Saturday, 19 May 2007

SAMBA Permission Vs Linux Permission: Who takes precedence

Few things about Linux and Samba permissions:


1. Linux system permissions take precedence over Samba permissions. For example if a directory does not have Linux write permission, setting samba writeable = Yes , will not allow to write to shared directory / share.


2. The filesystem permission take precedence over Samba permission. For example if filesystem mounted as readonly, setting writeable = Yes will not allow to write to any shared directory or share via samba server.

How do I set permissions to Samba shares? Samba Basic permissions are as follows (configuration file is smb.conf [/etc/samba/smb.conf]):


1. Read only: This parameter controls whether an user has the ability to create or modify files within a share. This is default.

2. Guest ok: Usually this parameter is set to yes, the users will have access to the share withouthaving to enter a password. This can pose security risk.

3. Writeable: Specifies users should have write access to the share.


You can create the share called helpfiles with read only permission

[helpfiles]

path = /usr/share/docs

read only = Yes


You can create the share called salesdoc with write permission

[salesdoc]

path = /home/shared/sales

writeable = Yes


You can also create a list of users to give write access to the share with write list option. For example allow rocky and tony to write to the share called sales:

[salesdoc]

path = /home/shared/sales

write list = rocky tony



You can use following options:
Read list: This option accepts a list of usernames or a group as its value. Users will be given read-only access to the share.


Valid users: You can make a share available to specific users. Usernames or group names can be passed on as its value.


Invalid users: Users or groups listed will be denied access to this share.

Samba mask permission :

It is also possible to specify samba default file creation permission using mask.
create mask: This option is set using an octal value when setting permissions for files. directory mask: Directories must have the execute bit for proper access. Default parameter is 0755.

[salesdoc]

path = /home/shared/sales

write list = rocky syscreate mask = 0775

Courtesy: VIVEK

http://www.cyberciti.biz/tips/how-do-i-set-permissions-to-samba-shares.html

Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)