RE: File permissions and group and user access problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




> -----Original Message-----
> From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-
> bounces@xxxxxxxxxx] On Behalf Of Jeff Boyce
> Sent: Friday, April 28, 2006 12:01 AM
> To: redhat-list@xxxxxxxxxx
> Subject: File permissions and group and user access problem
> 
> Greetings -
> 
>     I am not sure if this is a Linux or a Samba problem, so let me
know if
> I
> should be posting to the Samba list.  I am not sure I fully understand
how
> permissions work and making sure they are set up properly.  I have
read
> through all of my Linux, Samba, and networking books and haven't been
able
> to resolved my issue.
> 
> My System:
>     RHES 3 fully up to date
>     Dell PE 2600 used primarily as a Samba file server to 10 Windows
boxes
> 
> My Objective:
>     I need to establish a directory for our accounting files that only
> allow
> two users to access the file.  The accounting software (QuickBooks) is
> setup
> on a desktop Windows box with the accounting data file stored on the
Linux
> server.
> 
> What I have done:
>     1.  Setup an Accounting directory on server; current permissions
are
> drwxrws--T
>     2.  Created an Accounting group on the Linux server and included
the
> two
> users in this group.
>     3.  Setup accounting users passwords (matching their Linux
passwords)
> on
> a common Window box (vers. ME/2000) that is used by the two users.
>     4.  A Guest user is also setup on this Windows box for other
purposes
> (I
> realize the potential for risk with this but don't have another
option,
> that
> is why I am trying to achieve my objective).
>     5.  A copy of an accounting data file for testing purposes is on
the
> Linux server with permissions of -rwxrw----
>     6.  The owner of the accounting data file is one of the two users
in
> the
> accounting group.
>     7.  Both users in the accounting group can access the Accounting
> directory and accounting data file through Windows file manager and
can
> make
> changes to the data file in QuickBooks.
>     8.  The Guest user can not access the Accounting directory or data
> file
> through Windows file manager, but if they run QuickBooks they can open
the
> data file and it accepts changes to the file (this is what I want to
> prevent).
> 
> What I need to do:
>     I need to make sure that the Guest user (if they are able to start
> QuickBooks on this box) is restricted from making changes to the
> accounting
> data file.  In other words, the Linux file permissions would not
accept
> any
> changes to the data file if it recognizes the Guest user is logged
onto
> the
> box.

It seems that the QuickBooks is accessing file using the identity of the
user in Accounting group, not the identity of the Guest user for file
permissions checking (because you have verified that Guest can not
access the file directly from file manager. What are the messages in the
Samba log files on the server during the access using QuckBooks? The smb
daemon can log the information on the user accessing the file (if
necessary, increase the verbosity of nessages in the samba configurstuo
file) therefore it could be determined who (what user) ia actually
trying to access the file. 

Alexey Fadyushin.
Brainbench MVP for Linux.
http://www.brainbench.com

> 
>     Is this a Linux permissions issue, or a Samba share configuration
> problem?  I can post my Samba share configuration if that would
assist.
> What should I change to address my problem and meet my objective?
Thanks.
> 
> 
> Jeff Boyce
> www.meridianenv.com
> 
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux