Samba and Read Only documents

Richard Cameron rcameron at allendale-electronics.ca
Tue Jan 13 14:32:36 UTC 2009 

Hi there. I tried your first suggestion but it didn't take. I've got the
flu and would really like to be home right now.i need a speedy fix. I'll
try the other method you mentioned and let you know how it goes.

On Tue, 2009-01-13 at 09:58 -0400, Joel Goguen wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Richard Cameron wrote:
> > Hi all. I recently installed Ubuntu 8.04 as a file server here on our
> > little network. I set up samba to share files with the windows boxes
> > here. However, when I got the whole thing up and running, several of the
> > windows computers couldn't access the shared folder. I un-commented the
> > lines "force user" and "force group". Now everybody can see and open the
> > files. Unfortunately, all of our ms office documents come up as read
> > only on the windows machines. I'm under the gun to get this fixed as
> > quickly as possible, so any advice would be helpful.
> > 
> > Here's my smb.conf for your consideration:
> > 
> > [global]
> >     ; General server settings
> >     netbios name = AEServer
> >     server string =
> >     workgroup = AE
> >     announce version = 5.0
> >     socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
> > SO_RCVBUF=8192 SO_SNDBUF=8192
> > 
> >     passdb backend = tdbsam
> >     security = user
> >     null passwords = true
> >     username map = /etc/samba/smbusers
> >     name resolve order = hosts wins bcast
> > 
> >     wins support = yes
> > 
> >     printing = CUPS
> >     printcap name = CUPS
> > 
> >     syslog = 1
> >     syslog only = yes
> > 
> > ; NOTE: If you need access to the user home directories uncomment the
> > ; lines below and adjust the settings to your hearts content.
> > ;[homes]
> >     ;valid users = %S
> >     ;create mode = 0666
> >     ;directory mode = 0777
> >     ;browseable = yes
> >     ;read only = no
> >     ;veto files = /*.{*}/.*/mail/bin/
> > 
> > ; NOTE: Only needed if you run samba as a primary domain controller.
> > ; Not needed as this config doesn't cover that matter.
> > ;[netlogon]
> >     ;path = /var/lib/samba/netlogon
> >     ;admin users = Administrator
> >     ;valid users = %U
> >     ;read only = no
> > 
> > ; NOTE: Again - only needed if you're running a primary domain
> > controller.
> > ;[Profiles]
> >     ;path = /var/lib/samba/profiles
> >     ;valid users = %U
> >     ;create mode = 0666
> >     ;directory mode = 0777
> >     ;writeable = yes
> >     ;browseable = yes
> > 
> > ; NOTE: Inside this place you may build a printer driver repository for
> > ; Windows - I'll cover this topic in another HOWTO.
> > [print$]
> >     path = /var/lib/samba/printers
> >     browseable = yes
> >     guest ok = yes
> >     read only = yes
> >     write list = root
> >     create mask = 0664
> >     directory mask = 0775
> > 
> > [printers]
> >     path = /tmp
> >     printable = yes
> >     guest ok = yes
> >     browseable = no
> > 
> > ; Uncomment if you need to share your CD-/DVD-ROM Drive
> > ;[DVD-ROM Drive]
> >     ;path = /media/cdrom
> >     ;browseable = yes
> >     ;read only = yes
> >     ;guest ok = yes
> > 
> > [SharedFiles]
> >     path = /home/administrator/
> >     browseable = yes
> >     read only = no
> >     guest ok = no
> >     create mask = 0666
> >     directory mask = 0777
> >    # force user = administrator
> >    # force group = AE
> >     force security mode = 0777
> > 
> > I hope I can get this fixed. Thanks
> > 
> > Richard Cameron
> > 
> > 
> Linux permissions still apply.  So chances are, that means that write
> permissions need to be extended to everyone (and create masks updated to
> reflect this).  This is the quick, but not necessarily most secure, fix:
> 
> In the share definition, make sure you have these two lines.  This will
> make all files/directories created be readable and writable by anyone:
> create mask = 0666
> directory mask = 0777
> 
> Next, set these permissions on the shared folder:
> sudo chmod -R +rwX /path/to/shared/folder/
> 
> That capital X is important since it won't give execute permissions to
> anything that doesn't need (or already have) it.
> 
> A more secure solution would be to have the users as part of a Linux
> group, set that group as the group for the shared folder, then make the
> whole thing group writable but not world writable.  If you would rather
> go this route, create a new group (I'll pretend it's called 'sambausers'
> for now) and add everyone who should be able to access the share into
> that group.  Then, instead of the two lines above, use these two lines
> in the share definition:
> create mask = 0660
> directory mask = 0770
> 
> Then apply these permissions to the shared folder:
> sudo chmod -R o-rwx /path/to/shared/folder/
> sudo chgrp -R sambausers /path/to/shared/folder/
> sudo chmod -R ug=rwX /path/to/shared/folder/
> 
> Using '-' or '=' and 'x' or 'X' is intended here.
> 
> HTH
> 
> - --
> Joel Goguen
> Ubuntu User #15951
> When we help, we benefit
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iEYEARECAAYFAklsng0ACgkQ7B2nva3BBniGwgCg5Tg20OmU2SnPRE1eWS+y7g8v
> hugAoLFP0AuZGQeBBVjHJ2Q1w9rzdRz2
> =rc40
> -----END PGP SIGNATURE-----
>

More information about the ubuntu-users mailing list