Solved

Samba, Win98 Password Prob when not 'root'

Posted on 2000-03-27
5
265 Views
Last Modified: 2010-05-18
From my Win98 machine, I can see all Samba shares.
When I log into my Win98 as 'root' I can write to all the Samba shares.  However, when I log into Win98 as ewalstad, I only have write access to /home/ewalstad/.
When I try to write to other folders, I get an 'Access Denied' error from Windows.

I need to have read & write access to the entire structure when I log in as ewalstad.  How do I do this?

Here's my smbconf file:

#======================= Global Settings =====================================
[global]
   workgroup = energywright
   server string = Samba Server on Caldera OpenLinux
   hosts deny = ALL
   hosts allow = 192.168.1. 127.
   guest account = guest
   log file = /var/log/samba.d/smb.%m
   max log size = 50
   socket options = TCP_NODELAY
   name resolve order = lmhosts wins bcast
   dns proxy = no

#============================ Share Definitions ==============================
[homes]
   comment = Home Directories
   path = %H/home
   valid users = %S
   only user = yes
   browseable = yes
   writable = yes
   create mask = 0750
# A private directory, usable only by fred. Note that fred requires write
# access to the directory.
[erics]
   comment = ewalstad, ericw & root
   path = /
   valid users = ewalstad ericw root
   writable = yes
0
Comment
Question by:ewalstad
  • 2
  • 2
5 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 2662589
Basically you are running into the normal unix protection system. Samba is required to obey the Unix file protections and can't give you access to things that you wouldn't have access to if you were logged on the Linux system as that user. Root has full access to everything, but ewalstad doesn't (prove by directly logging in to your Linux box as ewalstad and trying to copy a file to, say /usr/bin). I think you'll find that you can write to some areas of the "erics" share, like /tmp, because anyone can write to /tmp.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 2662601
Oh and I meant to end that comment with...

If you want to be able to write to anywhere on the system you have to be root. If you have specific places that you need to be able to write to from a PC (an htdoc dir, a common file store, etc) that aren't going to compromise the system, you could change the permissions on those areas, and those areas only, to allow non-root write privs.
0
 
LVL 1

Expert Comment

by:Nick
ID: 2663760
I fell into the same problem.  I got around this by placing my putting Win UID (which is 'mapped' in etc/smbusers file to my Linux log on)into the group 'root'.

Sometimes it is better to leave the access denials in place, as MS do some funny things with file structures sometimes...

Nick
0
 
LVL 3

Accepted Solution

by:
handrich earned 25 total points
ID: 2685640
Hi
Nick your idea to cahnge the UID wil work but it is a big security lack.
ewalstad you Ides to share / is not any better.
NEVER SHARE THE / OF YOUR LINUXBOX especialy with write access!

It is better to create a  folders and/or shares where the user ewalstad (and  other users) are allowed to write. so create a directory /SHARES or what name you like and if you dont need any internal UNIX security inside this directory run      chmod 666 /SHARES.
than add
[erics]
                               comment = ewalstad, ericw & root
                               path = / SHARES
                               valid users = ewalstad ericw root
                               writable = yes

you could also change the group-owner of /SHARES to one where all the tree ewalstad ericw root are members (usually users) with      
chgrp users /SHARES      and then a    chmod 660 /SHARES   will also be ok and more secure.  
if you dont know the group that is used on the linux filesystem, simply create a file as ewalstad via windows in your samba homedir and then at the linux-console a ls -asl * will show you the group.

Best Regards Michael
0
 
LVL 1

Expert Comment

by:Nick
ID: 2685767
Thanks, Michael, but a few thoughts...

Surely by using smbuser to map my win UID to my Linux UID 'root' this only allows a root log-in as per su command in telnet etc anyway?  The smb.conf is set for only user.  I only done this so I can have full access to my machine (486) via my win machine (233) for faster access speeds.  How do I get full access via smb otherwise? [apart from logging in Win as root =8^(__) ], which is basically what I am doing anyway?

Cheers,

Nick
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now