Can't add write permission for 'group' or 'world' on Samba shares - FC4

please post result of:
  ls -ld /mnt/shr2/Server
  ps axl | awk '/smbd/{print $2" "$4" "$13}' | sort -u

Here are the results:

[root@server ~]# ls -ld /mnt/shr2/Server
drwxr-xr-x  4 designer developers 32768 Jun 27 11:59 /mnt/shr2/Server

[root@server ~]# ps axl | awk '/smbd/{print $2" "$4" "$13}' | sort -u
0 1 smbd
0 2004 smbd
0 7604 awk

if
designer is user
and
developer is group
than do this exactly
# cd /home/designer
# chown -R designer:developer /home/designer

                                           OR

# chown -R user:group /path to the directory


BEST OF LUCK

OR
just copy and paste this
# chown -R designer:developer /mnt/shr2/Server

Here is supposed that the new user u add is designer.Replace designer with ur new user name

BEST OF LUCK

is 2004 the uid of user designer?

I tried to chown the shared files I want, as you suggested:

# chown -R designer:developers /mnt/shr2/Server

This gave me an "Operation not permitted" warning on all of the files and folders.  However, the owner and group are set to the correct users and groups, it's just that the group permissions on the files will not accept write privileges when I chmod the files / folders.

John

BTW:

2004 is not the uid of designer if I am reading my info correctly.  I've included a snippet of the passwd file in my first post, and it says that designer's uid is 500.  Hope that helps.

How do I find out the name of the user with uid 2004?

John

grep :2004: /etc/passwd

That just returned a blank line.  Also, I checked the passwd file manually, and there is no 2004 user in it.  What does that mean for samba?

damn, trapped in my own cryptic command
2004 is the PID not a UID
Pleas echeck with   ps aux  which user is running smbd

Ok, root is running smbd.  Should I change the user or add root to the developers group?

John

First of all you need to be sure that the group in your SMB conf file is the same as the actual name of the workgroup the nodes are in on your local network:

workgroup = LSSFILES

Check your domain controller / PDC / Domain admin, to be sure that this is in fat the name of the workgroup that the computers writing to the share reside on.

Next, I'd like to see your /etc/fstab entry for samba...the mount should look something like this (to get correct results):

the /etc/fstab entry I use (all on one line):

//raid/userid   /home/uersid    smbfs users,noauto,nodev,fmask=664,dmask=775 0 0

These permissions and paths should be modified for your own liking.

Looking at your initial post on fstab, you will need to add

noauto,nodev,fmask=664,dmask=775 0 0


then re-export the filesystem. (This used to be exportfs from NFS but now I think you just restart the daemon / system...)

OK, sorry about the long time between posts.  I added root to the developers group, no effect.  The workgroups are the same, so that's no problem.  I added the options to my fstab entry as suggested by kblack05 (except noauto because I do want it to mount automatically), but it changed my permissions to an even worse situation (see below).


[root@server shr2]# ls -l my.cnf
--------w-  1 designer developers 7527 Feb 16  2005 my.cnf
[root@server shr2]# chmod 777 my.cnf
[root@server shr2]# ls -l my.cnf
--------w-   1 designer developers     7527 Feb 16  2005 my.cnf
[root@server shr2]# chmod +w my.cnf
[root@server shr2]# ls -l my.cnf
--------w-  1 designer developers 7527 Feb 16  2005 my.cnf
[root@server shr2]#

This is a sequence I inputted at the console and you can see my results.  Prior to adding the new entries to the fstab, my permissions were:

rwxr-xr-x

Now they are as you see them above.  Things are getting worse, not better, and I still cannot change the permissions of the files, as can be seen above.  What's going on? Please help.

John

I removed the fmask and dmask options from fstab, and my permissions went back to rwxr-xr-x, but I still cannot change the permissions using chmod.

Any ideas? Anybody?

John

John the command above simply adds world writability where it already exists. It didn't change the permissions as according to chmod the were the same as requested.

I think what you want is

chmod 0755 my.cnf

http://www.tu-berlin.de/zrz/dienste/www/manpages/chmod.html

Here is a sequence of commands and outputs I entered (I'm just using my.cnf as an example so that there's not a long list of files and folders).

[root@server shr2]# ls -l my.cnf
-rwxr-xr-x  1 designer developers 7527 Feb 16  2005 my.cnf
[root@server shr2]# chmod -v 0777 my.cnf
mode of `my.cnf' changed to 0777 (rwxrwxrwx)
[root@server shr2]# ls -l my.cnf
-rwxr-xr-x  1 designer developers 7527 Feb 16  2005 my.cnf
[root@server shr2]#


Here is another sequence that I tried.  It would not let me change the first digit on the file.

[root@server shr2]# ls -l my.cnf
-rwxr-xr-x  1 designer developers 7527 Feb 16  2005 my.cnf
[root@server shr2]# chmod -v 2777 my.cnf
failed to change mode of `my.cnf' to 2777 (rwxrwsrwx)
chmod: changing permissions of `my.cnf': Operation not permitted
[root@server shr2]# ls -l my.cnf
-rwxr-xr-x  1 designer developers 7527 Feb 16  2005 my.cnf
[root@server shr2]#


As can be seen in the top sequence, it says that the permissions are changed, however, when I list the files again, the permissions revert to what they were before.  I don't care about the first digit in chomd (in the seconde sequence of commands), I just included it incase it helped anybody know what was going on.

By the way, I am able to change the priveldges on the files to settings other than adding write priveldges to group and all.  See below

[root@server shr2]# ls -l my.cnf
-rwxr-xr-x  1 designer developers 7527 Feb 16  2005 my.cnf
[root@server shr2]# chmod 444 my.cnf
[root@server shr2]# ls -l my.cnf
-r--r--r--  1 designer developers 7527 Feb 16  2005 my.cnf
[root@server shr2]# chmod 777 my.cnf
[root@server shr2]# ls -l my.cnf
-rwxr-xr-x  1 designer developers 7527 Feb 16  2005 my.cnf
[root@server shr2]#

I hope this helps you all figure out what's wrong.

Thanks,

John

John I think you might be running a security program which is modifying ... perhaps a default install of msec or similar...

Can you post the output of

ls /etc/cron*

Here you go.

[root@server ~]# ls /etc/cron*
/etc/cron.deny  /etc/crontab

/etc/cron.d:

/etc/cron.daily:
00-logwatch  00webalizer  0anacron  certwatch  cups  logrotate  makewhatis.cron  prelink  rpm  slocate.cron  tmpwatch  yum.cron

/etc/cron.hourly:

/etc/cron.monthly:
0anacron

/etc/cron.weekly:
0anacron  makewhatis.cron  yum.cron
[root@server ~]#

Ok can you try this?

setenforce 0

Then try what you are doing again and see if it works?

Still no go.  When you had me change the entry in fstab, it changed the permissions on the files on that drive and would not let me change them back (similar to what it is doing currently).  However, it changed the permissions to an unacceptable setting.  I wonder if fstab has anything to do with it.

John

make that MODIFY the entry in fstab

For example set the fstab entry from fmask=664 to fmask=755

I'm reading the man page for fstab on the fat file system.  It says that the umask option "Sets the umask (the bitmask of the permissions that are *not* present)".  What does it mean by "not present"?

Meaning if the set bit is already set, you must mask it. It will NOT remove the sticky bit, you'll need chmod for that. (Which I noticed you did set the sticky bit in another post above)

Okay, I changed the umaks to 775, and this is what it did when I rebooted it.

[root@server shr2]# ls -l
total 25952
d-------w-   4 designer developers    32768 Jun 27 10:14 Backups
--------w-   1 designer developers    32768 Dec 31  1979 fsck0000.rec
--------w-   1 designer developers    32768 Dec 31  1979 fsck0001.rec
--------w-   1 designer developers    32768 Dec 31  1979 fsck0002.rec
--------w-   1 designer developers    32768 Dec 31  1979 fsck0003.rec
--------w-   1 designer developers      795 Feb 16  2005 fstab
--------w-   1 designer developers       46 Feb 16  2005 lmhosts
--------w-   1 designer developers       40 Feb 16  2005 lmhosts~
--------w-   1 designer developers     7527 Feb 16  2005 my.cnf
d---------  13 designer developers    32768 Aug 23 13:25 mysql_data
--------w-   1 designer developers 25791187 Feb 16  2005 mysql-standard-5.0.18-linux-i686.tar.gz
--------w-   1 designer developers    81920 Nov  9  2005 php_dbg.dll-5.0.3
--------w-   1 designer developers     8192 Feb 16  2005 secrets.tdb
d-------w-   4 designer developers    32768 Jun 27 11:59 Server
d-------w-   6 designer developers    32768 Jan  2  2006 Shares
--------w-   1 designer developers     8480 Feb 16  2005 smb.conf
--------w-   1 designer developers     7932 Feb 16  2005 smb.conf~
--------w-   1 designer developers    10836 Feb 16  2005 smb.conf.backup
--------w-   1 designer developers      424 Feb 16  2005 smbpasswd
--------w-   1 designer developers      159 Feb 16  2005 smbusers
d-------w-   2 designer developers    32768 Jan 10  2006 tmp
d-------w-   3 designer developers    32768 Jul 15 14:25 uml
[root@server shr2]#

This is not what I want. :)

John

Actually these should already be modified. 755 is
user read+write+execture group +read+execute other + read+execute. What you have there looks like the result of using alphabetical mods

chmod u+r+w+x g+r+x o+r+x

Ok, I guess I had things backward.  After playing with fstab, I discovered that the bitmask subtracted from the permission octal settings.  Therefore, setting the umask to 000 set the permissions to 777.  See below.

/dev/hdd1               /mnt/shr2              vfat users,rw,dev,exec,auto,async,suid,uid=500,gid=450,umask=000      0 0

[root@server ~]# ls -l /mnt/shr2
total 25952
drwxrwxrwx   4 designer developers    32768 Jun 27 10:14 Backups
-rwxrwxrwx   1 designer developers    32768 Dec 31  1979 fsck0000.rec
-rwxrwxrwx   1 designer developers    32768 Dec 31  1979 fsck0001.rec
-rwxrwxrwx   1 designer developers    32768 Dec 31  1979 fsck0002.rec
-rwxrwxrwx   1 designer developers    32768 Dec 31  1979 fsck0003.rec
-rwxrwxrwx   1 designer developers      795 Feb 16  2005 fstab
-rwxrwxrwx   1 designer developers       46 Feb 16  2005 lmhosts
-rwxrwxrwx   1 designer developers       40 Feb 16  2005 lmhosts~
-rwxrwxrwx   1 designer developers     7527 Feb 16  2005 my.cnf
dr-xr-xr-x  13 designer developers    32768 Aug 23 13:36 mysql_data
-rwxrwxrwx   1 designer developers 25791187 Feb 16  2005 mysql-standard-5.0.18-linux-i686.tar.gz
-rwxrwxrwx   1 designer developers    81920 Nov  9  2005 php_dbg.dll-5.0.3
-rwxrwxrwx   1 designer developers     8192 Feb 16  2005 secrets.tdb
drwxrwxrwx   4 designer developers    32768 Jun 27 11:59 Server
drwxrwxrwx   6 designer developers    32768 Jan  2  2006 Shares
-rwxrwxrwx   1 designer developers     8480 Feb 16  2005 smb.conf
-rwxrwxrwx   1 designer developers     7932 Feb 16  2005 smb.conf~
-rwxrwxrwx   1 designer developers    10836 Feb 16  2005 smb.conf.backup
-rwxrwxrwx   1 designer developers      424 Feb 16  2005 smbpasswd
-rwxrwxrwx   1 designer developers      159 Feb 16  2005 smbusers
drwxrwxrwx   2 designer developers    32768 Jan 10  2006 tmp
drwxrwxrwx   3 designer developers    32768 Jul 15 14:25 uml
[root@server ~]#

I now have the permissions set how I want them.

Thanks all of you for your help.  Give me some time to figure out the points situation.

John

That's right, umask is unmask. I'm glad you got it working properly...