• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 350
  • Last Modified:

Can't add write permission for 'group' or 'world' on Samba shares - FC4

I have an FC4 box with a second HDD that I mount under /mnt/shr2.  On this HDD are several folders and files that I share with Windows using Samba.  I've set up Samba as a PDC.  All worked great until I tried to add users to my domain and have them access the files of the Samba shares.  The original file creator can read/write the files, but the new users cannot.  I've created a group and put the users that should have access in that group, but when I try to chmod the files / folders, the settings do not take effect.  I would like to change permissions for the files so that anyone in that group have read/write access to the files.  Included are parts of my fstab, smb.conf, and passwd files.

Thanks,

fstab:
/dev/hdd1               /mnt/shr2              vfat defaults,gid=450      0 0


smb.conf:
[global]
        workgroup = LSSFILES
        netbios name = LSS
        server string = LSS Domain
        username map = /etc/samba/smbusers
        log file = /var/log/samba/%m.log
        max log size = 50
        name resolve order = lmhosts wins bcast
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        logon path = \\%L\Profiles
        domain logons = Yes
        os level = 50
        preferred master = Yes
        domain master = Yes
        wins support = Yes
        ldap ssl = no
        idmap uid = 16777216-33554431
        idmap gid = 16777216-33554431

[Files]
        path = /mnt/shr2/Server
        valid users = webdev, software, designer, lightningss$, root
        read only = No

passwd:
designer:x:500:450::/home/LSSdesigner:/bin/bash
lightningss$:*:1000:900:Trust Account:/dev/null:/dev/null
lss-design$:*:999:900:Trust Account:/dev/null:/dev/null
webdev:x:1002:450::/home/webdev:/bin/bash
software:x:1003:450::/home/software:/bin/bash
0
jabeavers
Asked:
jabeavers
  • 13
  • 11
  • 5
  • +1
2 Solutions
 
ahoffmannCommented:
please post result of:
  ls -ld /mnt/shr2/Server
  ps axl | awk '/smbd/{print $2" "$4" "$13}' | sort -u
0
 
jabeaversAuthor Commented:
Here are the results:

[root@server ~]# ls -ld /mnt/shr2/Server
drwxr-xr-x  4 designer developers 32768 Jun 27 11:59 /mnt/shr2/Server

[root@server ~]# ps axl | awk '/smbd/{print $2" "$4" "$13}' | sort -u
0 1 smbd
0 2004 smbd
0 7604 awk
0
 
ibu1System AdministratorCommented:
if
designer is user
and
developer is group
than do this exactly
# cd /home/designer
# chown -R designer:developer /home/designer

                                           OR

# chown -R user:group /path to the directory


BEST OF LUCK
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
ibu1System AdministratorCommented:
OR
just copy and paste this
# chown -R designer:developer /mnt/shr2/Server

Here is supposed that the new user u add is designer.Replace designer with ur new user name

BEST OF LUCK
0
 
ahoffmannCommented:
is 2004 the uid of user designer?
0
 
jabeaversAuthor Commented:
I tried to chown the shared files I want, as you suggested:

# chown -R designer:developers /mnt/shr2/Server

This gave me an "Operation not permitted" warning on all of the files and folders.  However, the owner and group are set to the correct users and groups, it's just that the group permissions on the files will not accept write privileges when I chmod the files / folders.

John

BTW:

2004 is not the uid of designer if I am reading my info correctly.  I've included a snippet of the passwd file in my first post, and it says that designer's uid is 500.  Hope that helps.
0
 
ahoffmannCommented:
> 2004 is not the uid of designer ..
just seen it in the initial question.
You need to make designer (500) and the user with uid 2004 being a member of the same group.
Depending on your other configuration of smbd.conf,
   chown -R
will not only fail (with permission denied) but also make your service unavailable for other users.
0
 
jabeaversAuthor Commented:
How do I find out the name of the user with uid 2004?

John
0
 
ahoffmannCommented:
grep :2004: /etc/passwd
0
 
jabeaversAuthor Commented:
That just returned a blank line.  Also, I checked the passwd file manually, and there is no 2004 user in it.  What does that mean for samba?
0
 
ahoffmannCommented:
damn, trapped in my own cryptic command
2004 is the PID not a UID
Pleas echeck with   ps aux  which user is running smbd
0
 
jabeaversAuthor Commented:
Ok, root is running smbd.  Should I change the user or add root to the developers group?

John
0
 
kblack05Commented:
First of all you need to be sure that the group in your SMB conf file is the same as the actual name of the workgroup the nodes are in on your local network:

workgroup = LSSFILES

Check your domain controller / PDC / Domain admin, to be sure that this is in fat the name of the workgroup that the computers writing to the share reside on.

Next, I'd like to see your /etc/fstab entry for samba...the mount should look something like this (to get correct results):

the /etc/fstab entry I use (all on one line):

//raid/userid   /home/uersid    smbfs users,noauto,nodev,fmask=664,dmask=775 0 0

These permissions and paths should be modified for your own liking.


0
 
kblack05Commented:
Looking at your initial post on fstab, you will need to add

noauto,nodev,fmask=664,dmask=775 0 0


then re-export the filesystem. (This used to be exportfs from NFS but now I think you just restart the daemon / system...)
0
 
jabeaversAuthor Commented:
OK, sorry about the long time between posts.  I added root to the developers group, no effect.  The workgroups are the same, so that's no problem.  I added the options to my fstab entry as suggested by kblack05 (except noauto because I do want it to mount automatically), but it changed my permissions to an even worse situation (see below).


[root@server shr2]# ls -l my.cnf
--------w-  1 designer developers 7527 Feb 16  2005 my.cnf
[root@server shr2]# chmod 777 my.cnf
[root@server shr2]# ls -l my.cnf
--------w-   1 designer developers     7527 Feb 16  2005 my.cnf
[root@server shr2]# chmod +w my.cnf
[root@server shr2]# ls -l my.cnf
--------w-  1 designer developers 7527 Feb 16  2005 my.cnf
[root@server shr2]#

This is a sequence I inputted at the console and you can see my results.  Prior to adding the new entries to the fstab, my permissions were:

rwxr-xr-x

Now they are as you see them above.  Things are getting worse, not better, and I still cannot change the permissions of the files, as can be seen above.  What's going on? Please help.

John
0
 
jabeaversAuthor Commented:
I removed the fmask and dmask options from fstab, and my permissions went back to rwxr-xr-x, but I still cannot change the permissions using chmod.

Any ideas? Anybody?

John
0
 
kblack05Commented:
John the command above simply adds world writability where it already exists. It didn't change the permissions as according to chmod the were the same as requested.

I think what you want is

chmod 0755 my.cnf

http://www.tu-berlin.de/zrz/dienste/www/manpages/chmod.html
0
 
jabeaversAuthor Commented:
Here is a sequence of commands and outputs I entered (I'm just using my.cnf as an example so that there's not a long list of files and folders).

[root@server shr2]# ls -l my.cnf
-rwxr-xr-x  1 designer developers 7527 Feb 16  2005 my.cnf
[root@server shr2]# chmod -v 0777 my.cnf
mode of `my.cnf' changed to 0777 (rwxrwxrwx)
[root@server shr2]# ls -l my.cnf
-rwxr-xr-x  1 designer developers 7527 Feb 16  2005 my.cnf
[root@server shr2]#


Here is another sequence that I tried.  It would not let me change the first digit on the file.

[root@server shr2]# ls -l my.cnf
-rwxr-xr-x  1 designer developers 7527 Feb 16  2005 my.cnf
[root@server shr2]# chmod -v 2777 my.cnf
failed to change mode of `my.cnf' to 2777 (rwxrwsrwx)
chmod: changing permissions of `my.cnf': Operation not permitted
[root@server shr2]# ls -l my.cnf
-rwxr-xr-x  1 designer developers 7527 Feb 16  2005 my.cnf
[root@server shr2]#


As can be seen in the top sequence, it says that the permissions are changed, however, when I list the files again, the permissions revert to what they were before.  I don't care about the first digit in chomd (in the seconde sequence of commands), I just included it incase it helped anybody know what was going on.

By the way, I am able to change the priveldges on the files to settings other than adding write priveldges to group and all.  See below

[root@server shr2]# ls -l my.cnf
-rwxr-xr-x  1 designer developers 7527 Feb 16  2005 my.cnf
[root@server shr2]# chmod 444 my.cnf
[root@server shr2]# ls -l my.cnf
-r--r--r--  1 designer developers 7527 Feb 16  2005 my.cnf
[root@server shr2]# chmod 777 my.cnf
[root@server shr2]# ls -l my.cnf
-rwxr-xr-x  1 designer developers 7527 Feb 16  2005 my.cnf
[root@server shr2]#

I hope this helps you all figure out what's wrong.

Thanks,

John
0
 
kblack05Commented:
John I think you might be running a security program which is modifying ... perhaps a default install of msec or similar...

Can you post the output of

ls /etc/cron*
0
 
jabeaversAuthor Commented:
Here you go.

[root@server ~]# ls /etc/cron*
/etc/cron.deny  /etc/crontab

/etc/cron.d:

/etc/cron.daily:
00-logwatch  00webalizer  0anacron  certwatch  cups  logrotate  makewhatis.cron  prelink  rpm  slocate.cron  tmpwatch  yum.cron

/etc/cron.hourly:

/etc/cron.monthly:
0anacron

/etc/cron.weekly:
0anacron  makewhatis.cron  yum.cron
[root@server ~]#
0
 
kblack05Commented:
Ok can you try this?

setenforce 0

Then try what you are doing again and see if it works?

0
 
jabeaversAuthor Commented:
Still no go.  When you had me change the entry in fstab, it changed the permissions on the files on that drive and would not let me change them back (similar to what it is doing currently).  However, it changed the permissions to an unacceptable setting.  I wonder if fstab has anything to do with it.

John
0
 
kblack05Commented:
fstab tells the server how it can mount or unmount filesystems and their permissions states. You can always remove the entry in fstab, then reboot the computer or remount those systems...

It's likely we are up against a filesystem permssions policy with FC I've seen it before...usually setenforce 0 does the trick.

0
 
kblack05Commented:
make that MODIFY the entry in fstab
0
 
kblack05Commented:
For example set the fstab entry from fmask=664 to fmask=755
0
 
jabeaversAuthor Commented:
I'm reading the man page for fstab on the fat file system.  It says that the umask option "Sets the umask (the bitmask of the permissions that are *not* present)".  What does it mean by "not present"?
0
 
kblack05Commented:
Meaning if the set bit is already set, you must mask it. It will NOT remove the sticky bit, you'll need chmod for that. (Which I noticed you did set the sticky bit in another post above)
0
 
jabeaversAuthor Commented:
Okay, I changed the umaks to 775, and this is what it did when I rebooted it.

[root@server shr2]# ls -l
total 25952
d-------w-   4 designer developers    32768 Jun 27 10:14 Backups
--------w-   1 designer developers    32768 Dec 31  1979 fsck0000.rec
--------w-   1 designer developers    32768 Dec 31  1979 fsck0001.rec
--------w-   1 designer developers    32768 Dec 31  1979 fsck0002.rec
--------w-   1 designer developers    32768 Dec 31  1979 fsck0003.rec
--------w-   1 designer developers      795 Feb 16  2005 fstab
--------w-   1 designer developers       46 Feb 16  2005 lmhosts
--------w-   1 designer developers       40 Feb 16  2005 lmhosts~
--------w-   1 designer developers     7527 Feb 16  2005 my.cnf
d---------  13 designer developers    32768 Aug 23 13:25 mysql_data
--------w-   1 designer developers 25791187 Feb 16  2005 mysql-standard-5.0.18-linux-i686.tar.gz
--------w-   1 designer developers    81920 Nov  9  2005 php_dbg.dll-5.0.3
--------w-   1 designer developers     8192 Feb 16  2005 secrets.tdb
d-------w-   4 designer developers    32768 Jun 27 11:59 Server
d-------w-   6 designer developers    32768 Jan  2  2006 Shares
--------w-   1 designer developers     8480 Feb 16  2005 smb.conf
--------w-   1 designer developers     7932 Feb 16  2005 smb.conf~
--------w-   1 designer developers    10836 Feb 16  2005 smb.conf.backup
--------w-   1 designer developers      424 Feb 16  2005 smbpasswd
--------w-   1 designer developers      159 Feb 16  2005 smbusers
d-------w-   2 designer developers    32768 Jan 10  2006 tmp
d-------w-   3 designer developers    32768 Jul 15 14:25 uml
[root@server shr2]#

This is not what I want. :)

John
0
 
kblack05Commented:
Actually these should already be modified. 755 is
user read+write+execture group +read+execute other + read+execute. What you have there looks like the result of using alphabetical mods

chmod u+r+w+x g+r+x o+r+x
0
 
jabeaversAuthor Commented:
Ok, I guess I had things backward.  After playing with fstab, I discovered that the bitmask subtracted from the permission octal settings.  Therefore, setting the umask to 000 set the permissions to 777.  See below.

/dev/hdd1               /mnt/shr2              vfat users,rw,dev,exec,auto,async,suid,uid=500,gid=450,umask=000      0 0

[root@server ~]# ls -l /mnt/shr2
total 25952
drwxrwxrwx   4 designer developers    32768 Jun 27 10:14 Backups
-rwxrwxrwx   1 designer developers    32768 Dec 31  1979 fsck0000.rec
-rwxrwxrwx   1 designer developers    32768 Dec 31  1979 fsck0001.rec
-rwxrwxrwx   1 designer developers    32768 Dec 31  1979 fsck0002.rec
-rwxrwxrwx   1 designer developers    32768 Dec 31  1979 fsck0003.rec
-rwxrwxrwx   1 designer developers      795 Feb 16  2005 fstab
-rwxrwxrwx   1 designer developers       46 Feb 16  2005 lmhosts
-rwxrwxrwx   1 designer developers       40 Feb 16  2005 lmhosts~
-rwxrwxrwx   1 designer developers     7527 Feb 16  2005 my.cnf
dr-xr-xr-x  13 designer developers    32768 Aug 23 13:36 mysql_data
-rwxrwxrwx   1 designer developers 25791187 Feb 16  2005 mysql-standard-5.0.18-linux-i686.tar.gz
-rwxrwxrwx   1 designer developers    81920 Nov  9  2005 php_dbg.dll-5.0.3
-rwxrwxrwx   1 designer developers     8192 Feb 16  2005 secrets.tdb
drwxrwxrwx   4 designer developers    32768 Jun 27 11:59 Server
drwxrwxrwx   6 designer developers    32768 Jan  2  2006 Shares
-rwxrwxrwx   1 designer developers     8480 Feb 16  2005 smb.conf
-rwxrwxrwx   1 designer developers     7932 Feb 16  2005 smb.conf~
-rwxrwxrwx   1 designer developers    10836 Feb 16  2005 smb.conf.backup
-rwxrwxrwx   1 designer developers      424 Feb 16  2005 smbpasswd
-rwxrwxrwx   1 designer developers      159 Feb 16  2005 smbusers
drwxrwxrwx   2 designer developers    32768 Jan 10  2006 tmp
drwxrwxrwx   3 designer developers    32768 Jul 15 14:25 uml
[root@server ~]#

I now have the permissions set how I want them.

Thanks all of you for your help.  Give me some time to figure out the points situation.

John
0
 
kblack05Commented:
That's right, umask is unmask. I'm glad you got it working properly...
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 13
  • 11
  • 5
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now