Les Mikesell wrote:
Ted Miller wrote:
After this, a windows user mapping a samba-shared directory from your
office2 machine will have the same access as the same user logged in
locally. There are the same issues with directories that users share
with group permissions, but samba offers some extra options to force
owner/group/permissions on newly created files that will help.
That is something I need to fix, because I do have some issues with
group accessed files, where certain operations require me to log in as
root and run a script that cleans up the file ownership, otherwise
some users can no longer access the files. Any pointers on where to
find documentation on this?
Newly created files default to having the group ownership of the primary
group of the user creating it, and the RH scheme is to give every user
his own group. You can do something like this in the samba share
configuration:
valid users = @groupname
force group = groupname
force create mode = 0775
force directory mode = 0775
How about if I just change the primary user group to being the user group
that I want their files' group ownership set to? Would that "just take
care of it" on the group side? Then I could just set the "force create
mode" and "force directory mode".
You can find samba docs here:
http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/
I have been using 'share' mode, but a little reading makes it sound
like I should switch to 'user' mode to make my life easier. I have
been adding various user permission lines to each share. Will they
keep working if I just comment out those lines?
Share vs. user doesn't make a difference in how things work after the
connection is established - it controls when authentication happens.
Share mode just lets you browse the share list before authenticating and
you can connect to different shares with different credentials.
You might look at webmin, since it has an option to maintain unix and
samba passwords at the same time and it can also keep multiple
machines in sync.
Does anyone maintain webmin for Centos? I have most of the common
repos hooked to yum, but webmin draws a blank.
This is one of the reasons I usually install k12ltsp instead of the
stock centos distribution (you don't lose anything, it just adds some
extras and makes the updates yummable). You probably can grab the RPM
directly from the webmin site.
Can I just add a k12ltsp repo and use their webmin?
There is also the issue that users who have root access to their own
workstation can pretend to be any user over NFS.
Not an issue in this situation, users do not have root access.
Do they have the same uid/gid, and group lists on their workstations as
on the file server?
yes, got that straight a while back.
Centralizing
authentication will help if you have many users and password changes.
But that can be as simple as turning on domain controller emulation
on samba on your office2 server and configuring everything else
(windows and Linux) to use it.
Any pointers to where I could learn the implications/pluses/minuses of
that? It might be useful with my multiple machines (real and virtual)
per user.
Samba authentication for linux just checks that a login/password match.
You still have to create the users and if you use NFS, make sure the
uid/gid's are all the same. For windows it works like a domain
controller and once you've logged in as a windows user, you
automatically authenticate to the samba shares as the same user and the
server can force login scripts to run on the client.
I looked at the How-To for domain control, and it looks interesting. I'll
have to dig into that further.
Ted Miller
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
