[Samba] Add permission? (was How to create a write-only share?) - Samba

This is a discussion on [Samba] Add permission? (was How to create a write-only share?) - Samba ; Need your help! I'm very confised and tired, tried a lot of variants but still at the start, even lost all understanding how the permissions and masks works. Please write me a config for the following case: There is a ...

+ Reply to Thread
Results 1 to 10 of 10

Thread: [Samba] Add permission? (was How to create a write-only share?)

  1. [Samba] Add permission? (was How to create a write-only share?)

    Need your help! I'm very confised and tired, tried a lot of variants
    but still at the start, even lost all understanding how the
    permissions and masks works.
    Please write me a config for the following case:

    There is a directory:

    '/home/shared/door', owned by 'michaelffice'
    shared via samba as '[door]'

    How can I configure the FS and samba to let 'michael' full control of
    directory content and let members of gorup 'office' to add files to
    this Samba share from Windows machine. But members of group 'office'
    and everyonne esle should not be able to read the files and even see
    the contents of the share (contents of directory).


    Thanks in advance,
    Ash Gosh.
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  2. [Samba] Fwd: Add permission? (was How to create a write-only share?)

    Is it possible or not? Now it is a very urgent problem for me, please help!!!

    G.A.


    ---------- Forwarded message ----------
    From: Ash Gosh
    Date: Mon, May 5, 2008 at 3:15 PM
    Subject: Add permission? (was How to create a write-only share?)
    To: samba@lists.samba.org


    Need your help! I'm very confised and tired, tried a lot of variants
    but still at the start, even lost all understanding how the
    permissions and masks works.
    Please write me a config for the following case:

    There is a directory:

    '/home/shared/door', owned by 'michaelffice'
    shared via samba as '[door]'

    How can I configure the FS and samba to let 'michael' full control of
    directory content and let members of gorup 'office' to add files to
    this Samba share from Windows machine. But members of group 'office'
    and everyonne esle should not be able to read the files and even see
    the contents of the share (contents of directory).


    Thanks in advance,
    Ash Gosh.
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  3. RE: [Samba] Fwd: Add permission? (was How to create a write-only share?)

    Hi,

    try this.

    its the reverse version of what i have.

    [Exchange-folder]
    comment = dev. exchange folder.
    browseable = Yes
    writeable = Yes
    path = /home/exchangefolder
    create mode = 666
    directory mode = 777
    zet your right in linux on the folder to michealffice
    chown -R michealffice
    chmod -R 700

    and try a bit with the create mode and directory mode.

    from windows my users can delete files from my folder,
    but they wil reapper ;-) my users Cant delete files but can see them.
    and can not change then. ( i have in linux 775 on the folders. )

    maybe it works for you.

    Louis


    >-----Oorspronkelijk bericht-----
    >Van: samba-bounces+belle=bazuin.nl@lists.samba.org
    >[mailto:samba-bounces+belle=bazuin.nl@lists.samba.org] Namens Ash Gosh
    >Verzonden: dinsdag 6 mei 2008 16:38
    >Aan: samba@lists.samba.org
    >Onderwerp: [Samba] Fwd: Add permission? (was How to create a
    >write-only share?)
    >
    >Is it possible or not? Now it is a very urgent problem for me,
    >please help!!!
    >
    >G.A.
    >
    >
    >---------- Forwarded message ----------
    >From: Ash Gosh
    >Date: Mon, May 5, 2008 at 3:15 PM
    >Subject: Add permission? (was How to create a write-only share?)
    >To: samba@lists.samba.org
    >
    >
    >Need your help! I'm very confised and tired, tried a lot of variants
    >but still at the start, even lost all understanding how the
    >permissions and masks works.
    >Please write me a config for the following case:
    >
    >There is a directory:
    >
    >'/home/shared/door', owned by 'michaelffice'
    >shared via samba as '[door]'
    >
    >How can I configure the FS and samba to let 'michael' full control of
    >directory content and let members of gorup 'office' to add files to
    >this Samba share from Windows machine. But members of group 'office'
    >and everyonne esle should not be able to read the files and even see
    >the contents of the share (contents of directory).
    >
    >
    >Thanks in advance,
    >Ash Gosh.
    >--
    >To unsubscribe from this list go to the following URL and read the
    >instructions: https://lists.samba.org/mailman/listinfo/samba
    >


    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  4. Re: [Samba] Fwd: Add permission? (was How to create a write-only share?)

    Thanks for the answer!

    The config like you posted:

    [root@fs home]# chown -R michael.office append
    [root@fs home]# chmod -R 700 append

    smb.conf:
    [append]
    path = /home/append
    valid users = +office
    read only = no
    writeable = yes
    guest ok = Yes
    admin users = michael
    hide unreadable = yes
    create mode = 666
    directory mode = 777


    It does not allows me to go into the share if I'm not a michael but
    does not allows me to copy a file there to (of course, because there
    is 700 permission set). I've tried 722, does not allows to copy
    (appen, drag in) the file into the share too. 733 does not allows to
    copy file too but windows tells that the file exist in case that in
    exists.

    Any other combinations I can to try?


    Thanks for your help!!!

    On Tue, May 6, 2008 at 6:03 PM, L.P.H. van Belle wrote:
    > Hi,
    >
    > try this.
    >
    > its the reverse version of what i have.
    >
    > [Exchange-folder]
    > comment = dev. exchange folder.
    > browseable = Yes
    > writeable = Yes
    > path = /home/exchangefolder
    > create mode = 666
    > directory mode = 777
    > zet your right in linux on the folder to michealffice
    > chown -R michealffice
    > chmod -R 700
    >
    > and try a bit with the create mode and directory mode.
    >
    > from windows my users can delete files from my folder,
    > but they wil reapper ;-) my users Cant delete files but can see them.
    > and can not change then. ( i have in linux 775 on the folders. )
    >
    > maybe it works for you.
    >
    > Louis

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  5. RE: [Samba] Fwd: Add permission? (was How to create a write-onlyshare?)

    Hi,

    And what if...

    in linux you set 777 ( michael:michael )
    so only michael kan write.
    orthers kan read.
    remove the valid users from the config.
    remove the admin users from the config.
    create mode = 660
    directory mode = 775

    now i think, users, not michael can not see the files
    but can create them.

    Louis



    >-----Oorspronkelijk bericht-----
    >Van: samba-bounces+belle=bazuin.nl@lists.samba.org
    >[mailto:samba-bounces+belle=bazuin.nl@lists.samba.org] Namens Ash Gosh
    >Verzonden: dinsdag 6 mei 2008 17:33
    >Aan: samba@lists.samba.org
    >Onderwerp: Re: [Samba] Fwd: Add permission? (was How to create
    >a write-onlyshare?)
    >
    >Thanks for the answer!
    >
    >The config like you posted:
    >
    >[root@fs home]# chown -R michael.office append
    >[root@fs home]# chmod -R 700 append
    >
    >smb.conf:
    >[append]
    > path = /home/append
    > valid users = +office
    > read only = no
    > writeable = yes
    > guest ok = Yes
    > admin users = michael
    > hide unreadable = yes
    > create mode = 666
    > directory mode = 777
    >
    >
    >It does not allows me to go into the share if I'm not a michael but
    >does not allows me to copy a file there to (of course, because there
    >is 700 permission set). I've tried 722, does not allows to copy
    >(appen, drag in) the file into the share too. 733 does not allows to
    >copy file too but windows tells that the file exist in case that in
    >exists.
    >
    >Any other combinations I can to try?
    >
    >
    >Thanks for your help!!!
    >
    >On Tue, May 6, 2008 at 6:03 PM, L.P.H. van Belle
    > wrote:
    >> Hi,
    >>
    >> try this.
    >>
    >> its the reverse version of what i have.
    >>
    >> [Exchange-folder]
    >> comment = dev. exchange folder.
    >> browseable = Yes
    >> writeable = Yes
    >> path = /home/exchangefolder
    >> create mode = 666
    >> directory mode = 777
    >> zet your right in linux on the folder to michealffice
    >> chown -R michealffice
    >> chmod -R 700
    >>
    >> and try a bit with the create mode and directory mode.
    >>
    >> from windows my users can delete files from my folder,
    >> but they wil reapper ;-) my users Cant delete files but can see them.
    >> and can not change then. ( i have in linux 775 on the folders. )
    >>
    >> maybe it works for you.
    >>
    >> Louis

    >--
    >To unsubscribe from this list go to the following URL and read the
    >instructions: https://lists.samba.org/mailman/listinfo/samba
    >


    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  6. RE: [Samba] Fwd: Add permission? (was How to create a write-onlyshare?)

    Try:

    [root@fs home]# chown -R michael.office append
    [root@fs home]# chmod -R 700 append

    smb.conf:
    [append]
    path = /home/append
    valid users = +office
    writeable = yes
    write list = +office
    admin users = michael
    hide unreadable = yes
    create mode = 600
    directory mode = 700
    force group = office

    I think that will do what you want - but users will still be able to see
    what they've put in the share - by virtue of the fact they own the file
    and it has 600 permissions.

    You could force a create mode of say 200 which would leave the file
    writable by the user but not readable. I've not tested how Windows will
    deal with that though...

    Alex

    --
    Alex Harrington - Network Manager, Longhill High School

    t: 01273 304086 | e: alex@longhill.org.uk
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  7. Re: [Samba] Fwd: Add permission? (was How to create a write-onlyshare?)

    In this case I still can't add a file from Windows machine into the
    share append...
    Seems it can't be done with Samba and posix permissions?




    On Wed, May 7, 2008 at 10:29 AM, Alex Harrington wrote:
    > Try:
    >
    > [root@fs home]# chown -R michael.office append
    > [root@fs home]# chmod -R 700 append
    >
    > smb.conf:
    > [append]
    > path = /home/append
    > valid users = +office
    > writeable = yes
    > write list = +office
    > admin users = michael
    > hide unreadable = yes
    > create mode = 600
    > directory mode = 700
    > force group = office
    >
    > I think that will do what you want - but users will still be able to see
    > what they've put in the share - by virtue of the fact they own the file
    > and it has 600 permissions.
    >
    > You could force a create mode of say 200 which would leave the file
    > writable by the user but not readable. I've not tested how Windows will
    > deal with that though...
    >
    > Alex
    >
    > --
    > Alex Harrington - Network Manager, Longhill High School
    >
    > t: 01273 304086 | e: alex@longhill.org.uk
    >
    > --
    > To unsubscribe from this list go to the following URL and read the
    > instructions: https://lists.samba.org/mailman/listinfo/samba
    >

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  8. RE: [Samba] Fwd: Add permission? (was How to create awrite-onlyshare?)

    Hi,

    you try my solution.

    remember, set the needed rights in unix.
    for example 777, so everybody can write

    set in samba share.
    admin users = michael
    hide unreadable = yes
    create mode = 600
    directory mode = 700
    force group = office

    users WIL be able to create files, but when created the should dissapear.


    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  9. RE: [Samba] Fwd: Add permission? (was How to create awrite-onlyshare?)

    > In this case I still can't add a file from Windows machine into the
    share append...
    > Seems it can't be done with Samba and posix permissions?


    Try this:

    [root@fs home]# chown -R michael.office append
    [root@fs home]# chmod -R 770 append

    smb.conf:
    [append]
    path = /home/append
    valid users = +office
    writeable = yes
    write list = +office
    admin users = michael
    hide unreadable = yes
    create mode = 200
    directory mode = 770
    force group = office

    I can't see any reason why that config won't do exactly what you want it
    to.

    If it still doesn't work, you need to start narrowing the problem down -
    so logon to the console of the server first as michael. Can you cd in to
    /home/append? If so, can you touch a new file? Repeat the process for a
    different user in the office group. What is the result? As root, what is
    the contents of that folder now? If that all works, the POSIX
    permissions are working fine so it makes it a Samba problem. Visa versa
    then the POSIX permissions are the ones to look at.

    Alex

    --
    Alex Harrington - Network Manager, Longhill High School

    t: 01273 304086 | e: alex@longhill.org.uk
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  10. RE: [Samba] Fwd: Add permission? (was How to create awrite-onlyshare?)

    Ash

    My understanding is that "admin users" should make that user effectively root, and therefore able to access files that aren't owned by them or with no permissions granted.

    If you directly access a file you know exists - say open in notepad \\server\append\test.txt as michael, I think it will still allow you access.

    One option would be to have a second share called appendadm which only Michael has permission to access which forces either permissions or drops the hide unreadable statement.

    eg:
    > [appendadm]
    > path = /home/append
    > valid users = michael
    > writeable = yes
    > write list = michael
    > admin users = michael
    > hide unreadable = no
    > create mode = 200
    > directory mode = 770
    > force group = office


    If you have security=share set then the admin users line will have no effect - so that may be why you aren't seeing the initial share working properly.

    Cheers

    Alex

    --
    Alex Harrington - Network Manager
    Longhill High School
    t: 01273 304086 e: alex@longhill.org.uk



    -----Original Message-----
    From: Ash Gosh [mailto:gosha.asha@gmail.com]
    Sent: Fri 23/05/2008 21:31
    To: Alex Harrington
    Subject: Re: [Samba] Fwd: Add permission? (was How to create awrite-onlyshare?)

    Hello!

    I'm sorry, I was out unfortunatley, was in hospital without internet

    This variant works but... But michael becomes unable to read newly
    added data because file has been created under .office -w-------
    permissions. I'm tried to add setfacl -m default:user:michael:wrx
    /home/apeend but new files does not inherit this rule... what to do
    here?

    AG.



    On Thu, May 8, 2008 at 12:16 PM, Alex Harrington wrote:
    >> In this case I still can't add a file from Windows machine into the

    > share append...
    >> Seems it can't be done with Samba and posix permissions?

    >
    > Try this:
    >
    > [root@fs home]# chown -R michael.office append
    > [root@fs home]# chmod -R 770 append
    >
    > smb.conf:
    > [append]
    > path = /home/append
    > valid users = +office
    > writeable = yes
    > write list = +office
    > admin users = michael
    > hide unreadable = yes
    > create mode = 200
    > directory mode = 770
    > force group = office
    >
    > I can't see any reason why that config won't do exactly what you want it
    > to.
    >
    > If it still doesn't work, you need to start narrowing the problem down -
    > so logon to the console of the server first as michael. Can you cd in to
    > /home/append? If so, can you touch a new file? Repeat the process for a
    > different user in the office group. What is the result? As root, what is
    > the contents of that folder now? If that all works, the POSIX
    > permissions are working fine so it makes it a Samba problem. Visa versa
    > then the POSIX permissions are the ones to look at.
    >
    > Alex
    >
    > --
    > Alex Harrington - Network Manager, Longhill High School
    >
    > t: 01273 304086 | e: alex@longhill.org.uk
    >


    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

+ Reply to Thread