[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 964
  • Last Modified:

Samba User Permission Configuration

Hello Expert,

I am using Red Hal Linux Version 9.0 with Samba installed. I have already configured Samba for File Share. Here all the users are full permission like can create, modify and delete files and folders from Samba Share.

But i want to give some special permission for the user that they can create, rename, copy folder or file from the Samba share but not able to delete any file or folder. Only the root user can delete folders from the Server. All the users are access from XP and all are members of a windows domain account.

Please let me the solution for this.

Thanks.
0
technicalsys
Asked:
technicalsys
  • 9
  • 7
1 Solution
 
upanwarCommented:
You can use sticky bit to achieve your goal.

When the sticky bit is set on a directory, files in that directory may be deleted or renamed only by root or their owner. Without the sticky bit, anyone able to write to the directory can delete or rename files. The sticky bit is commonly found on directories, such as /tmp, that are world-writable.
0
 
technicalsysAuthor Commented:
Hi upanwar,

I did it. I checked the sticky bit on from the Properties of the backup folder and then select permission tab. Before the number view was 777 and after the sticky bit on it was 1777. But still the normal user can delete the files or folders on the Share folder. I have created the share folder under the root\Back.

Please suggest.
0
 
upanwarCommented:
To check whether sticky bit working perfectly or not, just do one thing.

Create a file on samba share with a user and try to delete that file with a different user and check.

If still you face any issue then please share your smb.conf to review.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
technicalsysAuthor Commented:
Hi upanwar,

When i tried to login from different user, it does not me allowed to login and i am not accessible the share. I can only login to user which i defined for the share folder. Here are the my settings for Server:
Workgroup:myworkgroupname
Authentication mode: share
Authencation server: workgroup name
Encrypt password: yes
guest account : yes

Besides this i checked the sticky bit from the folder's properties.

Please find the smb cofig file.

Thanks
smb.txt
0
 
upanwarCommented:
First of all I am so sorry for delayed responce. Earlier I was busy and later on I have forgot bout your question.

In your first post you have mentioned that your windows domain users are able to login to the share.

But in your last post you have mentioned that you are  not able to access the share with different user.

Which one is true ?

From the user which you are able to login that username is ranjan?

If we access our share from same user than we can not achieve our goal with sticky bit.

When the sticky bit is set on a directory, files in that directory may be deleted or renamed only by root or their owner.
0
 
technicalsysAuthor Commented:
Hi upanwar,

I have created two test users from my Domain test123 and test1234.Before both the users are able to connect to the share folders and that was i created a "share" folder. After I created the folder on "Domain" based and assign the user name ranjan (Which is a root user) and give the windows user name as test123 and samba password same as Windows password.

Now when i login to the Samba Share folder from test123 same problems occur as  i am able to delete files and folders from the Share.

Thanks.
0
 
upanwarCommented:
Could you please give me output of ls -la command for your shared directory and its contents.

0
 
technicalsysAuthor Commented:
Hi upanwar,

Here is the output of ls -la command for mt share directory Testbackup:

drwsrwSrwT    6 ranjan   ranjan       4096 Mar  2 10:14 TestBackup
0
 
upanwarCommented:
First of all in the permission field you have T for sticky bit instead of t which means the sticky bit is set, but others execute is not set so make it to t instead of T.

Sticky, If set, then replaces "x" in the others permissions to "t", if others have execute permissions, or to "T" otherwise.

Examples:
-rwxrwxrwt both others execute and sticky bit are set
-rwxrwxr-T sticky bit is set, but others execute is not set

Allow multiple user in smb.conf to use the share and then create files with one user and then try to remove with another user, I will not be able to do so.

and include the below given syntex in your smb.conf with your share.

create mode = 0440
force create mode = 0440
directory mode = 1777
force directory mode = 1777

This configuration may also help you to achieve your goal.

0
 
upanwarCommented:
chmod +t TestBackup
0
 
upanwarCommented:
To get more about SGID and Sticky bit issue below given URL is very good.

http://lokams.blogspot.com/2008/03/about-suid-sgid-and-sticky-bit.html
0
 
technicalsysAuthor Commented:
Thank you so much. I will check it and let know the results
0
 
technicalsysAuthor Commented:
Hi upanwar,

Sorry for late posting.

I have done the settings as you described. And here is my ls -la output

drwxrwxrwT    5 ranjan   ranjan       4096 Mar  4 12:20 TestBackup

I am not able to change the Stick mode from T to t. Whenever i set chmod +t TestBackup it will take "T"

[root]
      path = /root/TestBackup/
      writeable = yes
      guest ok = yes
      create mode = 0440
      force create mode = 0440
      directory mode = 1777
      force directory mode = 1777
      chmod +t TestBackup

And i tested this on two different XP system and two different users. But both the users are able to delete files or folders from TestBackup.

Please suggest.

Thanks

0
 
upanwarCommented:
Could you please show me ls -la for the files you have created.
0
 
technicalsysAuthor Commented:
Hi,

Here is the properties for the folders and the files in TestBackup

Folders: drwxr-xr-x, Number View: 755

Files: -rwxr-r-, Number View 744

I checked with the ls -la command for TestBackup, but it throws error as no such file or Directory.

Thanks
0
 
upanwarCommented:
Try

chmod a=rwxt <Folder name>

and change Security = user

in smb.conf

and perform the test again which you have earlier performed.
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

  • 9
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now