technicalsys
asked on
Samba User Permission Configuration
Hello Expert,
I am using Red Hal Linux Version 9.0 with Samba installed. I have already configured Samba for File Share. Here all the users are full permission like can create, modify and delete files and folders from Samba Share.
But i want to give some special permission for the user that they can create, rename, copy folder or file from the Samba share but not able to delete any file or folder. Only the root user can delete folders from the Server. All the users are access from XP and all are members of a windows domain account.
Please let me the solution for this.
Thanks.
I am using Red Hal Linux Version 9.0 with Samba installed. I have already configured Samba for File Share. Here all the users are full permission like can create, modify and delete files and folders from Samba Share.
But i want to give some special permission for the user that they can create, rename, copy folder or file from the Samba share but not able to delete any file or folder. Only the root user can delete folders from the Server. All the users are access from XP and all are members of a windows domain account.
Please let me the solution for this.
Thanks.
ASKER
Hi upanwar,
I did it. I checked the sticky bit on from the Properties of the backup folder and then select permission tab. Before the number view was 777 and after the sticky bit on it was 1777. But still the normal user can delete the files or folders on the Share folder. I have created the share folder under the root\Back.
Please suggest.
I did it. I checked the sticky bit on from the Properties of the backup folder and then select permission tab. Before the number view was 777 and after the sticky bit on it was 1777. But still the normal user can delete the files or folders on the Share folder. I have created the share folder under the root\Back.
Please suggest.
To check whether sticky bit working perfectly or not, just do one thing.
Create a file on samba share with a user and try to delete that file with a different user and check.
If still you face any issue then please share your smb.conf to review.
Create a file on samba share with a user and try to delete that file with a different user and check.
If still you face any issue then please share your smb.conf to review.
ASKER
Hi upanwar,
When i tried to login from different user, it does not me allowed to login and i am not accessible the share. I can only login to user which i defined for the share folder. Here are the my settings for Server:
Workgroup:myworkgroupname
Authentication mode: share
Authencation server: workgroup name
Encrypt password: yes
guest account : yes
Besides this i checked the sticky bit from the folder's properties.
Please find the smb cofig file.
Thanks
smb.txt
When i tried to login from different user, it does not me allowed to login and i am not accessible the share. I can only login to user which i defined for the share folder. Here are the my settings for Server:
Workgroup:myworkgroupname
Authentication mode: share
Authencation server: workgroup name
Encrypt password: yes
guest account : yes
Besides this i checked the sticky bit from the folder's properties.
Please find the smb cofig file.
Thanks
smb.txt
First of all I am so sorry for delayed responce. Earlier I was busy and later on I have forgot bout your question.
In your first post you have mentioned that your windows domain users are able to login to the share.
But in your last post you have mentioned that you are not able to access the share with different user.
Which one is true ?
From the user which you are able to login that username is ranjan?
If we access our share from same user than we can not achieve our goal with sticky bit.
When the sticky bit is set on a directory, files in that directory may be deleted or renamed only by root or their owner.
In your first post you have mentioned that your windows domain users are able to login to the share.
But in your last post you have mentioned that you are not able to access the share with different user.
Which one is true ?
From the user which you are able to login that username is ranjan?
If we access our share from same user than we can not achieve our goal with sticky bit.
When the sticky bit is set on a directory, files in that directory may be deleted or renamed only by root or their owner.
ASKER
Hi upanwar,
I have created two test users from my Domain test123 and test1234.Before both the users are able to connect to the share folders and that was i created a "share" folder. After I created the folder on "Domain" based and assign the user name ranjan (Which is a root user) and give the windows user name as test123 and samba password same as Windows password.
Now when i login to the Samba Share folder from test123 same problems occur as i am able to delete files and folders from the Share.
Thanks.
I have created two test users from my Domain test123 and test1234.Before both the users are able to connect to the share folders and that was i created a "share" folder. After I created the folder on "Domain" based and assign the user name ranjan (Which is a root user) and give the windows user name as test123 and samba password same as Windows password.
Now when i login to the Samba Share folder from test123 same problems occur as i am able to delete files and folders from the Share.
Thanks.
Could you please give me output of ls -la command for your shared directory and its contents.
ASKER
Hi upanwar,
Here is the output of ls -la command for mt share directory Testbackup:
drwsrwSrwT 6 ranjan ranjan 4096 Mar 2 10:14 TestBackup
Here is the output of ls -la command for mt share directory Testbackup:
drwsrwSrwT 6 ranjan ranjan 4096 Mar 2 10:14 TestBackup
First of all in the permission field you have T for sticky bit instead of t which means the sticky bit is set, but others execute is not set so make it to t instead of T.
Sticky, If set, then replaces "x" in the others permissions to "t", if others have execute permissions, or to "T" otherwise.
Examples:
-rwxrwxrwt both others execute and sticky bit are set
-rwxrwxr-T sticky bit is set, but others execute is not set
Allow multiple user in smb.conf to use the share and then create files with one user and then try to remove with another user, I will not be able to do so.
and include the below given syntex in your smb.conf with your share.
create mode = 0440
force create mode = 0440
directory mode = 1777
force directory mode = 1777
This configuration may also help you to achieve your goal.
Sticky, If set, then replaces "x" in the others permissions to "t", if others have execute permissions, or to "T" otherwise.
Examples:
-rwxrwxrwt both others execute and sticky bit are set
-rwxrwxr-T sticky bit is set, but others execute is not set
Allow multiple user in smb.conf to use the share and then create files with one user and then try to remove with another user, I will not be able to do so.
and include the below given syntex in your smb.conf with your share.
create mode = 0440
force create mode = 0440
directory mode = 1777
force directory mode = 1777
This configuration may also help you to achieve your goal.
chmod +t TestBackup
To get more about SGID and Sticky bit issue below given URL is very good.
http://lokams.blogspot.com/2008/03/about-suid-sgid-and-sticky-bit.html
http://lokams.blogspot.com/2008/03/about-suid-sgid-and-sticky-bit.html
ASKER
Thank you so much. I will check it and let know the results
ASKER
Hi upanwar,
Sorry for late posting.
I have done the settings as you described. And here is my ls -la output
drwxrwxrwT 5 ranjan ranjan 4096 Mar 4 12:20 TestBackup
I am not able to change the Stick mode from T to t. Whenever i set chmod +t TestBackup it will take "T"
[root]
path = /root/TestBackup/
writeable = yes
guest ok = yes
create mode = 0440
force create mode = 0440
directory mode = 1777
force directory mode = 1777
chmod +t TestBackup
And i tested this on two different XP system and two different users. But both the users are able to delete files or folders from TestBackup.
Please suggest.
Thanks
Sorry for late posting.
I have done the settings as you described. And here is my ls -la output
drwxrwxrwT 5 ranjan ranjan 4096 Mar 4 12:20 TestBackup
I am not able to change the Stick mode from T to t. Whenever i set chmod +t TestBackup it will take "T"
[root]
path = /root/TestBackup/
writeable = yes
guest ok = yes
create mode = 0440
force create mode = 0440
directory mode = 1777
force directory mode = 1777
chmod +t TestBackup
And i tested this on two different XP system and two different users. But both the users are able to delete files or folders from TestBackup.
Please suggest.
Thanks
Could you please show me ls -la for the files you have created.
ASKER
Hi,
Here is the properties for the folders and the files in TestBackup
Folders: drwxr-xr-x, Number View: 755
Files: -rwxr-r-, Number View 744
I checked with the ls -la command for TestBackup, but it throws error as no such file or Directory.
Thanks
Here is the properties for the folders and the files in TestBackup
Folders: drwxr-xr-x, Number View: 755
Files: -rwxr-r-, Number View 744
I checked with the ls -la command for TestBackup, but it throws error as no such file or Directory.
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
When the sticky bit is set on a directory, files in that directory may be deleted or renamed only by root or their owner. Without the sticky bit, anyone able to write to the directory can delete or rename files. The sticky bit is commonly found on directories, such as /tmp, that are world-writable.