Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 23

Thread: Give users Read, Modify but not delete on Samba server

  1. #11
    Join Date
    May 2008
    Location
    SoCal
    Beans
    Hidden!
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: I Need to give users Read, Modify but not delete on Samba server [[ help plz ]]

    Quote Originally Posted by emiller12345 View Post
    In addition, you will probably want to set the umask 113 for files new files create so they will have permissions 0664. I think there should be a way to do that in samba, which is probably how most new files will mainly be created.
    A umask of 113 will provide you with files with the following permissions u=rx,g=rx,o=wx. Why would you want read and exexute on Users and groups and write plus execute on others is beyond me. Maybe you miscalculated?

    The kernel has a default of 666 for all file creation. This is rw for all. The umask alters this, so a umask of 022 provides 644 and a umask of 002 provides 664. If we apply your umask we have 666 - 113 which provides 553.

    I set my umask to 002 on all hosts that provide file sharing (664) and 022 for hosts that are used by individuals. This is be set globally at /etc/profile.

    Samba provides a series of mask definitions that are set in the share definition.

    I am curious how you got to a umask of 113. Can you explain?
    -BAB1

  2. #12
    Join Date
    Jun 2010
    Location
    ~
    Beans
    Hidden!

    Re: I Need to give users Read, Modify but not delete on Samba server [[ help plz ]]

    Quote Originally Posted by bab1 View Post
    I am curious how you got to a umask of 113. Can you explain?
    Ah, yes, I'm wrong. For some reason I was thinking 022 was the mask for files with the executable bit set and that they needed to be changed by one to remove the executable bit. And I messed up the order.
    But aside from my mistakes, it will be important to have the correct masks in your smb.conf
    Last edited by emiller12345; March 2nd, 2012 at 09:10 PM.

  3. #13
    Join Date
    May 2008
    Location
    SoCal
    Beans
    Hidden!
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: I Need to give users Read, Modify but not delete on Samba server [[ help plz ]]

    Quote Originally Posted by emiller12345 View Post
    ... smb.conf has entries for 'create mask' and 'directory mask' but I'm not sure how you'd set the octals for them.
    This is what I put in my share definitions
    Code:
    create mask = 0664
    directory mask = 3775
    The first line is for file creation The leading 0 is where you define extended bits and we don't need them on the file creation.

    The second line is for directory configuration and I am using the extended bits 1=sticky bit and 2=sgid bit: total=3

    The default directory settings in the kernel is 777 and a umask (in /etc/profile) setting of 002 provides 775 (7-2=5).

    Note Samba defines this differently in the smb.conf but the results are the same.
    Last edited by bab1; March 2nd, 2012 at 10:31 PM.
    -BAB1

  4. #14
    Join Date
    Jun 2011
    Location
    Atlanta Georgia
    Beans
    1,769
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: I Need to give users Read, Modify but not delete on Samba server [[ help plz ]]

    Slightly different method than the one already provided but samba 4 provides cifs support. Thus allowing modify without delete windows style. jist another alternatove for you.

  5. #15
    Join Date
    May 2008
    Location
    SoCal
    Beans
    Hidden!
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: I Need to give users Read, Modify but not delete on Samba server [[ help plz ]]

    Quote Originally Posted by Dangertux View Post
    Slightly different method than the one already provided but samba 4 provides cifs support. Thus allowing modify without delete windows style. jist another alternatove for you.
    Samba3 has CIFS support too. what does "modify without delete windows style mean?

    Up front I will say; I don't use Samba 4 and have no familiarity with it other that what I have read. I'm just curious as to what you are referring to. I'm hoping this is a learning experience. I follow your security posts -- very informative.
    -BAB1

  6. #16
    Join Date
    Jun 2011
    Location
    Atlanta Georgia
    Beans
    1,769
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: I Need to give users Read, Modify but not delete on Samba server [[ help plz ]]

    Quote Originally Posted by bab1 View Post
    Samba3 has CIFS support too. what does "modify without delete windows style mean?

    Up front I will say; I don't use Samba 4 and have no familiarity with it other that what I have read. I'm just curious as to what you are referring to. I'm hoping this is a learning experience. I follow your security posts -- very informative.
    Thanks I appreciate the compliment. I am not a very avid user of samba. However in Windows permissions there is a "modify" option that works alot like the permission schema that was being discussed earlier. Incidentally it's a check box type thing. I believe (if I'm understanding correctly.) That this is what the OP is looking for. Incidentally upon doing further research Samba 3.25 + also supports this functionality. Basically there is advanced functionality more like the Windows' permission scheme of modify as well as the ability to prevent linking etc, essentially the way I understand it, it is an "override" if you will of default POSIX permissions. The catch being I would assume the POSIX permissions set in place would have to be "greater than or equal to" the specialized permissions granted by Samba.

    Or I could just be making this up, I've never tried it and as I've stated, I'm by no means a Samba expert. This was actually an idea relayed from a coworker who I presented with the OP's question while I was browsing this forum. So without additional research I couldn't answer it more in depth at this time.

    In doing further research (a quick google search), though -- it appears that my coworker may have been misinformed, there appears there is not a way to do this without setting sticky bit and setgid. Which would make sense.

    Too bad, that would have been cool
    Last edited by Dangertux; March 3rd, 2012 at 12:02 AM.

  7. #17
    Join Date
    May 2008
    Location
    SoCal
    Beans
    Hidden!
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: I Need to give users Read, Modify but not delete on Samba server [[ help plz ]]

    Quote Originally Posted by Dangertux View Post
    Thanks I appreciate the compliment.
    I am not a very avid user of samba. However in Windows permissions there is a "modify" option that works alot like the permission schema that was being discussed earlier.
    Samba never trumps the OS file system, so it must invoke what we have been talking about.
    Incidentally it's a check box type thing. I believe (if I'm understanding correctly.) That this is what the OP is looking for.
    It may look like Windows, but we know its not.
    Incidentally upon doing further research Samba 3.25 + also supports this functionality. Basically there is advanced functionality more like the Windows' permission scheme of modify as well as the ability to prevent linking etc, essentially the way I understand it, it is an "override" if you will of default POSIX permissions. The catch being I would assume the POSIX permissions set in place would have to be "greater than or equal to" the specialized permissions granted by Samba.

    Or I could just be making this up,
    Been there done that. A painful condition.
    I've never tried it and as I've stated, I'm by no means a Samba expert. This was actually an idea relayed from a coworker who I presented with the OP's question while I was browsing this forum. So without additional research I couldn't answer it more in depth at this time.

    In doing further research (a quick google search), though -- it appears that my coworker may have been misinformed, there appears there is not a way to do this without setting sticky bit and setgid. Which would make sense.

    Too bad, that would have been cool
    But of course!. CIFS allows Linux to talk to windows hosts, not directly to Linux hosts. IF connect Linux to Linux and use Samba (I do) then the flow is posix<>CIFS<>--network--<>CIFS<>posix.

    I assume your co-worker is a Jr. Admin or worse yet, a power user; Hahaha.
    Last edited by bab1; March 3rd, 2012 at 12:39 AM. Reason: Clean up
    -BAB1

  8. #18
    Join Date
    Jun 2011
    Location
    Atlanta Georgia
    Beans
    1,769
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Give users Read, Modify but not delete on Samba server

    He's an admin, and he's pretty smart, I don't think he has much experience with Samba though, not like I have any room to talk.

    My experience with it involves making it do things it shouldn't lol.

    Though I've been looking into this more now that I've actually had some time to think about it, and to OP I think that your best bet is the solution that has been presented thus far. Sadly -- this is one of the areas it would seem the default nix permissions set is lacking at least in terms of intuitive usage.

    bab1 thanks for the clarification, cifs can be a confusing beast when you get down to the nitty gritty of it , it would seem.

  9. #19
    Join Date
    May 2010
    Location
    uk
    Beans
    9,249
    Distro
    Xubuntu 14.04 Trusty Tahr

    Re: Give users Read, Modify but not delete on Samba server

    Hi

    Excellent explanation bab1.

    As for umask though..

    This is be set globally at /etc/profile.
    I was under the impression this was now handled by pam_umask in Ubuntu; i may be wrong though.

    As for samba, i will be setting up my own samba server over the weekend so kudos to all of you who posted. It will help me out as well

    Kind regards
    Last edited by matt_symes; March 3rd, 2012 at 12:56 AM.
    If you believe everything you read, you better not read. ~ Japanese Proverb

    If you don't read the newspaper, you're uninformed. If you read the newspaper, you're mis-informed. - Mark Twain

    Thinking about becoming an Ubuntu Member?

  10. #20
    Join Date
    May 2008
    Location
    SoCal
    Beans
    Hidden!
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Give users Read, Modify but not delete on Samba server

    Quote Originally Posted by matt_symes View Post
    Hi

    Excellent explanation bab1.

    As for umask though..



    I was under the impression this was now handled by pam_umask in Ubuntu; i may be wrong though.

    As for samba, i will be setting up my own samba server over the weekend so kudos to all of you who posted. It will help me out as well

    Kind regards
    I just set up another Samba server (10.04.3). I set the umask in /etc/profile. It was 022 (the ubuntu default). When I set it to 002 all the files created are now rw-rw-r--

    ... In looking at the man pages the first thing that jumps out at me is
    Code:
    PAM_UMASK(8)                   Linux-PAM Manual                   PAM_UMASK(8)
    
    NAME
           pam_umask - PAM module to set the file mode creation mask
    
    SYNOPSIS
           pam_umask.so [debug] [silent] [usergroups] [umask=mask]
    
    DESCRIPTION
     The PAM module tries to get the umask value from the following places
           in the following order:
    
           ·   umask= argument
    
           ·   umask= entry of the users GECOS field
    
           ...
    The umask argument here (in red) is, I believe, set via /etc/profile.

    My umask argument is
    Code:
    $ umask
    0002
    This is not the default, but as I set it in /etc/profile.
    -BAB1

Page 2 of 3 FirstFirst 123 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •