asked on Samba alternative group share problem
Hello,
I have a user, "reg" which is a member of "users" but also a member of the groups "svn", "web-dev" and a couple of other groups.
When logged on as this user on my server I can get to a directory called ".svn" but not when using the same user through a samba share.
Below are the details of my setup and what happens when when I list from the samba share vs. on the server as the same user and the samba config files. Both the client and the server are Linux computers, OS = openSUSE 11.0 (client) & 11.2 (server). The uid of "reg" is the same on the server and client.
The share in question is "[data]" which you can see from the smb.conf file is a very simple config.
The share is mounted on the client with a normal cifs mount.
As you can see from line 48 below that from the client I get a "permission denied" which is not the case from the server (line 67).
Client cifs-mount version is 3.4.5
Server samba version is 3.4.2
Any help appreciated.
I have a user, "reg" which is a member of "users" but also a member of the groups "svn", "web-dev" and a couple of other groups.
When logged on as this user on my server I can get to a directory called ".svn" but not when using the same user through a samba share.
Below are the details of my setup and what happens when when I list from the samba share vs. on the server as the same user and the samba config files. Both the client and the server are Linux computers, OS = openSUSE 11.0 (client) & 11.2 (server). The uid of "reg" is the same on the server and client.
The share in question is "[data]" which you can see from the smb.conf file is a very simple config.
The share is mounted on the client with a normal cifs mount.
As you can see from line 48 below that from the client I get a "permission denied" which is not the case from the server (line 67).
Client cifs-mount version is 3.4.5
Server samba version is 3.4.2
Any help appreciated.
SAMBA CONFIG. FILES:
- SMB.CONF
[global]
add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$
domain logons = No
domain master = No
passdb backend = smbpasswd
security = user
username map = /etc/samba/smbusers
wins support = No
workgroup = Multiverse
create mask = 0774
directory mask = 0774
netbios name = Neutrino
hide dot files = no
encrypt passwords = yes
[netlogon]
[data]
inherit acls = No
path = /data
read only = No
- SMBUSERS
root = administrator
;nobody = guest pcguest smbguest
reg = reg
FROM SAMBA SHARE AS USER reg:
reg@quark> l
total 36
drwxrwsr-x 6 reg 1001 0 2010-02-18 23:11 ./
drwxr-xr-x 9 reg users 4096 2010-02-18 18:22 ../
-rwxrwxr-- 1 reg 1001 169 2010-02-18 23:11 .buildpath*
drwxrwsrwx 7 reg 1001 0 2010-02-19 16:49 files/
drwxrwsr-x 193 reg 1001 0 2010-02-18 23:08 modules/
-rwxrwxr-- 1 reg 1001 506 2010-02-18 23:11 .project*
-rw-r-Sr-- 1 reg 1001 10876 2010-02-18 22:53 settings.php
-rwxrwxr-- 1 reg 1001 9453 2010-02-18 22:45 settings.php.prev*
drwxrws--- 6 115 tomcat 0 2010-02-18 23:08 .svn/
drwxrwsr-x 59 reg 1001 0 2010-02-19 18:04 themes/
reg@quark> l .svn
ls: cannot open directory .svn: Permission denied
reg@quark>
FROM THE SERVER AS reg:
reg@neutrino> l
total 56
drwxrwsr-x 6 reg web-dev 4096 2010-02-18 23:11 ./
drwxr-sr-x 8 reg web-dev 4096 2010-02-18 18:19 ../
-rwxrwxr-- 1 reg web-dev 169 2010-02-18 23:11 .buildpath*
drwxrwsrwx 7 reg web-dev 4096 2010-02-19 16:49 files/
drwxrwsr-x 193 reg web-dev 4096 2010-02-18 23:08 modules/
-rwxrwxr-- 1 reg web-dev 506 2010-02-18 23:11 .project*
-rw-r-Sr-- 1 reg web-dev 10876 2010-02-18 22:53 settings.php
-rwxrwxr-- 1 reg web-dev 9453 2010-02-18 22:45 settings.php.prev*
drwxrws--- 6 svn svn 4096 2010-02-18 23:08 .svn/
drwxrwsr-x 59 reg web-dev 4096 2010-02-19 18:04 themes/
reg@neutrino> l .svn
total 32
drwxrws--- 6 svn svn 4096 2010-02-18 23:08 ./
drwxrwsr-x 6 reg web-dev 4096 2010-02-18 23:11 ../
-rwxrwx--- 1 svn svn 296 2010-02-18 23:08 all-wcprops*
-rwxrwx--- 1 svn svn 572 2010-02-18 23:08 entries*
drwxrws--- 2 svn svn 4096 2010-02-18 22:45 prop-base/
drwxrws--- 2 svn svn 4096 2010-02-18 22:45 props/
drwxrws--- 2 svn svn 4096 2010-02-18 23:08 text-base/
drwxrws--- 5 svn svn 4096 2010-02-18 23:08 tmp/
reg@neutrino>
File Sharing SoftwareLinux NetworkingServer Hardware
Last Comment
RegProctor
ASKER
If I change the group of .svn. to "web-dev" I still can't list it however if I change the group to "users", the main group for "reg" I can list the .svn directory. clearly it is just ignoring the additional groups and adding "force group = svn" in "global" and/or "data" seems to not help at all.
ASKER
I added the group "svn" to the client with and gave it the same gid as the server's svn group -- I didn't think it would make any difference but figured it was worth a shot, no change though.
Why are you using samba between two linux machines ?
If you create an nfs share on the server /etc/exports
and mount it from the client, unix permissions will apply.
mount -t nfs server:/share
Here is a link for NFS : https://help.ubuntu.com/community/SettingUpNFSHowTo
Not to argue the point that NFS would be a better sharing solution, the issue will be the same, whether via NFS or Samba.... that, and the questioner asked how to fix what he has, not how to do what he wants better.
The issue is actually rather simple -- a classic case of user/group spaces NOT being shared or synchronized
When you login as reg on BOX1 and view the permissions of .svn, you see them as:
drwxrws--- 6 svn svn 4096 2010-02-18 23:08 .svn/
Which is to say, that the owner is UID 115 (which on that system's passwd file, belongs to the user svn), and the group is similarly svn (GID unknown from the information provided, but quite likely GID 115).
Now, you connect from BOX2 and view the permissions of .svn and you see them as:
drwxrws--- 6 115 tomcat 0 2010-02-18 23:08 .svn/
This is to say, that from the PERSPECTIVE OF THIS SYSTEM, svn is owned by UID 115 (which has no /etc/passwd entry at all), and has GID (potentially 115) that matches the group tomcat in the local /etc/group.
To see it more succinctly, try running the ls -ln command on .svn and see what you see... on EACH you should see the same:
drwxrws--- 6 115 115 0 2010-02-18 23:08 .svn/
(Granted, I've assumed here that the group svn on BOX1 has GID 115 -- but I think that a reasonable assumption!)
================
To put it simply, if you want the permissions to apply on BOX2, then the username/groupnames need to be the same (or at least the same for the users & groups desired) on BOX2.
So, to have .svn appear on BOX2 to have the same permissions as on BOX1, you need to CREATE the user svn (with UID 115) in /etc/passwd, and CHANGE the group named tomcat to be the group named svn on BOX2 (if you need a group called tomcat, create one with a different GID - preferably the same as the one on BOX1).
In addition, if user reg is supposed to belong to "users", "svn", "web-dev" and a couple of other groups, he'll need to belong to those groups on BOTH systems....
Good Luck!
Dan
IT4SOHO
The issue is actually rather simple -- a classic case of user/group spaces NOT being shared or synchronized
When you login as reg on BOX1 and view the permissions of .svn, you see them as:
drwxrws--- 6 svn svn 4096 2010-02-18 23:08 .svn/
Which is to say, that the owner is UID 115 (which on that system's passwd file, belongs to the user svn), and the group is similarly svn (GID unknown from the information provided, but quite likely GID 115).
Now, you connect from BOX2 and view the permissions of .svn and you see them as:
drwxrws--- 6 115 tomcat 0 2010-02-18 23:08 .svn/
This is to say, that from the PERSPECTIVE OF THIS SYSTEM, svn is owned by UID 115 (which has no /etc/passwd entry at all), and has GID (potentially 115) that matches the group tomcat in the local /etc/group.
To see it more succinctly, try running the ls -ln command on .svn and see what you see... on EACH you should see the same:
drwxrws--- 6 115 115 0 2010-02-18 23:08 .svn/
(Granted, I've assumed here that the group svn on BOX1 has GID 115 -- but I think that a reasonable assumption!)
================
To put it simply, if you want the permissions to apply on BOX2, then the username/groupnames need to be the same (or at least the same for the users & groups desired) on BOX2.
So, to have .svn appear on BOX2 to have the same permissions as on BOX1, you need to CREATE the user svn (with UID 115) in /etc/passwd, and CHANGE the group named tomcat to be the group named svn on BOX2 (if you need a group called tomcat, create one with a different GID - preferably the same as the one on BOX1).
In addition, if user reg is supposed to belong to "users", "svn", "web-dev" and a couple of other groups, he'll need to belong to those groups on BOTH systems....
Good Luck!
Dan
IT4SOHO
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Dan, this was terrific, thanks! ...there is always something new to learn on Linux. I'll try this all out tonight or at the latest tomorrow and get back to you (I would do it now if I didn't have a deadline to deal with).
Thanks again.
Thanks again.
ASKER
BTW, I do share this with a Windows computer as well at times, hence samba. I didn't mention it because I didn't think it was pertinent to the problem so you were spot on with your original statement.
ASKER
Worked like a charm.