Ubuntu Servers :: Samba Users Able To Browse Folders With No Permission
Feb 11, 2011
Below is marina, a sales rep, and brian, a super user of sorts.
uid=1011(marina) gid=1006(office) groups=1006(office),1005(sales)
uid=1000(brian) gid=1006(office) groups=1006(office),118(admin),1001(full),1002(processing),1003(management),1004(it),1005(sales)
Below is the directory with all the sales reps folders.
drwxrwxr-x 15 root it 4096 2011-02-10 20:06 .
drwxr-x--- 9 root office 4096 2010-11-19 12:40 ..
drwxrwx--- 13 katya full 4096 2010-12-07 12:36 Katya
drwxrwx--- 18 lana full 4096 2011-02-08 17:09 Lana
drwxrwx--- 23 marina full 4096 2011-02-10 18:09 Marina
drwxrwx--- 4 mike full 4096 2011-02-01 12:42 Mike
With this setup marina only be able to browse her folder, but she can browse all folders and has full write access to all folders. This leads me to believe something is up with the smbd.conf file, which is below.
workgroup = COMTREAD
null passwords = no
server string = Root Server
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0 .....
In this case the valid users directive would not work cause I am not making a share for each user. I had this on other shares like the db2 share. My windows box lagged heavily when I tried to access that share with an invalid user. How to deny users the ability to modify permissions I would also like to do that.
I've installed Ubuntu Server 7.10 Gutsy and Webmin 1.500 on it. The thing that I want to do is: I want to share a folder an sub folders for windows users ( guest user) I should modify those folders from my ubuntu desktop 9.10 karmic they are all same folders. Is it possible? if yes how can i make it. you can tell from webmin or samba configuration file.
I have configure few folders access by 3 users, In common folder only users that create that document can do changes. The rest of the users can only read the file but can not do changes. Ownership of the folder is admin, group is sambashare which already have the access create and delete files. All the 3 users already in sambashare main group, and they only can edit the file that they copy or create to the common folder .........
- OpenSUSE (Workstation configured to log in using Active Directory Information) - First Windows Server (Domain Controller) - Second Windows Server (Provide shared folders for users to use)
How do I map domain users from second Windows Server (like \windowsserverusers<user>) to a folder (like /home/<domain>/<user>/<user_personal_folder>) in OpenSUSE computer ? It should be via samba right? Trying checking something in /etc/samba/smb.conf but couldn't find anything.
If I want to add Windows & Mac users as Samba users, must I first add them all as Ubuntu users? If so, since none of the other users will actually be working on the Ubuntu Server, how do I disable the other non-admin users on the Ubuntu Server login screen. I am using Webmin to administer some server settings, and command line for others.
clean install of Slackware 13.1 64-bit. From day 1 I have been unable to browse Samba servers and shares on my home network. NFS, FTP, SSH, etc all seem to be working fine. I've been updating it regularly in case this was a bug, but I'm not so sure any more.
Reboot in WinXP sp3, I can browse fine. My wife's Win7 laptop works fine. My old Slack 12.2 system worked fine. I have not made any changes to the network other than adding this computer to the mix.
Pentium Dual Core e6700 @ 3.2GHz Asus P5G41T-M/CSM 4GB DDR3 Ram 1 TB Hitachi SATA Gigabyte ATI Radeon HD 5670 1GB Video PCIe
I just set up an VPS with ubuntu. I made a user1 and gave it ownership
Code: chown -R user1 /home/www
This user also have been given all the root privileges (I know it is not recommended!)
The problem is that each time I make new site, and user1 wants to upload (through ftp) files to /home/www/newsite I need to redo the the above command in order to be enable user1 to upload. Not only this, I need to rework permissions (744 for folders and 644 for files), otherwise the newsite throws permission errors message.
a small lab of linux servers contains two servers. the administrator wishes to permit user settings and project files to be available when users log in on any machine descibe the server processes needed on the servers
I have problem with virtual users in vsftpd. When they create folder they cant make another in than folder, or for example they cant see files they upload in that directory...That write permision i try to change in their config file, with every combination of local_umask and file_open mode values. How can I handle that. I want that virtual user who creates directory (in their root directory) have all privilages to that folder and all content in that folder.
I have samba allowing only known users, and on the ubuntu side, I have the folder permission 777. I have the same exact samba smb.conf file(locations of course matching new server), but I can't get it to authenticate with the new server(Old server is up and running too) and I'm lost. I thought I had it figured out when I did my last server, but I seem to be missing something on this one.
I've set up a ubuntu server at home with the intention of sharing files with windows clients, so I've installed samba. I have no security issues so I've allowed public access to the shares and I can access them fine from all windows machines. I also need to preserve the dos attributes for files and folders using 'map hidden', 'map system', 'map archive' which works great for files but not for folders. I've got a number of folders from my windows box which I would like to keep hidden (for tidiness more than anything) but when I transfer them to the samba share, they become visible again and I can seem to control their visibility at all from windows or from ubuntu. Do I take it from this that samba can only manage to maintain dos flags on files and not on directories?
This is the relevant part of the samba.conf file Code:
So, I am looking to implement an FTP server with Isolated Client accounts/directories where a client can only access what's in their directory. I also need to provide my internal user's (content managers) the ability to upload, delete, etc from all of the Client accounts. The simple part is creating the secure client accounts. It's a matter of changing DIR_MODE in adduser.conf to 700 or 770, creating a user, having the FTP server chroot them to their home directory, revoke/restrict shell/ssh access and maybe even slap on some ACL to prevent botched permissions.The hard part is figuring out how to give my power users the ability to access all of their folders without thrashing security.
My first thought was to put all of the client user-groups in a parent group and having my internal users inherit group permissions..but you can't have groups inside of groups.My second thought was to put all of the client users in the same group and prey that the FTP chroot is enough to keep them from poking around but then I have the problem of how do my internal users access other user directories if they are chrooted. Do I create a second server without chroot.do I create some weird nested homedir structure..I honestly have no idea how to satisfy both requirements (secure client accounts and privileged user accounts). I need my privileged users to authenticate against Active Directory via Likewise open, LDAP, etc and I don't care how the clients authenticate. Though, I would prefer to have both file and FTP-server level protection just to make sure no one can see the other client's data.
I have two ubuntu 10.04 64-bit servers running samba (3.4.7) and openLDAP (2.4.21). The LDAP directory is successfully replicating between the two servers. These servers also serve as LDAP servers for sudo, pam, nss, and other services for a dozen servers without issues. The BDC samba is configured to use itself for LDAP. I connected to the BDC using the samba ldap credentials and verified I could a) see the Computer object b) read NTPassword and LMPassword. The workstations can authenticate to the domain successfully against the PDC. If a workstation boots and connects to the BDC, they login fails with:
Code: [2010/07/18 11:46:23, 0] rpc_server/srv_netlog_nt.c:336(get_md4pw) get_md4pw: Workstation MACHINENAME$: no account in domain [2010/07/18 11:46:23, 0] rpc_server/srv_netlog_nt.c:584(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: failed to get machine password for account MACHINENAME$: NT_STATUS_ACCESS_DENIED
Successful authentication against the PDC shows: Code: [2010/07/18 11:59:20, 1] smbd/service.c:1063(make_connection_snum) MACHINENAME (192.168.2.145) connect to service netlogon initially as user username (uid=30000, gid=512) (pid 1727) [2010/07/18 11:59:20, 1] smbd/service.c:1063(make_connection_snum) MACHINENAME (192.168.2.145) connect to service data initially as user nobody (uid=65534, gid=65534) (pid 1727) .....
Just like the title states, as soon as my server comes up, I see the samba share that I made and can browse it just fine.
I don't see the printer share nor can I print to the shared printer until I execute service smbd restart from an ssh login. Then I see the printer and then I can network print.
Before restarting smbd, I do check to see if it's already running and it is (two instances are running in fact). When I restart smbd, there are still two smbd services running but they have higher PID numbers (and I can then print).
I'm running 10.04. how to make it all start up happily the first time without any intervention from me?
When I try to add a user to samba (using the GNOME UI) in F12, after enter all the information and click OK.it will just hang for about 20 seconds, and then do nothing. Window is still there, I click OK again and same thing.heres the steps i followed:
1) click preferences, Samba Users... 2) click add user 3) select user "joe" (example) from drop down of users 4) enter "joe" windows user name 5) enter password for joe (same as user password) 6) click OK 7) hangs 20 seconds then nothing.window is still there.click OK again same thing no user added
I am trying to set up a windows file server using fedora 14 with samba. when I go to the a windows machine I can log in the the samba server. When I try to go to the folder I need access to I get and error saying "you might not have permission to use this network resource" I am trying to access my home directory. Directory /home/mike, username mike. As far as I can tell it is not a permission of the directory. I have a user set up in samba that uses the mike user account.
I want to use samba in ubuntu.For samba users i make a user in my linux box like
# useradd smith # useradd jone
These users can also login into my ubuntu system if they want. For samba I want to know that, is there any way to create separate valid list of samba users so that they may access files from windows xp.
How can I set permissions for users within the share? Example: I have a share called Programming and some user can create folders within it most others can not, can read the documents. How do I set permissions?
In my ongoing hunt for a Samba GUI that is feature packed, well supported, easy to use, yet doesn't suck, I found myself tinkering with eBox. I have it installed and fired up but I'm a little confused. I can add a Samba share - okay great. But I sorta need to add users. Where on earth can I add users? The users and group section of eBox doesn't appear to be related to what I need, and I also cannot get into the access control section of the very share I just created.
I have Ubuntu server 10.04 joined to a domain using Likewise Open. I can login using my domain credentials and have added my domain account to the sudoers file. Now that I've got it joined to the domain I want to add some samba shares and have domain members use their accounts to access them. However, no matter what combination of my domain name and the domain user or group I use in the valid users field it won't let me in. What's the proper way of inputting a domain user or group in the valid user field?
This is the entry I'm using for the share:
Code: [testshare] path = /srv/testshare valid users = @"Domain Name+Domain Group" (Have tried many things here) public = no writable = yes printable = no create mask = 0765
I have Ubuntu dual-booted with Windows. But whenever I start-up the computer, linux is listed twice! D: Right after I installed it, I was told I needed 200+ MB worth of updates, so I got them, and since then, it's been listed twice in the start-up OS booter thingy. But selecting the one with lower numbers doesn't boot up anything, It just stops at a scary screen with a blinking cursor.
AND, since the beginning, I have never been able to browse folders from the places menu, OR access the Start-up Applications manager. Ubuntu also seems to slow down randomly, and then speed back up. Starting up applications makes it unusually laggy for the period of time that they're starting up, and I'd like to know if Ubuntu is usually so slow on machines like mine...
AMD Sempron 3000+ CPU @ 1.8 GHZ 811 Mib RAM ATI Xpress 200 Integrated graphics. I also get errors every time I try downloading anything.
I used the command sudo chmod 0750 /home/Gianni to make my home folder private. Now, I would like that another user in my pc can read files in a subdirectory of my home. I was running several commands with chmod and chown and I tried with Nautilus too, but without success. I just would like to place a link on the second user's desktop, that he can click on and access my subdirectory.