elvin226
asked on
How to tell Samba not to create a new file when the file being modified is a symbolic link?
I have a file:
/home/elvin/share.xls with the following permission: -rwxrwxr--
I share it with members of my group; they make a symbolic link of the file on their own directory, say:
/home/grpmate1/share.xls -> /home/elvin/share.xls
and the resulting permission is lrwxrwxrwx.
Update of the file is being done on Windows platform thru Samba. The problem is, when grpmate1 updates and saves the file, the symbolic link is replaced by a new file that is resident to his own directory:
/home/grpmate1/share.xls with permission -rwxrwxr--
His modifications will not reflect on my file, because it is no longer linked.
How can I tell Samba that it is a symbolic link and should not be replaced by a new file?
/home/elvin/share.xls with the following permission: -rwxrwxr--
I share it with members of my group; they make a symbolic link of the file on their own directory, say:
/home/grpmate1/share.xls -> /home/elvin/share.xls
and the resulting permission is lrwxrwxrwx.
Update of the file is being done on Windows platform thru Samba. The problem is, when grpmate1 updates and saves the file, the symbolic link is replaced by a new file that is resident to his own directory:
/home/grpmate1/share.xls with permission -rwxrwxr--
His modifications will not reflect on my file, because it is no longer linked.
How can I tell Samba that it is a symbolic link and should not be replaced by a new file?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
But I think you can create the /share (or whatever you want to name) directory and share it out through samba, after you create the /share directory and add the share into your /etc/samba/smb.conf as I suggested, than restart your samba service '/etc/rc.d/init.d/smb restart'.
or as majorwoo suggest, you put all the share file(s) into the /share directory and build a symbolic link in eash users directory (those users who will share use the file(s) ), so that you can keep your config as it is (i.e. no need to add any share in your /etc/samba/smb.conf (the samba config file) and restart the samba service ), so that when user(s) login they will get into their home directory and get into the share directory to make change to the file.
or as majorwoo suggest, you put all the share file(s) into the /share directory and build a symbolic link in eash users directory (those users who will share use the file(s) ), so that you can keep your config as it is (i.e. no need to add any share in your /etc/samba/smb.conf (the samba config file) and restart the samba service ), so that when user(s) login they will get into their home directory and get into the share directory to make change to the file.
The difference bewteen my suggestion and majorwoo.
I used the samba service to share out a share directory so that those users will got 2 shared, one is their home directory, the second one is for comment use between those users, and you need to add group into those users eg.
groupadd share < this will add a new group called share into the system
usermod -G share paul < if user paul alread added, this will make paul become the member of share
useradd -g paul,share paul < of user paul not add, this will make paul become the member of his own and share
and I used the create mode 0770, this will only allow the owner and the member of the group can access the files, others can't including read.
majorwoo (I hope I havn't miss understand your meaning), suggest to build the symbolic link, which you no need to add any group, but you need to have the rwxrwxrwx for the /share, and put a symbolic link on each appointed user's home direcotry, eg.
cd /home/paul
ln -s /share share
so when the paul login, he will have a folder like in his home directory called share, but the files paul create/edit may create a admin issue, since the system will put rwxr-xr-x after the file save, but I can't remember the work around for this, I think is something like the 'chroot' can make change on this, but sorry really can't remember how to, majorwoo any idea?
I used the samba service to share out a share directory so that those users will got 2 shared, one is their home directory, the second one is for comment use between those users, and you need to add group into those users eg.
groupadd share < this will add a new group called share into the system
usermod -G share paul < if user paul alread added, this will make paul become the member of share
useradd -g paul,share paul < of user paul not add, this will make paul become the member of his own and share
and I used the create mode 0770, this will only allow the owner and the member of the group can access the files, others can't including read.
majorwoo (I hope I havn't miss understand your meaning), suggest to build the symbolic link, which you no need to add any group, but you need to have the rwxrwxrwx for the /share, and put a symbolic link on each appointed user's home direcotry, eg.
cd /home/paul
ln -s /share share
so when the paul login, he will have a folder like in his home directory called share, but the files paul create/edit may create a admin issue, since the system will put rwxr-xr-x after the file save, but I can't remember the work around for this, I think is something like the 'chroot' can make change on this, but sorry really can't remember how to, majorwoo any idea?
There are a number of ways to do it as suggested. Personally I use both of those we are talking about here. I share a folder /share for my users, however some of them have no idea that anything exists outside of their home directory so I put a link to it in their directory.
I would use a group (and I do) for that purpose as Paul showed - it's fairly easy to add a group and add users to the group, although I usually just edit the file directly, it seems quicker to me:
groupadd share
and then edit /etc/group
and add the people you need to it:
share:x:1111:comma,seperat
I would use a group (and I do) for that purpose as Paul showed - it's fairly easy to add a group and add users to the group, although I usually just edit the file directly, it seems quicker to me:
groupadd share
and then edit /etc/group
and add the people you need to it:
share:x:1111:comma,seperat
ASKER
paullamhkg:
"the files paul create/edit may create a admin issue, since the system will put rwxr-xr-x after the file save, but I can't remember the work around for this"
That is exactly what I meant when I say:
"the file permission becomes 0774 instead of 0770 and the owner of the file becomes grpmate1"
I have no problems in creating groups, that is no longer my issue.
My problem is since I'm using Samba, and Samba automatically uses the setting for [homes] and ignores the [shared], every file that has been modified becomes owned by the one who saves it. This should not be the case. How can I solve it?
To make things clearer:
paul, major and elvin are members of the group 'ourgroup'.
elvin has a file that he wants to share with paul and major:
-rwxrwxr-- elvin ourgroup /home/elvin/shared/myfile.
when paul edits the file, it becomes:
-rwxrwxr-- paul ourgroup /home/elvin/shared/myfile.
when major edits the file, it becomes:
-rwxrwxr-- major ourgroup /home/elvin/shared/myfile.
So whoever edits the file becomes the owner. I don't want that to happen. Why does Samba do it?
"the files paul create/edit may create a admin issue, since the system will put rwxr-xr-x after the file save, but I can't remember the work around for this"
That is exactly what I meant when I say:
"the file permission becomes 0774 instead of 0770 and the owner of the file becomes grpmate1"
I have no problems in creating groups, that is no longer my issue.
My problem is since I'm using Samba, and Samba automatically uses the setting for [homes] and ignores the [shared], every file that has been modified becomes owned by the one who saves it. This should not be the case. How can I solve it?
To make things clearer:
paul, major and elvin are members of the group 'ourgroup'.
elvin has a file that he wants to share with paul and major:
-rwxrwxr-- elvin ourgroup /home/elvin/shared/myfile.
when paul edits the file, it becomes:
-rwxrwxr-- paul ourgroup /home/elvin/shared/myfile.
when major edits the file, it becomes:
-rwxrwxr-- major ourgroup /home/elvin/shared/myfile.
So whoever edits the file becomes the owner. I don't want that to happen. Why does Samba do it?
Ahh, ok we were all on different pages here. This I have never seen before:
can you paste your smb.conf here to lookover (granted it's large)
can you paste your smb.conf here to lookover (granted it's large)
ASKER
Here it is:
; /etc/smb.conf
;
; Make sure to restart the server after making any changes.
; /etc/rc.d/init.d/smb stop
; /etc/rc.d/init.d/smb start
[global]
; Uncomment this if you want a guest account.
; guest account = nobody
log file = /var/log/samba.log
lock directory = /var/lock/samba
share modes = yes
encrypt passwords = yes
smb passwd file = /etc/smbpasswd
[homes]
comment = Home Directories
browseable = no
read only = no
force create mode = 0774
[shared]
comment = Shared Folder
path = /home1/elvin/shared
read only = no
force user = elvin
force create mode = 0770
Note that I defined a user parameter so that everytime the file is saved the owner would be me, granted that my assumption is correct, but as I said [shared] has never been used. It's always [homes].
-rwxrwx--- elvin ourgroup /home1/elvin/shared/myfile
-rwxrwxr-- paul ourgroup /home1/elvin/shared/myfile
-rwxrwxr-- major ourgroup /home1/elvin/shared/myfile
; /etc/smb.conf
;
; Make sure to restart the server after making any changes.
; /etc/rc.d/init.d/smb stop
; /etc/rc.d/init.d/smb start
[global]
; Uncomment this if you want a guest account.
; guest account = nobody
log file = /var/log/samba.log
lock directory = /var/lock/samba
share modes = yes
encrypt passwords = yes
smb passwd file = /etc/smbpasswd
[homes]
comment = Home Directories
browseable = no
read only = no
force create mode = 0774
[shared]
comment = Shared Folder
path = /home1/elvin/shared
read only = no
force user = elvin
force create mode = 0770
Note that I defined a user parameter so that everytime the file is saved the owner would be me, granted that my assumption is correct, but as I said [shared] has never been used. It's always [homes].
-rwxrwx--- elvin ourgroup /home1/elvin/shared/myfile
-rwxrwxr-- paul ourgroup /home1/elvin/shared/myfile
-rwxrwxr-- major ourgroup /home1/elvin/shared/myfile
force user (S)
This specifies a UNIX user name that will be assigned as the default user for all users connecting to this service. This is useful for sharing files. You should also use it carefully as using it incorrectly can cause security problems.
This user name only gets used once a connection is established. Thus clients still need to connect as a valid user and supply a valid password. Once connected, all file operations will be performed as the "forced user", no matter what username the client connected as. This can be very useful.
In Samba 2.0.5 and above this parameter also causes the primary group of the forced user to be used as the primary group for all file activity. Prior to 2.0.5 the primary group was left as the primary group of the connecting user (this was a bug).
See also
Default: no forced user
Example: force user = auser
So your file(s) should force to elvin upon you smb.conf.
If you using samba 3.x there is an option called username map have a look below
username map (G)
This option allows you to specify a file containing a mapping of usernames from the clients to the server. This can be used for several purposes. The most common is to map usernames that users use on DOS or Windows machines to those that the UNIX box uses. The other is to map multiple users to a single username so that they can more easily share files.
Have a check on the samba 3.x manual http://us1.samba.org/samba/docs/man/smb.conf.5.html.
But I'm still thinking there is bug in samba which make the problem you got.
This specifies a UNIX user name that will be assigned as the default user for all users connecting to this service. This is useful for sharing files. You should also use it carefully as using it incorrectly can cause security problems.
This user name only gets used once a connection is established. Thus clients still need to connect as a valid user and supply a valid password. Once connected, all file operations will be performed as the "forced user", no matter what username the client connected as. This can be very useful.
In Samba 2.0.5 and above this parameter also causes the primary group of the forced user to be used as the primary group for all file activity. Prior to 2.0.5 the primary group was left as the primary group of the connecting user (this was a bug).
See also
Default: no forced user
Example: force user = auser
So your file(s) should force to elvin upon you smb.conf.
If you using samba 3.x there is an option called username map have a look below
username map (G)
This option allows you to specify a file containing a mapping of usernames from the clients to the server. This can be used for several purposes. The most common is to map usernames that users use on DOS or Windows machines to those that the UNIX box uses. The other is to map multiple users to a single username so that they can more easily share files.
Have a check on the samba 3.x manual http://us1.samba.org/samba/docs/man/smb.conf.5.html.
But I'm still thinking there is bug in samba which make the problem you got.
ASKER
although the problem on file ownership has not been solved yet, the file sharing works--as long as the default permission gives modification privelege to group members.
ASKER
The configuration for share doesn't work because Samba is using the default setting for homes. In other words, it doesn't override the setting for homes.
[homes]
comment = Home Directories
browseable = no
read only = no
force create mode = 0774
I said that because the file permission becomes 0774 instead of 0770 and the owner of the file becomes grpmate1, although the link or sharing still works.
I would like to see the share setting to work before I give the points. :)