Re: Network FS w/o user setup

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Les Mikesell wrote:
Ted Miller wrote:

After this, a windows user mapping a samba-shared directory from your office2 machine will have the same access as the same user logged in locally. There are the same issues with directories that users share with group permissions, but samba offers some extra options to force owner/group/permissions on newly created files that will help.

That is something I need to fix, because I do have some issues with group accessed files, where certain operations require me to log in as root and run a script that cleans up the file ownership, otherwise some users can no longer access the files. Any pointers on where to find documentation on this?

Newly created files default to having the group ownership of the primary group of the user creating it, and the RH scheme is to give every user his own group. You can do something like this in the samba share configuration:
valid users = @groupname
force group = groupname
force create mode = 0775
force directory mode = 0775

How about if I just change the primary user group to being the user group that I want their files' group ownership set to? Would that "just take care of it" on the group side? Then I could just set the "force create mode" and "force directory mode".

You can find samba docs here: http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/

I have been using 'share' mode, but a little reading makes it sound like I should switch to 'user' mode to make my life easier. I have been adding various user permission lines to each share. Will they keep working if I just comment out those lines?

Share vs. user doesn't make a difference in how things work after the connection is established - it controls when authentication happens. Share mode just lets you browse the share list before authenticating and you can connect to different shares with different credentials.

You might look at webmin, since it has an option to maintain unix and samba passwords at the same time and it can also keep multiple machines in sync.

Does anyone maintain webmin for Centos? I have most of the common repos hooked to yum, but webmin draws a blank.

This is one of the reasons I usually install k12ltsp instead of the stock centos distribution (you don't lose anything, it just adds some extras and makes the updates yummable). You probably can grab the RPM directly from the webmin site.

Can I just add a k12ltsp repo and use their webmin?

There is also the issue that users who have root access to their own workstation can pretend to be any user over NFS.

Not an issue in this situation, users do not have root access.

Do they have the same uid/gid, and group lists on their workstations as on the file server?

yes, got that straight a while back.

Centralizing authentication will help if you have many users and password changes. But that can be as simple as turning on domain controller emulation on samba on your office2 server and configuring everything else (windows and Linux) to use it.

Any pointers to where I could learn the implications/pluses/minuses of that? It might be useful with my multiple machines (real and virtual) per user.

Samba authentication for linux just checks that a login/password match. You still have to create the users and if you use NFS, make sure the uid/gid's are all the same. For windows it works like a domain controller and once you've logged in as a windows user, you automatically authenticate to the samba shares as the same user and the server can force login scripts to run on the client.

I looked at the How-To for domain control, and it looks interesting. I'll have to dig into that further.

Ted Miller

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux