> -----Original Message----- > From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list- > bounces@xxxxxxxxxx] On Behalf Of Jeff Boyce > Sent: Friday, April 28, 2006 12:01 AM > To: redhat-list@xxxxxxxxxx > Subject: File permissions and group and user access problem > > Greetings - > > I am not sure if this is a Linux or a Samba problem, so let me know if > I > should be posting to the Samba list. I am not sure I fully understand how > permissions work and making sure they are set up properly. I have read > through all of my Linux, Samba, and networking books and haven't been able > to resolved my issue. > > My System: > RHES 3 fully up to date > Dell PE 2600 used primarily as a Samba file server to 10 Windows boxes > > My Objective: > I need to establish a directory for our accounting files that only > allow > two users to access the file. The accounting software (QuickBooks) is > setup > on a desktop Windows box with the accounting data file stored on the Linux > server. > > What I have done: > 1. Setup an Accounting directory on server; current permissions are > drwxrws--T > 2. Created an Accounting group on the Linux server and included the > two > users in this group. > 3. Setup accounting users passwords (matching their Linux passwords) > on > a common Window box (vers. ME/2000) that is used by the two users. > 4. A Guest user is also setup on this Windows box for other purposes > (I > realize the potential for risk with this but don't have another option, > that > is why I am trying to achieve my objective). > 5. A copy of an accounting data file for testing purposes is on the > Linux server with permissions of -rwxrw---- > 6. The owner of the accounting data file is one of the two users in > the > accounting group. > 7. Both users in the accounting group can access the Accounting > directory and accounting data file through Windows file manager and can > make > changes to the data file in QuickBooks. > 8. The Guest user can not access the Accounting directory or data > file > through Windows file manager, but if they run QuickBooks they can open the > data file and it accepts changes to the file (this is what I want to > prevent). > > What I need to do: > I need to make sure that the Guest user (if they are able to start > QuickBooks on this box) is restricted from making changes to the > accounting > data file. In other words, the Linux file permissions would not accept > any > changes to the data file if it recognizes the Guest user is logged onto > the > box. It seems that the QuickBooks is accessing file using the identity of the user in Accounting group, not the identity of the Guest user for file permissions checking (because you have verified that Guest can not access the file directly from file manager. What are the messages in the Samba log files on the server during the access using QuckBooks? The smb daemon can log the information on the user accessing the file (if necessary, increase the verbosity of nessages in the samba configurstuo file) therefore it could be determined who (what user) ia actually trying to access the file. Alexey Fadyushin. Brainbench MVP for Linux. http://www.brainbench.com > > Is this a Linux permissions issue, or a Samba share configuration > problem? I can post my Samba share configuration if that would assist. > What should I change to address my problem and meet my objective? Thanks. > > > Jeff Boyce > www.meridianenv.com > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
