Solved

Samba User Permission Configuration

Posted on 2011-02-25
16
944 Views
Last Modified: 2012-05-11
Hello Expert,

I am using Red Hal Linux Version 9.0 with Samba installed. I have already configured Samba for File Share. Here all the users are full permission like can create, modify and delete files and folders from Samba Share.

But i want to give some special permission for the user that they can create, rename, copy folder or file from the Samba share but not able to delete any file or folder. Only the root user can delete folders from the Server. All the users are access from XP and all are members of a windows domain account.

Please let me the solution for this.

Thanks.
0
Comment
Question by:technicalsys
  • 9
  • 7
16 Comments
 
LVL 12

Expert Comment

by:upanwar
ID: 34986094
You can use sticky bit to achieve your goal.

When the sticky bit is set on a directory, files in that directory may be deleted or renamed only by root or their owner. Without the sticky bit, anyone able to write to the directory can delete or rename files. The sticky bit is commonly found on directories, such as /tmp, that are world-writable.
0
 

Author Comment

by:technicalsys
ID: 34986264
Hi upanwar,

I did it. I checked the sticky bit on from the Properties of the backup folder and then select permission tab. Before the number view was 777 and after the sticky bit on it was 1777. But still the normal user can delete the files or folders on the Share folder. I have created the share folder under the root\Back.

Please suggest.
0
 
LVL 12

Expert Comment

by:upanwar
ID: 34988468
To check whether sticky bit working perfectly or not, just do one thing.

Create a file on samba share with a user and try to delete that file with a different user and check.

If still you face any issue then please share your smb.conf to review.
0
 

Author Comment

by:technicalsys
ID: 34996561
Hi upanwar,

When i tried to login from different user, it does not me allowed to login and i am not accessible the share. I can only login to user which i defined for the share folder. Here are the my settings for Server:
Workgroup:myworkgroupname
Authentication mode: share
Authencation server: workgroup name
Encrypt password: yes
guest account : yes

Besides this i checked the sticky bit from the folder's properties.

Please find the smb cofig file.

Thanks
smb.txt
0
 
LVL 12

Expert Comment

by:upanwar
ID: 35025544
First of all I am so sorry for delayed responce. Earlier I was busy and later on I have forgot bout your question.

In your first post you have mentioned that your windows domain users are able to login to the share.

But in your last post you have mentioned that you are  not able to access the share with different user.

Which one is true ?

From the user which you are able to login that username is ranjan?

If we access our share from same user than we can not achieve our goal with sticky bit.

When the sticky bit is set on a directory, files in that directory may be deleted or renamed only by root or their owner.
0
 

Author Comment

by:technicalsys
ID: 35025636
Hi upanwar,

I have created two test users from my Domain test123 and test1234.Before both the users are able to connect to the share folders and that was i created a "share" folder. After I created the folder on "Domain" based and assign the user name ranjan (Which is a root user) and give the windows user name as test123 and samba password same as Windows password.

Now when i login to the Samba Share folder from test123 same problems occur as  i am able to delete files and folders from the Share.

Thanks.
0
 
LVL 12

Expert Comment

by:upanwar
ID: 35025737
Could you please give me output of ls -la command for your shared directory and its contents.

0
 

Author Comment

by:technicalsys
ID: 35025834
Hi upanwar,

Here is the output of ls -la command for mt share directory Testbackup:

drwsrwSrwT    6 ranjan   ranjan       4096 Mar  2 10:14 TestBackup
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 12

Expert Comment

by:upanwar
ID: 35026454
First of all in the permission field you have T for sticky bit instead of t which means the sticky bit is set, but others execute is not set so make it to t instead of T.

Sticky, If set, then replaces "x" in the others permissions to "t", if others have execute permissions, or to "T" otherwise.

Examples:
-rwxrwxrwt both others execute and sticky bit are set
-rwxrwxr-T sticky bit is set, but others execute is not set

Allow multiple user in smb.conf to use the share and then create files with one user and then try to remove with another user, I will not be able to do so.

and include the below given syntex in your smb.conf with your share.

create mode = 0440
force create mode = 0440
directory mode = 1777
force directory mode = 1777

This configuration may also help you to achieve your goal.

0
 
LVL 12

Expert Comment

by:upanwar
ID: 35026485
chmod +t TestBackup
0
 
LVL 12

Expert Comment

by:upanwar
ID: 35026509
To get more about SGID and Sticky bit issue below given URL is very good.

http://lokams.blogspot.com/2008/03/about-suid-sgid-and-sticky-bit.html
0
 

Author Comment

by:technicalsys
ID: 35026538
Thank you so much. I will check it and let know the results
0
 

Author Comment

by:technicalsys
ID: 35093627
Hi upanwar,

Sorry for late posting.

I have done the settings as you described. And here is my ls -la output

drwxrwxrwT    5 ranjan   ranjan       4096 Mar  4 12:20 TestBackup

I am not able to change the Stick mode from T to t. Whenever i set chmod +t TestBackup it will take "T"

[root]
      path = /root/TestBackup/
      writeable = yes
      guest ok = yes
      create mode = 0440
      force create mode = 0440
      directory mode = 1777
      force directory mode = 1777
      chmod +t TestBackup

And i tested this on two different XP system and two different users. But both the users are able to delete files or folders from TestBackup.

Please suggest.

Thanks

0
 
LVL 12

Expert Comment

by:upanwar
ID: 35094073
Could you please show me ls -la for the files you have created.
0
 

Author Comment

by:technicalsys
ID: 35094222
Hi,

Here is the properties for the folders and the files in TestBackup

Folders: drwxr-xr-x, Number View: 755

Files: -rwxr-r-, Number View 744

I checked with the ls -la command for TestBackup, but it throws error as no such file or Directory.

Thanks
0
 
LVL 12

Accepted Solution

by:
upanwar earned 250 total points
ID: 35095122
Try

chmod a=rwxt <Folder name>

and change Security = user

in smb.conf

and perform the test again which you have earlier performed.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Have you ever been frustrated by having to click seven times in order to retrieve a small bit of information from the web, always the same seven clicks, scrolling down and down until you reach your target? When you know the benefits of the command l…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now