Pages : 1
#1 Le 12/11/2008, à 12:31
- leglen38
[SAMBA] Problèmes droits utilisateurs
Bonjour,
voici mon problème :
J'ai mis en place sur un serveur ubuntu 8.04 un serveur Samba avec des comptes utilisateurs Active Directory. Les utilisateurs accèdent bien à leurs dossiers, en controle total. Cependant quand ils posent un fichiers depuis un poste sous Windows dans leur partage Samba, le fichier a les attributs 750 et le propriétaire/group est root.
Est ce que c'est normal ? si non comment faire pour régler le problème ? Je ne suis pas au boulot donc je peux pas vous coller mon smb.conf.
Je le posterais plus tard....
MAis merci pour votre aide si vous avec déjà une solution...
Hors ligne
#2 Le 12/11/2008, à 13:15
- #hehedotcom\'isback
Re : [SAMBA] Problèmes droits utilisateurs
bonjour
il faut "arbitrairement" affecter un umask aux nouveaux fichiers.
issu de smb.conf:
# File creation mask is set to 0700 for security reasons. If you want to
# create files with group=rw permissions, set next parameter to 0775.
; create mask = 0700# Directory creation mask is set to 0700 for security reasons. If you want to
# create dirs. with group=rw permissions, set next parameter to 0775.
; directory mask = 0700
Dernière modification par #hehedotcom\'isback (Le 12/11/2008, à 13:15)
../
Hors ligne
#3 Le 12/11/2008, à 17:19
- leglen38
Re : [SAMBA] Problèmes droits utilisateurs
je suis bien d'accord avec toi, cependant ça ne règle pas mon deuxième problème des fichiers déposés sur le serveur et qui récupère comme attribut root:root....
Hors ligne
#4 Le 12/11/2008, à 23:51
- MrWaloo
Re : [SAMBA] Problèmes droits utilisateurs
c'est là que le smb.conf ou la commande testparm seraient utiles
"De tous ceux qui n'ont rien à dire, les plus agréables sont ceux qui se taisent !!" (Desproges)
UNIX is an operating system, OS/2 is half an operating system, Windows is a shell, MS-DOS is a boot sector virus.
Hors ligne
#5 Le 13/11/2008, à 14:37
- leglen38
Re : [SAMBA] Problèmes droits utilisateurs
et hop voilà mon smb.conf
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not made any basic syntactic errors.
#
#======================= Global Settings =====================================
[global]
log file = /var/log/samba/%m.log
# pour ne pas avoir de message concernant cups
load printers = no
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
map to guest = bad user
encrypt passwords = yes
realm = BDOM.AD.CORP
winbind use default domain = yes
winbind uid = 10000-20000
dns proxy = no
netbios name = BFRCPIEPX05
server string = BFRCPIEPX05 Samba Server BUC %v
printing = bsd### voir si cette ligne est rélement utile
password server = bfrcpiedc01 bfrcpiedc02
winbind gid = 10000-100000
idmap uid=10000-100000
idmap gid=10000-100000
workgroup = BDOM
printcap name = /dev/null
security = ads
# template homedir = /home/%U
template shell = /bin/bash
winbind separator = /
max log size = 50
winbind enum users = no
winbind enum groups = yes
winbind cache time = 7200
# smb passwd file = /etc/samba/smbpasswd
# winbind trusted domains only = yes
# password server = bfrcpiedc01
# encrypt passwords = yes
local master = no
domain master = no
preferred master = no[etc]
comment = parametres
path = /etc
browseable = no
writeable = yes
valid users = @bdom/bggbuc-linuxadmins
admin users = @bdom/bggbuc-linuxadmins[racine]
comment = racine
path = /
browseable = no
writable = yes
valid users = @bdom/bggbuc-linuxadmins
admin users = @bdom/bggbuc-linuxadmins
public = no[data]
comment = data
path = /data
browseable = yes
writable = yes
valid users = @bdom/bggbucpie-linux-RD
admin users = @bdom/bggbucpie-linux-RD-admin
public = no
[soft]
comment = soft
path = /soft
browseable = yes
writable = yes
valid users = @bdom/bggbucpie-linux-RD
admin users = @bdom/bggbucpie-linux-RD-admin
public = no[mdupoizat]
comment = home
path = /home/mdupoizat
browsable = no
writable = yes
valid users = BDOM/mdupoizat
admin users = BDOM/mdupoizat[mpeyrard]
comment = home
path = /home/mpeyrard
browsable = no
writable = yes
valid users = BDOM/mpeyrard
admin users = BDOM/mpeyrard[cdaverat]
comment = home
path = /home/cdaverat
browsable = no
writable = yes
valid users = BDOM/cdaverat
admin users = BDOM/cdaverat[tle-goaziou]
comment = home
path = /home/tle-goaziou
browsable = no
writable = yes
valid users = BDOM/tle-goaziou
admin users = BDOM/tle-goaziou[jermartin]
comment = home
path = /home/jermartin
browsable = no
writable = yes
valid users = BDOM/jermartin
admin users = BDOM/jermartin[bmorel]
comment = home
path = /home/bmorel
browsable = no
writable = yes
valid users = BDOM/bmorel
admin users = BDOM/bmorel[aguyard]
comment = home
path = /home/aguyard
browsable = no
writable = yes
valid users = BDOM/aguyard
admin users = BDOM/aguyard[ajourdan]
comment = home
path = /home/ajourdan
browsable = no
writable = yes
valid users = BDOM/ajourdan
admin users = BDOM/ajourdan[mearab]
comment = home
path = /home/mearab
browsable = no
writable = yes
valid users = BDOM/mearab
admin users = BDOM/mearab#[homes]
# comment = Home Directories
#valid users = %
# browseable = no
# writable = yes
# You can enable VFS recycle bin and on-access virus-scanning on a per
# share basis:
# Uncomment the next 2 lines (make sure you create a .recycle folder in
# the base of the share and ensure all users will have write access to it.
# For virus scanning, install samba-vscan-clamav and ensure the clamd service
# is running
# vfs objects = vscan-clamav recycle
# vscan-clamav: config-file = /etc/samba/vscan-clamav.conf# Un-comment the following and create the netlogon directory for Domain Logons
# [netlogon]
# comment = Network Logon Service
# path = /var/lib/samba/netlogon
# guest ok = yes
# writable = no#Uncomment the following 2 lines if you would like your login scripts to
#be created dynamically by ntlogon (check that you have it in the correct
#location (the default of the ntlogon rpm available in contribs)
#root preexec = /usr/bin/ntlogon -u '%u' -g '%g' -o %a -d /var/lib/samba/netlogon/
#root postexec = rm -f '/var/lib/samba/netlogon/%u.bat'# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
#[Profiles]
# path = /var/lib/samba/profiles
# browseable = no
# guest ok = yes
# writable = yes
# This script can be enabled to create profile directories on the fly
# You may want to turn off guest acces if you enable this, as it
# hasn't been thoroughly tested.
#root preexec = PROFILE='/var/lib/samba/profiles/%u'; if [ ! -e $PROFILE ]; \
# then mkdir -pm700 $PROFILE; chown '%u':'%g' $PROFILE;fi
# If you want read-only profiles, fake permissions so windows clients think
# they have written to the files
# vfs objects = fake_perms# NOTE: If you have a CUPS print system there is no need to
# specifically define each individual printer.
# You must configure the samba printers with the appropriate Windows
# drivers on your Windows clients or upload the printer driver to the
# server from Windows (NT/2000/XP). On the Samba server no filtering is
# done. If you wish that the server provides the driver and the clients
# send PostScript ("Generic PostScript Printer" under Windows), you have
# to use 'printcap name = cups' or swap the 'print command' line below
# with the commented one. Note that print commands only work if not using
# 'printing=cups'
##**[printers]
##** comment = All Printers
##** path = /var/spool/samba
##** browseable = no
# to allow user 'guest account' to print.
##** guest ok = yes
##** writable = no
##** printable = yes
##** create mode = 0700
# =====================================
# print command: see above for details.
# =====================================
##** print command = lpr-cups -P %p -o raw %s -r # using client side printer drivers.
# print command = lpr-cups -P %p %s # using cups own drivers (use generic PostScript on clients).
# If you install drivers on the server, you will want to uncomment this so
# clients request the driver
##** use client driver = yes# This share is used for Windows NT-style point-and-print support.
# To be able to install drivers, you need to be either root, or listed
# in the printer admin parameter above. Note that you also need write access
# to the directory and share definition to be able to upload the drivers.
# For more information on this, please see the Printing Support Section of
# /usr/share/doc/samba-<version>/docs/Samba-HOWTO-Collection.pdf
#
# A special case is using the CUPS Windows Postscript driver, which allows
# all features available via CUPS on the client, by publishing the ppd file
# and the cups driver by using the 'cupsaddsmb' tool. This requires the
# installation of the CUPS driver (http://www.cups.org/windows.php)
# on the server, but doesn't require you to use Windows at all :-).
##**[print$]
##** path = /var/lib/samba/printers
##** browseable = yes
##** write list = @adm root
##** guest ok = yes
##** inherit permissions = yes
# Settings suitable for Winbind:
# write list = @"Domain Admins" root
# force group = +@"Domain Admins"# A useful application of samba is to make a PDF-generation service
# To streamline this, install windows postscript drivers (preferably colour)
# on the samba server, so that clients can automatically install them.
# Note that this only works if 'printing' is *not* set to 'cups'[pdf-gen]
path = /var/tmp
guest ok = No
printable = Yes
comment = PDF Generator (only valid users)
printing = bsd
#print command = /usr/share/samba/scripts/print-pdf file path win_path recipient IP &
print command = /usr/share/samba/scripts/print-pdf "%s" "%H" "//%L/%u" "%m" "%I" "%J" &
lpq command = /bin/true# A share allowing administrators to set ACLs on, or access for backup purposes
# all files (as root).
#[admin]
# path = /
# admin users = @"Domain Admins"
# valid users = @"Domain Admins"
# browseable = no
# writeable = yes# This one is useful for people to share files
;[tmp]
; comment = Temporary file space
; path = /tmp
; read only = no
; public = yes# A publicly accessible directory, but read only, except for people in
# the "staff" group
;[public]
; comment = Public Stuff
; path = /home/samba/public
; public = yes
; writable = no
; write list = @staff
# Audited directory through experimental VFS audit.so module:
# Uncomment next line.
# vfs object = /usr/lib/samba/vfs/audit.so# Other examples.
#
# A private printer, usable only by Fred. Spool data will be placed in Fred's
# home directory. Note that fred must have write access to the spool directory,
# wherever it is.
;[fredsprn]
; comment = Fred's Printer
; valid users = fred
; path = /homes/fred
; printer = freds_printer
; public = no
; writable = no
; printable = yes# A private directory, usable only by Fred. Note that Fred requires write
# access to the directory.
;[fredsdir]
; comment = Fred's Service
; path = /usr/somewhere/private
; valid users = fred
; public = no
; writable = yes
; printable = no# a service which has a different directory for each machine that connects
# this allows you to tailor configurations to incoming machines. You could
# also use the %u option to tailor it by user name.
# The %m gets replaced with the machine name that is connecting.
;[pchome]
; comment = PC Directories
; path = /usr/pc/%m
; public = no
; writable = yes# The following two entries demonstrate how to share a directory so that two
# users can place files there that will be owned by the specific users. In this
# setup, the directory should be writable by both users and should have the
# sticky bit set on it to prevent abuse. Obviously this could be extended to
# as many users as required.
;[myshare]
; comment = Mary's and Fred's stuff
; path = /usr/somewhere/shared
; valid users = mary fred
; public = no
; writable = yes
; printable = no
; create mask = 0765
Hors ligne
#6 Le 13/11/2008, à 19:02
- MrWaloo
Re : [SAMBA] Problèmes droits utilisateurs
essai de commenter tout ce qui concerne windbind et idmap, puis redémarre samba
"De tous ceux qui n'ont rien à dire, les plus agréables sont ceux qui se taisent !!" (Desproges)
UNIX is an operating system, OS/2 is half an operating system, Windows is a shell, MS-DOS is a boot sector virus.
Hors ligne
Pages : 1