In my /var/www directory, I have everything set up with: user: www-data group: developers directories: chmod 570 files: chmod 460
Everything seems fine. Users from the developers group can edit files and all, but now we began using the Git repository, and whenever a user edits a file (ie. Joe who is a developer,) file permissions get screwed again. Now they're: user: Joe group: Joe directories: chmod 755 files: chmod 644 How can I fix this so permissions remain the same?
i want secondary users can able to change the files permissions of primary group?user MAC is having www as a primary and httpd as secondary group. But he want to change the file permissions (chmod) httpd group files. Is it possible or not? I think its not possible. If it`s possible then let me know how?
I am working as a Linux administrator in a very small data centre with 5 servers with following routine tasks.
1. Managing SAMBA shares and giving user specific access for the shares. 2. Scheduling backup of some mount points with rsycn to store data in remote hard disk 3. User and group administration, with sudo access. 4. Creating and Managing Xen Virtual machines and giving access to other project teams. 5. Automating some tasks with Shell Scripting. 6. Managing FTP server for user uploads.
I have practiced a lot in my home laptop without RHEL training, Cleared RHCE and LPIC1. I want to do some advanced system admin tasks, but do not have option in my current data centre. With Above skills is it possible to get a job ?
I've a few group shares setup with samba and a PDC (using windows 7 clients) and the home directory for each user gets mounted automatically. I've configured group shares and only members of the respective group have access to them, but my question is how do I tell samba to automount group shares based on the user group?
this is really a brainstorming thread seeking advise on how to setup some samba shares within a small office network. For the quick judgers:
-no I'm not an IT expect and I'm not even the IT at the office, I just fill in this gap too. -I have looked into several samba 'by example' tutorials - none seems to fit my needs or answer some of my Qs.
So I seek advise from your experience: What do I know:
-the functionality of the setgid to have subfolders inherit the group owner of the parent folder -the fact that I don't want samba in 'share' level in order to register the owners of files -the functionality of acls that enables inheritance of rwx permissions to subfoldrs of a parent folder. - the groupmod -o option but that doesn't help apparently.
So this is a 25ppl civil engineer consulting office. The physical groups of ppl working here are: engineers, drafters (those who generate the drawings , i'm not sure if thats the correct term), and secretaries. The job usually is done in the following way, once a project commences a project folder gets generated and everything is done in there. incoming mail arrives there (secretaries put it there), engineers do they calculations on speadsheets, write reports and do draft drawings and, finally, drafters take the draft drawings and finalize them. So pretty much everyone of these 3 groups needs write access to the main project folder.
How do I accomplish that? as which group should I create the project folders? It came to mind the notion of group of groups. Now that the actual owner of the file is not so important anymore (several engineers will need to have write access to the folder) and group becomes important, it would be nice to have the ability to add... groups (instead of users) to groups! so that the permissions to a group are inherited by its children groups... Does such functionality exist of can it be implemented somehow?
How do I go about giving access to everyone and at the same time, NOT giving up on the 'user' secutiry level of samba (and NOT just giving rwx permission to 'others'? Is it possible? or Should I instead forget about individuals and match the 'physical groups' to 'linux users' and 'groups of groups' to 'linux groups'? ( This means I should give on ownership of files by individuals )? Since its a small office some work is mixed - engineers might pickup incoming email, a secretary might do abit of drafting work etcetc.
I am trying to set up a Samba share on one of my machines where I am the owner and a special group manages permissions for read-only access ( me:specialgroup ). If I log into the share as me, there is no problem (I have read/write privs as per usual). However, I am not able to log into the share using any of the group members (there is only one currently). That user is not able to access the share (failed to mount).
The folder (which is the share) is owned by me:specialgroup and the permissions have been forced down the folder. Samba is set to Share this folder with no guest or others write access.
This is a interesting confusing problem.Ok I have group with 3 users.I have a folder in /home with owner as root, and group that has read/write permissions.However if a user opens up a file and saves it via samba, the owner changes to the user, and the group members only have read permissions on the file.
I am the IT Manager at a research facility. We have a fairly unique network configuration in order to support all of the different projects we have going on. We have Red Hat, Ubuntu, Windows XP/Vista/7, Windows Servers 2003, Ubuntu servers, Red Hat servers, and even a few Netgear ReadyNAS and Buffalo Terastations. Over the last few years, I have been migrating all of my users and accounts to a single ACL list, which I chose to be a Windows AD 2003 server. 95% of my users work on Windows platforms and just use ssh tunnels to develop on our linux boxes.
However, i ran in to a problem with our Linux boxes not being able to symbolic link on my Windows 2003 file shares. Of course, this is a problem with Windows not supporting symbolic links. I know 2008 does support this feature, but given the economy and the budget restraints, we cannot afford to purchase the updates we would need, so now I am moving all of my shares to a Ubuntu 10.04 server using Samba. I have joined the server to my AD domain successfully, i can login using my AD credentials, and even assign ownership and group permissions using AD users/groups.
Here is my question.
I would like to keep the AD permission schemes intact. I have several shares that contain folders that have individual permission settings. For example, I have a /shared directory that contains about 50 different folders. Some of these folders I allow my users to write data to, some just read, and others I deny access to complete groups and just allow key groups to access (for example, personnel data should only be accessed by the Administrative staff).
Is there a way to make this work?
I can assign uid and gid manually per folder in Samba, but i would like to have the possibility to add multiple users and groups with permissions to folders, which I do not believe can be done with the standard chown commands. Currently, I can see the folder permissions from my Windows box, but when I try to edit the permission settings, it defaults back to full access. So my AD permissions are not being saved.
I have a Natty headless server that I would like to set up shared directories and grant specific users write permissions. I use a Windows 2008 R2 machine with Active Directory for authentication and have created a group GroupWithWriteAccess which I want to have write access to the shared directory. I want all other users to have read only access. I have edited my smb.conf file with the following
The machine is fully setup to work with Windows authentication and I can access shares from the ubuntu machine, it's just sharing local directories with the correct permissions that I can't work out. So far I can access the files from my other machine, but I do not have write access even though I am logged on as a user who is a member of GroupWithWriteAccess.
I have a user community of about 2000 users and a samba server running on AIX that currently hosts a read-only share for the whole company.
[Released] path = /mypath guest ok = Yes
But now I have been requested to make this share available as read-only for some users and completely inaccessible to everyone else. The number of users who will have access is probably a few hundred and I expect users to be added/removed on a daily basis. Some of the users have unix logins, while others do not. Because of this, I hesitate to mess with user mapping because I would have to manage this every day, unless I do something with a script.
Can someone suggest a scheme I can use to deny everyone except for certain users without having to use user mapping?Someone here in my office suggested we use hosts allow or deny, since the users who will still have access are located on the same subnet. However, there is a distinct possibility that a small number of people on a few other subnets will need access. Is there a way I can specify hosts allow but still allow specific users from other subnets?Forgive me if this question has been asked before. I'm sure it must have been, but I am having trouble doing a search of the archives that will give me advice about this particular problem.
I have a couple of user accounts where each member belongs to a group i have created: Each user access the share using their own user account credentials. How can I configure Samba in a way so that each modification done on the share gets the owner of the user and my group instead of the user and the users own group? I would also like the access rights to be 770 to each modification.
In other words, today each modification by "userA" get the owner "userA.userA" and I would like it to be "userA.MyGroup" with "rwxrwx---" permissions.
The current situation:there is a samba PDC with ~50 XP workstations, all working fine for the last two years.The goal:Cycle older hardware back into production by installing ubuntu on them. These workstations must authenticate against the domain, and must automatically mount a public, a user, and a department share that contains folders with various group permissions.The added challenge:Since the office where this lan is located is closed for the next week or so, the ubuntu workstation I am testing with is connecting via a site-to-site VPN. This is soon to be mandated as a requirement anyway, so if not done now it will have to be done later anyway. I mention this since it *may* be something that could be interfering with the success of my mission, however, given what does work, I do not think this is my culprit.
What does work:Thanks to winbind, I can log into the ubuntu workstation via gdm with my domain credentials, and thanks to pam_mount my shares do mount correctly. I take this to mean my pam conf files are correct, along with nsswitch.conf.wbinfo -p, -a, -t, and -u work on the workstation. getent passwd returns DOMusers.listwbinfo -p, -t, -Y, -S, -G, -n, -s, etc, all work on the PDC. getent passwd returns a list from /etc/passwd and getent group returns a list from /etc/group.A remotely controlled windows workstation on the lan works as expected.
It appears that winbind is not able to parse the group permissions at all, not for the user, nor for the folders.The hope:is that someone can say that this problem of group permissions not being recognized has a typical cause (though several hours/days of google searching has revealed no such thing). However, I can provide a great deal of supporting information, as I have gone through documentation and testing extensively (though not extensively enough, apparently). For my own sanity, I put most things I tried into a text document so I could review it and look for errors in judgment, that doc ended up being some 1500 lines long, and doesn't include conf files. Rather than flooding this post, if someone is up for reviewing it, I can definitely make it and further supporting info available...
i have 3 shares on my samba. i have users - user, manager and boss projects is RW to everyone reference is R to everyone RW to manager and boss Proposals is RW only to boss, no access to others However when boss logs in and creates a directory in projects share, the directory can only be renamed bu users and manager, and directory contents are read only for users and managers, even deletion / rename is denied. How can i make sure that when ever boss creates a directory in projects, it retains base folder permissions and is writable to user this is my samba file... i am using red hat 6.1 with samba 3.5.6 (i think)
My main account 'dave' runs as admin etc This was the output of 'groups dave': dave adm dialout cdrom plugdev lpadmin sambashare admin I was trying to add dave to the user group 'media-www' and i ran this command: 'usermod -G media-www dave' Then after another 'groups dave': dave : dave media-www It seems to have removed all the other groups! How do I restore this?
I am doing rhce course but i am very confused to answer these user and group permissions.the questions are like this...the owner of the /data must be user tom.primary group of /data must be the group sysadmins.the members of the group test must be able to write and create files in the /data.the members of the group web have no access to these directory.the user jack not belong to any of these gropus must have to edit files created in /data.the user tim can only list the contents.
the questions are always like these..i am okay with sgid and sticky bit.but i dnt know where to set default acl and other permissions.
I'm beginning to deal with more than one user on my system (it's a VPS serving some sites) and I need to make sure I understand how group permissions work. I have an account named "admin" .. it's basically the primary account that is used for serving most of the sites that I control myself. Now, I added a second account named "Ville" as one of my users wants to be able to administer that site. So, I can do this the easy way and just chown their domains folder under the ville user, they have permission to do whatever they need be and so forth. However, let's say I want to also give the admin user access to the files (modifying and all) .. how can I put both users into the same group and give them both permission?
I've tried doing: sudo usermod -a -G admin ville To add the ville into the admin group, but ville still cannot edit files by admin. Permissions for the primary directory for the ville user are read/write for both owner and group, and the current group for the files is admin:admin .. But ville still can't write into the directory. So, what should I be doing here to get this right and secure at the same time?
Originally Posted by slackuser67 In my case it was a permission thing. Logging in as root, sound worked, logging in as user didn't. I followed the adding myself to the audio group and that didn't do it either. But, adding myself to the video group did the trick. You wouldn't think that would work with getting video but no sound, but it did in my case. I'm having all the same problems, but I'm using DSL-N, and I can't figure out how to check or change the group permissions.
This netbook only has a user with non-administrative privs on it and root user but I do not have root's password.Is there a way that I can create a new administrative user of change the current user's group so that it can do sudo commands or have more privs?
After I edit /etc/group and I add a user to groups it didn't belong to, the user will not be able to use it's newly acquired privileges unless it starts a new session. Is there a command to refresh user/group properties in an ongoing session?
I wrote a little script that will automatically mount two Samba shares to my home directory and I was wondering if a) You guys/gals had any input as to how I could improve on this script and b) Tell me how I would go about having this script automatically execute when I log on via SSH.
#!/bin/sh mount -t smbfs -o username=Myuser,password=Thepassword //192.168.1.102/Data1 /home/user/Data1 mount -t smbfs -o username=Myuser,password=Thepassword //192.168.1.102/Data2 /home/user/Data2
I have Ubuntu server 10.04 joined to a domain using Likewise Open. I can login using my domain credentials and have added my domain account to the sudoers file. Now that I've got it joined to the domain I want to add some samba shares and have domain members use their accounts to access them. However, no matter what combination of my domain name and the domain user or group I use in the valid users field it won't let me in. What's the proper way of inputting a domain user or group in the valid user field?
This is the entry I'm using for the share:
Code: [testshare] path = /srv/testshare valid users = @"Domain Name+Domain Group" (Have tried many things here) public = no writable = yes printable = no create mask = 0765
First off a little history of me lol. I'm not completely a Linux noobie, but I'm not the most advanced user either. With that said I have a few interesting problems with Samba.First off I can see the NetBios name under Windows Networking (Windows 7), however everytime I try to connect to it I get an Access Denied and/or "Incorrect Password/Username" error. I have gone into secpol.msc and changed the values that other posts have suggested. Both the server and the workstation are located under the same group, and I have used the smbpasswd -a <username>. The server is not configured to be a Primary Domain Controller so.. I'm lost. Infact my brain hurts from 3 days of this. I have posted my SMB.CONF file to see if that helps. Hum.. Maybe I'm just trying to access a file share that isn't there..
on 10.04 I clicked to share my music folder with the network (other computer also having 10.04) and it installed samba for me. I restarted expecting to find sharing working as it had on the other computer by doing the exact same thing. But for some strange reason I can't access the shares on either computer through the network workgroup. It just says "Unable to Mount Location".
i have a ubuntu 10.10 desktop and laptop. i installed samba, and smbfs. i shared a folder on each computer. when i browse the network i can see the laptop from the laptop, and can see the desktop from the laptop, but i cant see the laptop from the desktop. when i try to mount the share it says unable to mount, but mounts it anyway...but, i need to be able to mount it so that rsync will see the shares as a dir on the desktop. i tried manually mounting via smbmount following several threads that i found, and i keep getting error sudo smbmount //192.168.1.78/share /media/laptop Password: Unable to find suitable address
that is as far as i've been able to get. i've looked and have only been able to find threads about windows shares, not between 2 ubuntu machines. and i dont know why laptop can see the desktop but not the other way around. they have identical smb.conf files
clean install of Slackware 13.1 64-bit. From day 1 I have been unable to browse Samba servers and shares on my home network. NFS, FTP, SSH, etc all seem to be working fine. I've been updating it regularly in case this was a bug, but I'm not so sure any more.
Reboot in WinXP sp3, I can browse fine. My wife's Win7 laptop works fine. My old Slack 12.2 system worked fine. I have not made any changes to the network other than adding this computer to the mix.
Pentium Dual Core e6700 @ 3.2GHz Asus P5G41T-M/CSM 4GB DDR3 Ram 1 TB Hitachi SATA Gigabyte ATI Radeon HD 5670 1GB Video PCIe
I am traveling to the UK next week, and whilst I am there, I need to be able to access my SAMBA shares hosted on my HOMESERVER, via my laptop in england.
I have tried Hamachi before, which works fine on windows, but the linux version is awful, and hardly works. So I need an alternative. I did a bit of googling, but I don't know what "bridged" means when I found a OpenVPN tutorial
I was wondering if anyone could give me some information as to what I'll need, and what I'll need to do on both my homeserver and my laptop?
I've decided to move this question into a new thread since i haven't received an answer for 3 days. This question was originaly posted here: [URL]... I've already searched in google, however i wasn't able to find an answer that solves my problem... How can i change the umask on a per user basis so that each user can have its own umask to fit his needs? For example: I have four accounts on my system ex.
-So now I want everything from the admin group to be by default set to 002 (so that every user that is in the admins group can have a full share (-rwx rwx r--) of everything that is created by the admins).
-Then the similar to the above managers shoud have 022 umask.
-And each of the regular users should have 002 or 022 or 077 it is up to the users choice.
I hope that i have provided enough info thorough the example.