Topic: Users accidentally owning files on shared network drive?

[n0lqu]

This may be a newbie-type question as I've not had much experience with file ownership in a Windows or Samba-style network; hopefully the answer is a simple one!

We have an SME server with an i-bay set up to share files within the department; everyone has full access to the files on this i-bay (assigned to drive letter K:).  Somehow some of the files and directories have gotten "owned" by some of the users and can't be accessed by the other users.  The file owner did not intend for this to happen, doesn't know how it happened, and just wants everyone else to be able to open, change, etc. those files and directories.

Most of the files/directories have ownerships of root/employee and as far as I know new files created are normally created that way, however there are a handful of files and directories that are now username/username or username/employee instead.  I could and probably will use chown]/i] to reset the ownerships back to root/everyone, but I need to understand why and how the ownerships got changed so it doesn't happen again (at least accidentally; knowing how to do it on purpose may well be useful) and so I can train the users properly.

How would the end user be able to change a particular file or directory's ownership or permissions?  The end users in this case are using Windows 98 and signing on to the domain with their usernames and passwords.

Thanks for any help understanding how ownership and permissions are supposed to work in a Samba/Windows network and how to resolve this problem!

[azche24]

This may be a newbie-type question as I've not had much experience with file ownership in a Windows or Samba-style network; hopefully the answer is a simple one!

Not a simple answer: Some applications (in our case it was as visual-basic based lawyer application) tend to "take over" files on samba shares from group/user A to group / user B as you described.   I don't know why. Think Billyboy did implement some funny hidden extras in his software.

A german admin advised me to change ibay values and it worked:

Code: [Select]

force group = group (should be an existing group)
force user = someuser (should be an existing user on your SME)
Rights are changed to 777 (world readable, which is pretty insecure).

I have the working smb.config part for that ibay at work. I will post it, when getting back to office.

This is pretty hard to implement on SME ibays, because your have to modify the templates in /etc/e-smith/templates-custom . But it worked.

[n0lqu]

Not a simple answer: Some applications (in our case it was as visual-basic based lawyer application) tend to "take over" files on samba shares from group/user A to group / user B as you described.  I don't know why. Think Billyboy did implement some funny hidden extras in his software.

A german admin advised me to change ibay values and it worked:

Thanks for the tip.  I'm at a different location than where the server is at an though I can administer it from here I'll want to do some playing to see if I can figure out an end-user way to do it and therefore fix it.  If that doesn't pan out, I'll probably try the smb.conf fix you mentioned so if you can post that working smb.conf you mentioned, that could be helpful.

Code: [Select]

force group = group (should be an existing group)
force user = someuser (should be an existing user on your SME)
Rights are changed to 777 (world readable, which is pretty insecure).

I wouldn't think those lines of code would make the files world readable, and I wouldn't be very fond of that solution if that were the case.  In this case the group and world are probably the same, but as things progress in the future that would likely not always be the case.  I'll do some research on those two commands in the Samba Reference Guide.

Thanks for your help!  And if anyone else knows more about how an end user using Windows 98 is capable of changing a network file's ownership or permissions, I'd be very interested in that (as might other newbies reading this).

[cheezeweeze]

Use "force group" in samba to correct the user name overriding the group name.

SME Server V7.0

Create custom smb.conf/ibays template "40forcegroup":
mkdir -p /etc/e-smith/templates-custom/etc/smb.conf/ibays/
vi /etc/e-smith/templates-custom/etc/smb.conf/ibays/40forcegroup

Paste the following code:
{
    my $ibgrp = $ibay->prop('Group') || 'none';
    $OUT .= "force group = $ibgrp\n";
}

Expand the template:
/sbin/e-smith/expand-template /etc/smb.conf

View smb.conf to confirm changes:
view /etc/smb.conf

Apply changes and reboot:
signal-event post-upgrade; signal-event reboot

[raem]

n0lqu

It doesn't sound like you have setup the ibay and your user groups appropriately.
How is it configured in server manager ?

Typically you would set the ibay to be owned by a group for read & write, and you would make users members of that group. As files get created they would have ownership like
user1:ibaygroup
user2:ibaygroup
user3:ibaygroup

Whenever a user accesses the ibay & files therein they are allowed to do so because of their group rights, even though particular files may have been created by a different user

> chown to reset the ownerships back to root/everyone

Your files should not really have root:user permissions.
You must have been be copying file around as the root user, that will only get you into trouble later as you have found out.

You should really be doing
chown -R anyuser:group

[raem]

n0lqu

If you have set your ibay to
group = everyone
and
user access - write=group read=group

then files will have ownership like

user:shared