----- Original Message -----
From: <A.Fadyushin@xxxxxxxxxxxx>
To: <jboyce@xxxxxxxxxxxxxxx>; <redhat-list@xxxxxxxxxx>
Sent: Friday, April 28, 2006 10:15 AM
Subject: RE: File permissions and group and user access problem
-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-
bounces@xxxxxxxxxx] On Behalf Of Jeff Boyce
Sent: Friday, April 28, 2006 12:01 AM
To: redhat-list@xxxxxxxxxx
Subject: File permissions and group and user access problem
Greetings -
I am not sure if this is a Linux or a Samba problem, so let me
know if
I
should be posting to the Samba list. I am not sure I fully understand
how
permissions work and making sure they are set up properly. I have
read
through all of my Linux, Samba, and networking books and haven't been
able
to resolved my issue.
My System:
RHES 3 fully up to date
Dell PE 2600 used primarily as a Samba file server to 10 Windows
boxes
My Objective:
I need to establish a directory for our accounting files that only
allow
two users to access the file. The accounting software (QuickBooks) is
setup
on a desktop Windows box with the accounting data file stored on the
Linux
server.
What I have done:
1. Setup an Accounting directory on server; current permissions
are
drwxrws--T
2. Created an Accounting group on the Linux server and included
the
two
users in this group.
3. Setup accounting users passwords (matching their Linux
passwords)
on
a common Window box (vers. ME/2000) that is used by the two users.
4. A Guest user is also setup on this Windows box for other
purposes
(I
realize the potential for risk with this but don't have another
option,
that
is why I am trying to achieve my objective).
5. A copy of an accounting data file for testing purposes is on
the
Linux server with permissions of -rwxrw----
6. The owner of the accounting data file is one of the two users
in
the
accounting group.
7. Both users in the accounting group can access the Accounting
directory and accounting data file through Windows file manager and
can
make
changes to the data file in QuickBooks.
8. The Guest user can not access the Accounting directory or data
file
through Windows file manager, but if they run QuickBooks they can open
the
data file and it accepts changes to the file (this is what I want to
prevent).
What I need to do:
I need to make sure that the Guest user (if they are able to start
QuickBooks on this box) is restricted from making changes to the
accounting
data file. In other words, the Linux file permissions would not
accept
any
changes to the data file if it recognizes the Guest user is logged
onto
the
box.
It seems that the QuickBooks is accessing file using the identity of the
user in Accounting group, not the identity of the Guest user for file
permissions checking (because you have verified that Guest can not
access the file directly from file manager. What are the messages in the
Samba log files on the server during the access using QuckBooks? The smb
daemon can log the information on the user accessing the file (if
necessary, increase the verbosity of nessages in the samba configurstuo
file) therefore it could be determined who (what user) ia actually
trying to access the file.
Alexey Fadyushin.
Brainbench MVP for Linux.
http://www.brainbench.com
Is this a Linux permissions issue, or a Samba share configuration
problem? I can post my Samba share configuration if that would
assist.
What should I change to address my problem and meet my objective?
Thanks.
Jeff Boyce
www.meridianenv.com
It appears that a reboot of the Windows box has resolved the current issue.
I am assuming that when the Users were setup in the Window 2000 box, that
not all of the configuration changes were effective until after a reboot,
although most of the changes appeared to be implemented just when logging
out then back in as a different user. This is what happens when you have
different versions of Windows running on different boxes throughout the
office. Sorry for causing anyone any extraneous headscratching.
Jeff Boyce
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
