?
Solved

Samba User Permission Configuration

Posted on 2011-02-25
16
Medium Priority
?
959 Views
Last Modified: 2012-05-11
Hello Expert,

I am using Red Hal Linux Version 9.0 with Samba installed. I have already configured Samba for File Share. Here all the users are full permission like can create, modify and delete files and folders from Samba Share.

But i want to give some special permission for the user that they can create, rename, copy folder or file from the Samba share but not able to delete any file or folder. Only the root user can delete folders from the Server. All the users are access from XP and all are members of a windows domain account.

Please let me the solution for this.

Thanks.
0
Comment
Question by:technicalsys
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 7
16 Comments
 
LVL 12

Expert Comment

by:upanwar
ID: 34986094
You can use sticky bit to achieve your goal.

When the sticky bit is set on a directory, files in that directory may be deleted or renamed only by root or their owner. Without the sticky bit, anyone able to write to the directory can delete or rename files. The sticky bit is commonly found on directories, such as /tmp, that are world-writable.
0
 

Author Comment

by:technicalsys
ID: 34986264
Hi upanwar,

I did it. I checked the sticky bit on from the Properties of the backup folder and then select permission tab. Before the number view was 777 and after the sticky bit on it was 1777. But still the normal user can delete the files or folders on the Share folder. I have created the share folder under the root\Back.

Please suggest.
0
 
LVL 12

Expert Comment

by:upanwar
ID: 34988468
To check whether sticky bit working perfectly or not, just do one thing.

Create a file on samba share with a user and try to delete that file with a different user and check.

If still you face any issue then please share your smb.conf to review.
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 

Author Comment

by:technicalsys
ID: 34996561
Hi upanwar,

When i tried to login from different user, it does not me allowed to login and i am not accessible the share. I can only login to user which i defined for the share folder. Here are the my settings for Server:
Workgroup:myworkgroupname
Authentication mode: share
Authencation server: workgroup name
Encrypt password: yes
guest account : yes

Besides this i checked the sticky bit from the folder's properties.

Please find the smb cofig file.

Thanks
smb.txt
0
 
LVL 12

Expert Comment

by:upanwar
ID: 35025544
First of all I am so sorry for delayed responce. Earlier I was busy and later on I have forgot bout your question.

In your first post you have mentioned that your windows domain users are able to login to the share.

But in your last post you have mentioned that you are  not able to access the share with different user.

Which one is true ?

From the user which you are able to login that username is ranjan?

If we access our share from same user than we can not achieve our goal with sticky bit.

When the sticky bit is set on a directory, files in that directory may be deleted or renamed only by root or their owner.
0
 

Author Comment

by:technicalsys
ID: 35025636
Hi upanwar,

I have created two test users from my Domain test123 and test1234.Before both the users are able to connect to the share folders and that was i created a "share" folder. After I created the folder on "Domain" based and assign the user name ranjan (Which is a root user) and give the windows user name as test123 and samba password same as Windows password.

Now when i login to the Samba Share folder from test123 same problems occur as  i am able to delete files and folders from the Share.

Thanks.
0
 
LVL 12

Expert Comment

by:upanwar
ID: 35025737
Could you please give me output of ls -la command for your shared directory and its contents.

0
 

Author Comment

by:technicalsys
ID: 35025834
Hi upanwar,

Here is the output of ls -la command for mt share directory Testbackup:

drwsrwSrwT    6 ranjan   ranjan       4096 Mar  2 10:14 TestBackup
0
 
LVL 12

Expert Comment

by:upanwar
ID: 35026454
First of all in the permission field you have T for sticky bit instead of t which means the sticky bit is set, but others execute is not set so make it to t instead of T.

Sticky, If set, then replaces "x" in the others permissions to "t", if others have execute permissions, or to "T" otherwise.

Examples:
-rwxrwxrwt both others execute and sticky bit are set
-rwxrwxr-T sticky bit is set, but others execute is not set

Allow multiple user in smb.conf to use the share and then create files with one user and then try to remove with another user, I will not be able to do so.

and include the below given syntex in your smb.conf with your share.

create mode = 0440
force create mode = 0440
directory mode = 1777
force directory mode = 1777

This configuration may also help you to achieve your goal.

0
 
LVL 12

Expert Comment

by:upanwar
ID: 35026485
chmod +t TestBackup
0
 
LVL 12

Expert Comment

by:upanwar
ID: 35026509
To get more about SGID and Sticky bit issue below given URL is very good.

http://lokams.blogspot.com/2008/03/about-suid-sgid-and-sticky-bit.html
0
 

Author Comment

by:technicalsys
ID: 35026538
Thank you so much. I will check it and let know the results
0
 

Author Comment

by:technicalsys
ID: 35093627
Hi upanwar,

Sorry for late posting.

I have done the settings as you described. And here is my ls -la output

drwxrwxrwT    5 ranjan   ranjan       4096 Mar  4 12:20 TestBackup

I am not able to change the Stick mode from T to t. Whenever i set chmod +t TestBackup it will take "T"

[root]
      path = /root/TestBackup/
      writeable = yes
      guest ok = yes
      create mode = 0440
      force create mode = 0440
      directory mode = 1777
      force directory mode = 1777
      chmod +t TestBackup

And i tested this on two different XP system and two different users. But both the users are able to delete files or folders from TestBackup.

Please suggest.

Thanks

0
 
LVL 12

Expert Comment

by:upanwar
ID: 35094073
Could you please show me ls -la for the files you have created.
0
 

Author Comment

by:technicalsys
ID: 35094222
Hi,

Here is the properties for the folders and the files in TestBackup

Folders: drwxr-xr-x, Number View: 755

Files: -rwxr-r-, Number View 744

I checked with the ls -la command for TestBackup, but it throws error as no such file or Directory.

Thanks
0
 
LVL 12

Accepted Solution

by:
upanwar earned 1000 total points
ID: 35095122
Try

chmod a=rwxt <Folder name>

and change Security = user

in smb.conf

and perform the test again which you have earlier performed.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
The purpose of this article is to fix the unknown display problem in Linux Mint operating system. After installing the OS if you see Display monitor is not recognized then we can install "MESA" utilities to fix this problem or we can install additio…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question