Topic: IBAY - three groups

[byte]

Has anyone thought of opening a NFR for this code ? Thanks.

[Beddhist]

Since I think that this is a very common scenario and we are affected I have opened Bug 4398

[Beddhist]

I think I would approach this a different way. 

I would create a symlink using Midnight Commander that links one existing ibay folder structure into a second ibay.  Then I would assign different group permissions to both ibays using server-manager in the "normal" way.

Hope this helps.  David

I've tried this every way I can think of, but all I get is "Access denied". So I changed the permissions on the directories, but that makes them world readable. The answer is probably in this bug comment:

"The POSIX permission model does not allow for two such groups. Each file and
directory in the filesystem only has one group associated with it."

[Beddhist]

So if we create '20writable' and enter this text (change what ever is in BOLD):

Ok, thanks. I created the file in MidnightCommander:

Code: [Select]

{
    if ($key eq 'ged-files')
    {
        $OUT .= "writable = no\n";
        $OUT .= "write list = \@teachers\n";
        $OUT .= "valid users = \@teachers \@ged\n";
    }
}
Edit: I just found out the hard way that you have to have a LF at the end of the file. Without it the result is:

Code: [Select]

[root@mef-server ibays]# expand-template /etc/smb.conf
WARNING in /etc/e-smith/templates-custom//etc/smb.conf/ibays/writable: Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/site_perl/esmith/templates.pm line 579.
WARNING in /etc/e-smith/templates-custom//etc/smb.conf/ibays/writable: ERROR: Cannot process template /etc/e-smith/templates-custom//etc/smb.conf/ibays/writable:
 at /etc/e-smith/templates//etc/smb.conf/90ibays line 9
WARNING in /etc/e-smith/templates//etc/smb.conf/90ibays: Use of uninitialized value in concatenation (.) or string at /etc/e-smith/templates//etc/smb.conf/90ibays line 9.
WARNING in /etc/e-smith/templates-custom//etc/smb.conf/ibays/writable: Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/site_perl/esmith/templates.pm line 579.
WARNING in /etc/e-smith/templates-custom//etc/smb.conf/ibays/writable: ERROR: Cannot process template /etc/e-smith/templates-custom//etc/smb.conf/ibays/writable:
 at /etc/e-smith/templates//etc/smb.conf/90ibays line 9
WARNING in /etc/e-smith/templates//etc/smb.conf/90ibays: Use of uninitialized value in concatenation (.) or string at /etc/e-smith/templates//etc/smb.conf/90ibays line 9.
WARNING in /etc/e-smith/templates-custom//etc/smb.conf/ibays/writable: Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/site_perl/esmith/templates.pm line 579.
WARNING in /etc/e-smith/templates-custom//etc/smb.conf/ibays/writable: ERROR: Cannot process template /etc/e-smith/templates-custom//etc/smb.conf/ibays/writable:
 at /etc/e-smith/templates//etc/smb.conf/90ibays line 9
WARNING in /etc/e-smith/templates//etc/smb.conf/90ibays: Use of uninitialized value in concatenation (.) or string at /etc/e-smith/templates//etc/smb.conf/90ibays line 9.
WARNING in /etc/e-smith/templates-custom//etc/smb.conf/ibays/writable: Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/site_perl/esmith/templates.pm line 579.
WARNING in /etc/e-smith/templates-custom//etc/smb.conf/ibays/writable: ERROR: Cannot process template /etc/e-smith/templates-custom//etc/smb.conf/ibays/writable:
 at /etc/e-smith/templates//etc/smb.conf/90ibays line 9
WARNING in /etc/e-smith/templates//etc/smb.conf/90ibays: Use of uninitialized value in concatenation (.) or string at /etc/e-smith/templates//etc/smb.conf/90ibays line 9.
WARNING in /etc/e-smith/templates-custom//etc/smb.conf/ibays/writable: Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/site_perl/esmith/templates.pm line 579.
WARNING in /etc/e-smith/templates-custom//etc/smb.conf/ibays/writable: ERROR: Cannot process template /etc/e-smith/templates-custom//etc/smb.conf/ibays/writable:
 at /etc/e-smith/templates//etc/smb.conf/90ibays line 9
WARNING in /etc/e-smith/templates//etc/smb.conf/90ibays: Use of uninitialized value in concatenation (.) or string at /etc/e-smith/templates//etc/smb.conf/90ibays line 9.
WARNING in /etc/e-smith/templates-custom//etc/smb.conf/ibays/writable: Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/site_perl/esmith/templates.pm line 579.
WARNING in /etc/e-smith/templates-custom//etc/smb.conf/ibays/writable: ERROR: Cannot process template /etc/e-smith/templates-custom//etc/smb.conf/ibays/writable:
 at /etc/e-smith/templates//etc/smb.conf/90ibays line 9
WARNING in /etc/e-smith/templates//etc/smb.conf/90ibays: Use of uninitialized value in concatenation (.) or string at /etc/e-smith/templates//etc/smb.conf/90ibays line 9.
WARNING: Template processing succeeded for //etc/samba/smb.conf: 6 fragments generated warnings
 at /sbin/e-smith/expand-template line 45

It's now working the way it should. Thanks again to all who helped.

I still believe that this is a common scenario. Best security practice is to keep the admin password in a safe place. As it is now it seems impossible to delegate authority to users to maintain non-public shares. (I think most of the target audience of SME would not be capable of implementing templates like this.

Perhaps we could have an option in server manager to modify samba access to shares?

Should I do something about the bug I raised?

[imcintyre]

How about adding this to the wiki as a "how-to"