I have a Samba share setup thus: [projects] path = /var/flexshare/shares/projects comment = Projects Drive create mask = 664 directory mask = 775 force group = user public = no valid users = @user browseable = yes writeable = yes
This has files written to it by a number of users on Windows, and myself from a Linux desktop. When the Windows users create files, they're group writable (ie any of us can modify them), but when I create them nobody else gets write access.
I am accessing the share through a cifs mount, as follows: //10.0.0.14/projects /smb/projects cifs credentials=/smb/.credentials,dir_mode=0775,uid=1000,gid=1010 0 0
(word-wrap added for email).
Any ideas what is wrong?
Something to note is that all users exist on the file server, and if I look at the directory listings in the shares from the file server then files are all owned by <user>.user (eg mark.user) depending who created them (to be clear, the group name is "user", the user name is that who created the file). However, if I list /smb/projects from my local machine, then all files are shown as owned by me (mark.user) regardless of who created them. This isn't a problem in itself, I only mention it in case it is relevant.
Mark Rogers wrote:
I have a Samba share setup thus: [projects] path = /var/flexshare/shares/projects comment = Projects Drive create mask = 664 directory mask = 775 force group = user public = no valid users = @user browseable = yes writeable = yes
This has files written to it by a number of users on Windows, and myself from a Linux desktop. When the Windows users create files, they're group writable (ie any of us can modify them), but when I create them nobody else gets write access.
Sounds like the umask is getting in the way, or the Linux client is picking something up from the mount points permissions.
One reasonably evil way (assuming you don't mind not being able to set file permissions from the unix client end) is to add the following to the servers smb.conf file
unix extensions = no
Until a few years ago this was the default behavior for samba. Without this a umask from a unix host can override any creation masks you have in your samba configuration.
Wayne
I am accessing the share through a cifs mount, as follows: //10.0.0.14/projects /smb/projects cifs credentials=/smb/.credentials,dir_mode=0775,uid=1000,gid=1010 0 0
(word-wrap added for email).
Any ideas what is wrong?
Something to note is that all users exist on the file server, and if I look at the directory listings in the shares from the file server then files are all owned by <user>.user (eg mark.user) depending who created them (to be clear, the group name is "user", the user name is that who created the file). However, if I list /smb/projects from my local machine, then all files are shown as owned by me (mark.user) regardless of who created them. This isn't a problem in itself, I only mention it in case it is relevant.
On 05/03/10 09:37, Wayne Stallwood wrote:
One reasonably evil way (assuming you don't mind not being able to set file permissions from the unix client end) is to add the following to the servers smb.conf file
unix extensions = no
I have just tried this and it seems to have had no effect whatsoever :-(
On 05 Mar 08:00, Mark Rogers wrote:
I have a Samba share setup thus: [projects] path = /var/flexshare/shares/projects comment = Projects Drive create mask = 664 directory mask = 775 force group = user public = no valid users = @user browseable = yes writeable = yes
This has files written to it by a number of users on Windows, and myself from a Linux desktop. When the Windows users create files, they're group writable (ie any of us can modify them), but when I create them nobody else gets write access.
I am accessing the share through a cifs mount, as follows: //10.0.0.14/projects /smb/projects cifs credentials=/smb/.credentials,dir_mode=0775,uid=1000,gid=1010 0 0
(word-wrap added for email).
Any ideas what is wrong?
Something to note is that all users exist on the file server, and if I look at the directory listings in the shares from the file server then files are all owned by <user>.user (eg mark.user) depending who created them (to be clear, the group name is "user", the user name is that who created the file). However, if I list /smb/projects from my local machine, then all files are shown as owned by me (mark.user) regardless of who created them. This isn't a problem in itself, I only mention it in case it is relevant.
OK - you don't want the uid/gid options, they will mess up the permissions to start with. Are the uid/gids on the fileserver the same as on the box that you're connecting with? Becuase otherwise you need to do some interesting mappings, which might be tricky.
Oh, and re-enable the unix cifs extensions.
Ta,
On 05/03/10 15:11, Brett Parker wrote:
OK - you don't want the uid/gid options, they will mess up the permissions to start with. Are the uid/gids on the fileserver the same as on the box that you're connecting with? Becuase otherwise you need to do some interesting mappings, which might be tricky.
Oh, and re-enable the unix cifs extensions.
OK, so now I have (in /etc/fstab): //10.0.0.14/projects /smb/projects cifs credentials=/smb/.credentials,dir_mode=0775 0 0
After umount/mount the files now appear (from my desktop) to have ownership of uid 500/501/etc and gid of 60003, which tally with the user and group names on the fileserver.
However I now only have read access to the shared directories and files from my desktop.
Suggestions?
On 05 Mar 16:14, Mark Rogers wrote:
On 05/03/10 15:11, Brett Parker wrote:
OK - you don't want the uid/gid options, they will mess up the permissions to start with. Are the uid/gids on the fileserver the same as on the box that you're connecting with? Becuase otherwise you need to do some interesting mappings, which might be tricky.
Oh, and re-enable the unix cifs extensions.
OK, so now I have (in /etc/fstab): //10.0.0.14/projects /smb/projects cifs credentials=/smb/.credentials,dir_mode=0775 0 0
After umount/mount the files now appear (from my desktop) to have ownership of uid 500/501/etc and gid of 60003, which tally with the user and group names on the fileserver.
However I now only have read access to the shared directories and files from my desktop.
You've now hit on the fun bit of network filesystems, which means that the uids and gids need to match across the clients... I assume that the windows boxes are tied in via ldap/active directory type logins?
Either: a) Work out a way of doing uid->uid mapping on your client (can't see a way of doing this with the cifs module, but know that nfs's user based daemon allows it) b) Go round and map all the right users with uids on your client to match the fileserver, this would be the usual method, and a royal pain in the arse.
Apparently some of the issues can be got round using winbind, but I've not tried this, and haven't got time (at the moment) to look in to it (hey - it's Friday - it's time to meet people in the pub!), but might get a chance to look tomorrow.
Thanks,
On 05/03/10 17:32, Brett Parker wrote:
You've now hit on the fun bit of network filesystems, which means that the uids and gids need to match across the clients... I assume that the windows boxes are tied in via ldap/active directory type logins?
Nope! No domains on the network, the Windows clients are just using normal windows file sharing (their users exist on the server with passwords which match their desktops).
Either: a) Work out a way of doing uid->uid mapping on your client (can't see a way of doing this with the cifs module, but know that nfs's user based daemon allows it) b) Go round and map all the right users with uids on your client to match the fileserver, this would be the usual method, and a royal pain in the arse.
Hmmm...
Is there a better way for me to be connecting to the Linux-based server so that I can access the same files that the Windows users are using through a mounted share?
Since it's only my desktop, I assume only my user matters, so is it enough to just change the UID on my desktop to match the UID my user has on the server? If so, how do I do that without screwing the permissions on my desktop? (Or can I just create a new user with the right UID on my desktop, say mark-smb, and use that in my cifs credentials?)
Apparently some of the issues can be got round using winbind, but I've not tried this, and haven't got time (at the moment) to look in to it (hey - it's Friday - it's time to meet people in the pub!), but might get a chance to look tomorrow.
Thanks for the help so far anyway. If you do have any new suggestions now that the weekend is over I'm all ears!
-
Brett Parker -
Mark Rogers -
Wayne Stallwood