TurnKey Linux Virtual Appliance Library

TKL FileServer - Please Help Me To Understand Samba Shares

Folks,

I've been working with the TKLFS (2009.10.2) and have it working for individuals in the house.

All the computers in the house run a version of Windows except for the TKLFS.

Mom, Dad, Son1, Son2, & Daughter1. Each have their own Samba Share. Mom and Dad are able to read and write to all of the shares including the kids for obvious reasons because they have read/write access to all shares. The kids have read/write to their own share and read to all others.

Note, everyone is in the Linux "100 users" group and in their own individual secondary group. Samba share access is by their group name. Samba security = user.

The kids want to able to share their files with each other and they do NOT want their files deleted except possibly by Mom and Dad. So the kids have read/write access to their own share and read access to all others.

So Mom and Dad can do whatever they need to do with all the shares.

The kids though can see the shares in Windows Explorer - but when they try to copy a file via drag and drop from outside their share to their share, Windows complains about the file being in use, diskfull and denies access to copy - so I suspect it is because they only have read access to the other shares.

Now I do NOT want to give them read/write access to shares other than their own. Why? Well if Son1 got upset with Son2 and went to delete Son2's files and succeeded - the "WAR" would be on! Just plug in any kid there. It is to help keep sanity in the house.

So the question is how to setup Samba Shares to allow the the kids to copy files from the other shares to theirs while keeping them from deleting files in the other shares? In my thinking there should be a way to do this. And it is very possible I missed something obvious.

Help Please

Thanks

Dave

You have better options

You will get a much better/acurate response/answer by asking on the samba mailing list.

https://lists.samba.org/mailman/listinfo/samba

Thanks

Chaim,

I appreciate the input. And I like to read the forums and so forth without subscribing (lurk if you will) to see if I can find the answer. Apparently I missed something as the link provided I could not find how to  read the info because it requires a subscription - I already get more than enough stuff.

If there is any way to read it without subscribing or downloading a newsgroup to my system please provide  the address.

Still searching for the answer.

Thank You

Dave


Use Gmane

Dave,

You are not alone in your desire. There is a website/service called Gmane that provides a way for you to search/read most mailinglists and newsgroups. You will see a link to it on that page.

"This list is also available as a newsgroup at gmane.org."

Also, most mailing lists using Mailman software, as the samba list does, provide an archive. It is not as easy to search/read as the Gmane version though. You will see a link to it on that page as well.

"To see the collection of prior postings to the list, visit the samba Archives."

Hope that helps.

Thanks Again

Chaim,

 I appreciate the response, and I must be blind in one eye and can't see out of the other!

I'll go through the archives because I believe someone will have had a similiar situation they had to resolve.

In the mean time if any one has a solution or knows where else I could look I would appreciate the link.

Thanks Again

Dave
 


Jeremy's picture

I suspect your problem is file permissions

You obviously have the share permissions setup fine (as users can see the files - just not access them).

Sorry for the delay responding.

IMO the easiest way to do what you want is to leave samba setup as it is. Then make the sambashare usergroup the default user group for all users. Then allow each user read/write file access to their own share (as it is already) and allow read only for the group. You can acheive all this through Webmin, Users & Groups for changing the default user groups, and File Manager to change file permissions (select the folder and click Info).

This will almost give you your desired outcome. Assuming the need for you to delete files from other users shares is only occasional, just use an FTP client (such as Filezilla) logged in as root to access all files read/write.

I'm sure there are other ways to achieve this but thats how I'd do it.

Let us know how you go.

Thank You

JedMeister,

Thanks for your response. I appreciate the apology about the late response although I would think you may have your hands full with life, the switch to 10.04 and so forth. I hope everything is going well for you.

I too believe it is a permission thing and my goal is to keep it simple, really simple. That is why I am trying to keep it all working within "Windows Explorer" because the family basically knows it and after all this is a home system. I simply do not want to get into other programs/interfaces for use as I do not want to have to 'train' them in it - do too much training already in my work life. Besides in my way of thinking if the existing works, why reinvent the wheel.

I read your response and had to read it again to get your point about using the "File Manager to change file permissions".  I do not have java on my box so I've never used the file manager, but java is on my wife's, so tried it there. Though I did not understand why the use of FM - until - I saw in the Info box about permissions and the option "Sticky - only owners can delete files" - an Ah-ha! moment - I went searching for "samba sticky bit" and found this explanation.

So my thoughts are why couldn't I find this earlier with the searching I did? I was looking at ACL and so forth, read the O'Reilly Samba books online, was forum searching/reading, and so forth, getting no where fast. Needless to say I need to do more research on the sticky bits of Samba/Linux, particlarly since this sticky bit is a Linux permission, not Samba's as I was thinking. And that may explain why I could not find it.

I can edit the smb.conf file from within webmin, with nano through ShellInABox or filezilla with an editor and I am comfortable with any of them.

Right now though I do not have the time to try this, though in a day or two I will. I believe I'll also try some of the ideas from the above link as well and add "admin users = mom dad" to each of the kids share in smb.conf. Though I will have to test all of this pretty thoroughly before I let the kids at it. Just seems to be a tricky setup. If the kids shares were not involved this would already be done.

I will post my findings once I get through all of it.

Now it also raises questions as to why this is not part of WebMin? Maybe it is and I just did not see it or it might be an oversight by their dev team. Particularly since the File Manager shows the option the way it does.

Thanks Again JedMeister

Take Care and Enjoy!

Dave


Jeremy's picture

That's not quite what I had in mind

Although the link you provided looks interesting and would be relevant if you wish to have a shared folder which everyone can write to but no one can delete from.

Sorry if what I wrote was a little confusing. To better explain myself, here's an image of what I was thinking:
permissions screenshot
In this example the user testuser1is the owner of the /srv/storage/test folder and will have read/write (and list) permissions. All other users that are members of the group testgroup will have read (and list) only permissions.
 
As for Filezilla, I wasn't suggesting that all your users to use it, I was suggesting that you use it yourself for root access to the whole file system (for deleteing of other's files).

We're on the same path ...

JedMeister,

Sorry if I led you astray with the link. What I found interesting was the part about the creation of directories and following/inheriting the owner of the share with the sticky bit.

Not that I was going to create one share for us to drop everything into. OH NO, that would not work!

I also understood and obviously did not make it clear that the use of FileZilla was to be for me, which I'm comfortable with. The addition of the "admin user" was more for the wife in monitoring the kids shares and since I was adding her I should add myself and make it easy for me as well.

Hope that clears things up a bit.

Thanks

Dave


Jeremy's picture

No worries

Glad you've got it under control :)

Post new comment

The content of this field is kept private and will not be shown publicly. If you have a Gravatar account, used to display your avatar.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <strike> <caption>

More information about formatting options

Leave this field empty. It's part of a security mechanism.
(Dear spammers: moderators are notified of all new posts. Spam is deleted immediately)