trying to set up a samba share, that uses a common group so that all users that connect to it will have write permissions to all files and folders. But I cannot get the "force group" option in smb.conf to work. When I create files on this share, it's using the user's default group, not the group specified with "force group". In smb.conf, I have:
[shared]
path = /ext/shared
writeable = yes
guest ok = yes
[code]....
The strange thing is when I create folders, it works fine, the folders are created with the proper permissions and the group is assigned to it. It is just when creating files that it does not work. I have read through some documentation and other posts, but have been unsuccessful setting this up.
View 1 Replies
View Related
Dec 23, 2010
Is it possible to nest groups so that users can access directories owned by other groups?
View 1 Replies
View Related
