jabeavers
asked on
Can't add write permission for 'group' or 'world' on Samba shares - FC4
I have an FC4 box with a second HDD that I mount under /mnt/shr2. On this HDD are several folders and files that I share with Windows using Samba. I've set up Samba as a PDC. All worked great until I tried to add users to my domain and have them access the files of the Samba shares. The original file creator can read/write the files, but the new users cannot. I've created a group and put the users that should have access in that group, but when I try to chmod the files / folders, the settings do not take effect. I would like to change permissions for the files so that anyone in that group have read/write access to the files. Included are parts of my fstab, smb.conf, and passwd files.
Thanks,
fstab:
/dev/hdd1 /mnt/shr2 vfat defaults,gid=450 0 0
smb.conf:
[global]
workgroup = LSSFILES
netbios name = LSS
server string = LSS Domain
username map = /etc/samba/smbusers
log file = /var/log/samba/%m.log
max log size = 50
name resolve order = lmhosts wins bcast
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
logon path = \\%L\Profiles
domain logons = Yes
os level = 50
preferred master = Yes
domain master = Yes
wins support = Yes
ldap ssl = no
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
[Files]
path = /mnt/shr2/Server
valid users = webdev, software, designer, lightningss$, root
read only = No
passwd:
designer:x:500:450::/home/ LSSdesigne r:/bin/bas h
lightningss$:*:1000:900:Tr ust Account:/dev/null:/dev/nul l
lss-design$:*:999:900:Trus t Account:/dev/null:/dev/nul l
webdev:x:1002:450::/home/w ebdev:/bin /bash
software:x:1003:450::/home /software: /bin/bash
Thanks,
fstab:
/dev/hdd1 /mnt/shr2 vfat defaults,gid=450 0 0
smb.conf:
[global]
workgroup = LSSFILES
netbios name = LSS
server string = LSS Domain
username map = /etc/samba/smbusers
log file = /var/log/samba/%m.log
max log size = 50
name resolve order = lmhosts wins bcast
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
logon path = \\%L\Profiles
domain logons = Yes
os level = 50
preferred master = Yes
domain master = Yes
wins support = Yes
ldap ssl = no
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
[Files]
path = /mnt/shr2/Server
valid users = webdev, software, designer, lightningss$, root
read only = No
passwd:
designer:x:500:450::/home/
lightningss$:*:1000:900:Tr
lss-design$:*:999:900:Trus
webdev:x:1002:450::/home/w
software:x:1003:450::/home
ASKER
Here are the results:
[root@server ~]# ls -ld /mnt/shr2/Server
drwxr-xr-x 4 designer developers 32768 Jun 27 11:59 /mnt/shr2/Server
[root@server ~]# ps axl | awk '/smbd/{print $2" "$4" "$13}' | sort -u
0 1 smbd
0 2004 smbd
0 7604 awk
[root@server ~]# ls -ld /mnt/shr2/Server
drwxr-xr-x 4 designer developers 32768 Jun 27 11:59 /mnt/shr2/Server
[root@server ~]# ps axl | awk '/smbd/{print $2" "$4" "$13}' | sort -u
0 1 smbd
0 2004 smbd
0 7604 awk
if
designer is user
and
developer is group
than do this exactly
# cd /home/designer
# chown -R designer:developer /home/designer
OR
# chown -R user:group /path to the directory
BEST OF LUCK
designer is user
and
developer is group
than do this exactly
# cd /home/designer
# chown -R designer:developer /home/designer
OR
# chown -R user:group /path to the directory
BEST OF LUCK
OR
just copy and paste this
# chown -R designer:developer /mnt/shr2/Server
Here is supposed that the new user u add is designer.Replace designer with ur new user name
BEST OF LUCK
just copy and paste this
# chown -R designer:developer /mnt/shr2/Server
Here is supposed that the new user u add is designer.Replace designer with ur new user name
BEST OF LUCK
is 2004 the uid of user designer?
ASKER
I tried to chown the shared files I want, as you suggested:
# chown -R designer:developers /mnt/shr2/Server
This gave me an "Operation not permitted" warning on all of the files and folders. However, the owner and group are set to the correct users and groups, it's just that the group permissions on the files will not accept write privileges when I chmod the files / folders.
John
BTW:
2004 is not the uid of designer if I am reading my info correctly. I've included a snippet of the passwd file in my first post, and it says that designer's uid is 500. Hope that helps.
# chown -R designer:developers /mnt/shr2/Server
This gave me an "Operation not permitted" warning on all of the files and folders. However, the owner and group are set to the correct users and groups, it's just that the group permissions on the files will not accept write privileges when I chmod the files / folders.
John
BTW:
2004 is not the uid of designer if I am reading my info correctly. I've included a snippet of the passwd file in my first post, and it says that designer's uid is 500. Hope that helps.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
How do I find out the name of the user with uid 2004?
John
John
grep :2004: /etc/passwd
ASKER
That just returned a blank line. Also, I checked the passwd file manually, and there is no 2004 user in it. What does that mean for samba?
damn, trapped in my own cryptic command
2004 is the PID not a UID
Pleas echeck with ps aux which user is running smbd
2004 is the PID not a UID
Pleas echeck with ps aux which user is running smbd
ASKER
Ok, root is running smbd. Should I change the user or add root to the developers group?
John
John
First of all you need to be sure that the group in your SMB conf file is the same as the actual name of the workgroup the nodes are in on your local network:
workgroup = LSSFILES
Check your domain controller / PDC / Domain admin, to be sure that this is in fat the name of the workgroup that the computers writing to the share reside on.
Next, I'd like to see your /etc/fstab entry for samba...the mount should look something like this (to get correct results):
the /etc/fstab entry I use (all on one line):
//raid/userid /home/uersid smbfs users,noauto,nodev,fmask=6 64,dmask=7 75 0 0
These permissions and paths should be modified for your own liking.
workgroup = LSSFILES
Check your domain controller / PDC / Domain admin, to be sure that this is in fat the name of the workgroup that the computers writing to the share reside on.
Next, I'd like to see your /etc/fstab entry for samba...the mount should look something like this (to get correct results):
the /etc/fstab entry I use (all on one line):
//raid/userid /home/uersid smbfs users,noauto,nodev,fmask=6
These permissions and paths should be modified for your own liking.
Looking at your initial post on fstab, you will need to add
noauto,nodev,fmask=664,dma sk=775 0 0
then re-export the filesystem. (This used to be exportfs from NFS but now I think you just restart the daemon / system...)
noauto,nodev,fmask=664,dma
then re-export the filesystem. (This used to be exportfs from NFS but now I think you just restart the daemon / system...)
ASKER
OK, sorry about the long time between posts. I added root to the developers group, no effect. The workgroups are the same, so that's no problem. I added the options to my fstab entry as suggested by kblack05 (except noauto because I do want it to mount automatically), but it changed my permissions to an even worse situation (see below).
[root@server shr2]# ls -l my.cnf
--------w- 1 designer developers 7527 Feb 16 2005 my.cnf
[root@server shr2]# chmod 777 my.cnf
[root@server shr2]# ls -l my.cnf
--------w- 1 designer developers 7527 Feb 16 2005 my.cnf
[root@server shr2]# chmod +w my.cnf
[root@server shr2]# ls -l my.cnf
--------w- 1 designer developers 7527 Feb 16 2005 my.cnf
[root@server shr2]#
This is a sequence I inputted at the console and you can see my results. Prior to adding the new entries to the fstab, my permissions were:
rwxr-xr-x
Now they are as you see them above. Things are getting worse, not better, and I still cannot change the permissions of the files, as can be seen above. What's going on? Please help.
John
[root@server shr2]# ls -l my.cnf
--------w- 1 designer developers 7527 Feb 16 2005 my.cnf
[root@server shr2]# chmod 777 my.cnf
[root@server shr2]# ls -l my.cnf
--------w- 1 designer developers 7527 Feb 16 2005 my.cnf
[root@server shr2]# chmod +w my.cnf
[root@server shr2]# ls -l my.cnf
--------w- 1 designer developers 7527 Feb 16 2005 my.cnf
[root@server shr2]#
This is a sequence I inputted at the console and you can see my results. Prior to adding the new entries to the fstab, my permissions were:
rwxr-xr-x
Now they are as you see them above. Things are getting worse, not better, and I still cannot change the permissions of the files, as can be seen above. What's going on? Please help.
John
ASKER
I removed the fmask and dmask options from fstab, and my permissions went back to rwxr-xr-x, but I still cannot change the permissions using chmod.
Any ideas? Anybody?
John
Any ideas? Anybody?
John
John the command above simply adds world writability where it already exists. It didn't change the permissions as according to chmod the were the same as requested.
I think what you want is
chmod 0755 my.cnf
http://www.tu-berlin.de/zrz/dienste/www/manpages/chmod.html
I think what you want is
chmod 0755 my.cnf
http://www.tu-berlin.de/zrz/dienste/www/manpages/chmod.html
ASKER
Here is a sequence of commands and outputs I entered (I'm just using my.cnf as an example so that there's not a long list of files and folders).
[root@server shr2]# ls -l my.cnf
-rwxr-xr-x 1 designer developers 7527 Feb 16 2005 my.cnf
[root@server shr2]# chmod -v 0777 my.cnf
mode of `my.cnf' changed to 0777 (rwxrwxrwx)
[root@server shr2]# ls -l my.cnf
-rwxr-xr-x 1 designer developers 7527 Feb 16 2005 my.cnf
[root@server shr2]#
Here is another sequence that I tried. It would not let me change the first digit on the file.
[root@server shr2]# ls -l my.cnf
-rwxr-xr-x 1 designer developers 7527 Feb 16 2005 my.cnf
[root@server shr2]# chmod -v 2777 my.cnf
failed to change mode of `my.cnf' to 2777 (rwxrwsrwx)
chmod: changing permissions of `my.cnf': Operation not permitted
[root@server shr2]# ls -l my.cnf
-rwxr-xr-x 1 designer developers 7527 Feb 16 2005 my.cnf
[root@server shr2]#
As can be seen in the top sequence, it says that the permissions are changed, however, when I list the files again, the permissions revert to what they were before. I don't care about the first digit in chomd (in the seconde sequence of commands), I just included it incase it helped anybody know what was going on.
By the way, I am able to change the priveldges on the files to settings other than adding write priveldges to group and all. See below
[root@server shr2]# ls -l my.cnf
-rwxr-xr-x 1 designer developers 7527 Feb 16 2005 my.cnf
[root@server shr2]# chmod 444 my.cnf
[root@server shr2]# ls -l my.cnf
-r--r--r-- 1 designer developers 7527 Feb 16 2005 my.cnf
[root@server shr2]# chmod 777 my.cnf
[root@server shr2]# ls -l my.cnf
-rwxr-xr-x 1 designer developers 7527 Feb 16 2005 my.cnf
[root@server shr2]#
I hope this helps you all figure out what's wrong.
Thanks,
John
[root@server shr2]# ls -l my.cnf
-rwxr-xr-x 1 designer developers 7527 Feb 16 2005 my.cnf
[root@server shr2]# chmod -v 0777 my.cnf
mode of `my.cnf' changed to 0777 (rwxrwxrwx)
[root@server shr2]# ls -l my.cnf
-rwxr-xr-x 1 designer developers 7527 Feb 16 2005 my.cnf
[root@server shr2]#
Here is another sequence that I tried. It would not let me change the first digit on the file.
[root@server shr2]# ls -l my.cnf
-rwxr-xr-x 1 designer developers 7527 Feb 16 2005 my.cnf
[root@server shr2]# chmod -v 2777 my.cnf
failed to change mode of `my.cnf' to 2777 (rwxrwsrwx)
chmod: changing permissions of `my.cnf': Operation not permitted
[root@server shr2]# ls -l my.cnf
-rwxr-xr-x 1 designer developers 7527 Feb 16 2005 my.cnf
[root@server shr2]#
As can be seen in the top sequence, it says that the permissions are changed, however, when I list the files again, the permissions revert to what they were before. I don't care about the first digit in chomd (in the seconde sequence of commands), I just included it incase it helped anybody know what was going on.
By the way, I am able to change the priveldges on the files to settings other than adding write priveldges to group and all. See below
[root@server shr2]# ls -l my.cnf
-rwxr-xr-x 1 designer developers 7527 Feb 16 2005 my.cnf
[root@server shr2]# chmod 444 my.cnf
[root@server shr2]# ls -l my.cnf
-r--r--r-- 1 designer developers 7527 Feb 16 2005 my.cnf
[root@server shr2]# chmod 777 my.cnf
[root@server shr2]# ls -l my.cnf
-rwxr-xr-x 1 designer developers 7527 Feb 16 2005 my.cnf
[root@server shr2]#
I hope this helps you all figure out what's wrong.
Thanks,
John
John I think you might be running a security program which is modifying ... perhaps a default install of msec or similar...
Can you post the output of
ls /etc/cron*
Can you post the output of
ls /etc/cron*
ASKER
Here you go.
[root@server ~]# ls /etc/cron*
/etc/cron.deny /etc/crontab
/etc/cron.d:
/etc/cron.daily:
00-logwatch 00webalizer 0anacron certwatch cups logrotate makewhatis.cron prelink rpm slocate.cron tmpwatch yum.cron
/etc/cron.hourly:
/etc/cron.monthly:
0anacron
/etc/cron.weekly:
0anacron makewhatis.cron yum.cron
[root@server ~]#
[root@server ~]# ls /etc/cron*
/etc/cron.deny /etc/crontab
/etc/cron.d:
/etc/cron.daily:
00-logwatch 00webalizer 0anacron certwatch cups logrotate makewhatis.cron prelink rpm slocate.cron tmpwatch yum.cron
/etc/cron.hourly:
/etc/cron.monthly:
0anacron
/etc/cron.weekly:
0anacron makewhatis.cron yum.cron
[root@server ~]#
Ok can you try this?
setenforce 0
Then try what you are doing again and see if it works?
setenforce 0
Then try what you are doing again and see if it works?
ASKER
Still no go. When you had me change the entry in fstab, it changed the permissions on the files on that drive and would not let me change them back (similar to what it is doing currently). However, it changed the permissions to an unacceptable setting. I wonder if fstab has anything to do with it.
John
John
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
make that MODIFY the entry in fstab
For example set the fstab entry from fmask=664 to fmask=755
ASKER
I'm reading the man page for fstab on the fat file system. It says that the umask option "Sets the umask (the bitmask of the permissions that are *not* present)". What does it mean by "not present"?
Meaning if the set bit is already set, you must mask it. It will NOT remove the sticky bit, you'll need chmod for that. (Which I noticed you did set the sticky bit in another post above)
ASKER
Okay, I changed the umaks to 775, and this is what it did when I rebooted it.
[root@server shr2]# ls -l
total 25952
d-------w- 4 designer developers 32768 Jun 27 10:14 Backups
--------w- 1 designer developers 32768 Dec 31 1979 fsck0000.rec
--------w- 1 designer developers 32768 Dec 31 1979 fsck0001.rec
--------w- 1 designer developers 32768 Dec 31 1979 fsck0002.rec
--------w- 1 designer developers 32768 Dec 31 1979 fsck0003.rec
--------w- 1 designer developers 795 Feb 16 2005 fstab
--------w- 1 designer developers 46 Feb 16 2005 lmhosts
--------w- 1 designer developers 40 Feb 16 2005 lmhosts~
--------w- 1 designer developers 7527 Feb 16 2005 my.cnf
d--------- 13 designer developers 32768 Aug 23 13:25 mysql_data
--------w- 1 designer developers 25791187 Feb 16 2005 mysql-standard-5.0.18-linu x-i686.tar .gz
--------w- 1 designer developers 81920 Nov 9 2005 php_dbg.dll-5.0.3
--------w- 1 designer developers 8192 Feb 16 2005 secrets.tdb
d-------w- 4 designer developers 32768 Jun 27 11:59 Server
d-------w- 6 designer developers 32768 Jan 2 2006 Shares
--------w- 1 designer developers 8480 Feb 16 2005 smb.conf
--------w- 1 designer developers 7932 Feb 16 2005 smb.conf~
--------w- 1 designer developers 10836 Feb 16 2005 smb.conf.backup
--------w- 1 designer developers 424 Feb 16 2005 smbpasswd
--------w- 1 designer developers 159 Feb 16 2005 smbusers
d-------w- 2 designer developers 32768 Jan 10 2006 tmp
d-------w- 3 designer developers 32768 Jul 15 14:25 uml
[root@server shr2]#
This is not what I want. :)
John
[root@server shr2]# ls -l
total 25952
d-------w- 4 designer developers 32768 Jun 27 10:14 Backups
--------w- 1 designer developers 32768 Dec 31 1979 fsck0000.rec
--------w- 1 designer developers 32768 Dec 31 1979 fsck0001.rec
--------w- 1 designer developers 32768 Dec 31 1979 fsck0002.rec
--------w- 1 designer developers 32768 Dec 31 1979 fsck0003.rec
--------w- 1 designer developers 795 Feb 16 2005 fstab
--------w- 1 designer developers 46 Feb 16 2005 lmhosts
--------w- 1 designer developers 40 Feb 16 2005 lmhosts~
--------w- 1 designer developers 7527 Feb 16 2005 my.cnf
d--------- 13 designer developers 32768 Aug 23 13:25 mysql_data
--------w- 1 designer developers 25791187 Feb 16 2005 mysql-standard-5.0.18-linu
--------w- 1 designer developers 81920 Nov 9 2005 php_dbg.dll-5.0.3
--------w- 1 designer developers 8192 Feb 16 2005 secrets.tdb
d-------w- 4 designer developers 32768 Jun 27 11:59 Server
d-------w- 6 designer developers 32768 Jan 2 2006 Shares
--------w- 1 designer developers 8480 Feb 16 2005 smb.conf
--------w- 1 designer developers 7932 Feb 16 2005 smb.conf~
--------w- 1 designer developers 10836 Feb 16 2005 smb.conf.backup
--------w- 1 designer developers 424 Feb 16 2005 smbpasswd
--------w- 1 designer developers 159 Feb 16 2005 smbusers
d-------w- 2 designer developers 32768 Jan 10 2006 tmp
d-------w- 3 designer developers 32768 Jul 15 14:25 uml
[root@server shr2]#
This is not what I want. :)
John
Actually these should already be modified. 755 is
user read+write+execture group +read+execute other + read+execute. What you have there looks like the result of using alphabetical mods
chmod u+r+w+x g+r+x o+r+x
user read+write+execture group +read+execute other + read+execute. What you have there looks like the result of using alphabetical mods
chmod u+r+w+x g+r+x o+r+x
ASKER
Ok, I guess I had things backward. After playing with fstab, I discovered that the bitmask subtracted from the permission octal settings. Therefore, setting the umask to 000 set the permissions to 777. See below.
/dev/hdd1 /mnt/shr2 vfat users,rw,dev,exec,auto,asy nc,suid,ui d=500,gid= 450,umask= 000 0 0
[root@server ~]# ls -l /mnt/shr2
total 25952
drwxrwxrwx 4 designer developers 32768 Jun 27 10:14 Backups
-rwxrwxrwx 1 designer developers 32768 Dec 31 1979 fsck0000.rec
-rwxrwxrwx 1 designer developers 32768 Dec 31 1979 fsck0001.rec
-rwxrwxrwx 1 designer developers 32768 Dec 31 1979 fsck0002.rec
-rwxrwxrwx 1 designer developers 32768 Dec 31 1979 fsck0003.rec
-rwxrwxrwx 1 designer developers 795 Feb 16 2005 fstab
-rwxrwxrwx 1 designer developers 46 Feb 16 2005 lmhosts
-rwxrwxrwx 1 designer developers 40 Feb 16 2005 lmhosts~
-rwxrwxrwx 1 designer developers 7527 Feb 16 2005 my.cnf
dr-xr-xr-x 13 designer developers 32768 Aug 23 13:36 mysql_data
-rwxrwxrwx 1 designer developers 25791187 Feb 16 2005 mysql-standard-5.0.18-linu x-i686.tar .gz
-rwxrwxrwx 1 designer developers 81920 Nov 9 2005 php_dbg.dll-5.0.3
-rwxrwxrwx 1 designer developers 8192 Feb 16 2005 secrets.tdb
drwxrwxrwx 4 designer developers 32768 Jun 27 11:59 Server
drwxrwxrwx 6 designer developers 32768 Jan 2 2006 Shares
-rwxrwxrwx 1 designer developers 8480 Feb 16 2005 smb.conf
-rwxrwxrwx 1 designer developers 7932 Feb 16 2005 smb.conf~
-rwxrwxrwx 1 designer developers 10836 Feb 16 2005 smb.conf.backup
-rwxrwxrwx 1 designer developers 424 Feb 16 2005 smbpasswd
-rwxrwxrwx 1 designer developers 159 Feb 16 2005 smbusers
drwxrwxrwx 2 designer developers 32768 Jan 10 2006 tmp
drwxrwxrwx 3 designer developers 32768 Jul 15 14:25 uml
[root@server ~]#
I now have the permissions set how I want them.
Thanks all of you for your help. Give me some time to figure out the points situation.
John
/dev/hdd1 /mnt/shr2 vfat users,rw,dev,exec,auto,asy
[root@server ~]# ls -l /mnt/shr2
total 25952
drwxrwxrwx 4 designer developers 32768 Jun 27 10:14 Backups
-rwxrwxrwx 1 designer developers 32768 Dec 31 1979 fsck0000.rec
-rwxrwxrwx 1 designer developers 32768 Dec 31 1979 fsck0001.rec
-rwxrwxrwx 1 designer developers 32768 Dec 31 1979 fsck0002.rec
-rwxrwxrwx 1 designer developers 32768 Dec 31 1979 fsck0003.rec
-rwxrwxrwx 1 designer developers 795 Feb 16 2005 fstab
-rwxrwxrwx 1 designer developers 46 Feb 16 2005 lmhosts
-rwxrwxrwx 1 designer developers 40 Feb 16 2005 lmhosts~
-rwxrwxrwx 1 designer developers 7527 Feb 16 2005 my.cnf
dr-xr-xr-x 13 designer developers 32768 Aug 23 13:36 mysql_data
-rwxrwxrwx 1 designer developers 25791187 Feb 16 2005 mysql-standard-5.0.18-linu
-rwxrwxrwx 1 designer developers 81920 Nov 9 2005 php_dbg.dll-5.0.3
-rwxrwxrwx 1 designer developers 8192 Feb 16 2005 secrets.tdb
drwxrwxrwx 4 designer developers 32768 Jun 27 11:59 Server
drwxrwxrwx 6 designer developers 32768 Jan 2 2006 Shares
-rwxrwxrwx 1 designer developers 8480 Feb 16 2005 smb.conf
-rwxrwxrwx 1 designer developers 7932 Feb 16 2005 smb.conf~
-rwxrwxrwx 1 designer developers 10836 Feb 16 2005 smb.conf.backup
-rwxrwxrwx 1 designer developers 424 Feb 16 2005 smbpasswd
-rwxrwxrwx 1 designer developers 159 Feb 16 2005 smbusers
drwxrwxrwx 2 designer developers 32768 Jan 10 2006 tmp
drwxrwxrwx 3 designer developers 32768 Jul 15 14:25 uml
[root@server ~]#
I now have the permissions set how I want them.
Thanks all of you for your help. Give me some time to figure out the points situation.
John
That's right, umask is unmask. I'm glad you got it working properly...
ls -ld /mnt/shr2/Server
ps axl | awk '/smbd/{print $2" "$4" "$13}' | sort -u