Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: Tejaswini on September 24, 2009, 11:12:55 AM
-
Hi,
All my ibays are accessible by all the users even though they don't have permission to access.
To test the issue, I just created a new user. Even if this user does not have permission for ANY ibays, still it gets access to all ibays.
Please help.
-
please explain..
how do you setup your ibays?
is the new user member of a group?
-
Thanks for quick reply.
No ibay has "Everyone" Permission.
The new user is not a member of ANY Group.
-
No ibay has "Everyone" Permission.
The new user is not a member of ANY Group.
If the test ibay has "Everyone" permission set as read/write then that's no surprise that the user can have access.
Try setting up groups to restrict user access to ibays and make sure you log off user and log on user at the client end to re authenticate.
-
I have NOT set "Everyone" to any ibays....Its group read and write only...Although if the user is not a member of the group he can access the ibay.
-
ok.. did you follow byte's advice?
try to re-expand the smb.conf template and to restart smb service..
anything strange in the logs?
-
Please help.
http://wiki.contribs.org/SharedFolders
-
I have NOT set "Everyone" to any ibays....Its group read and write only...Although if the user is not a member of the group he can access the ibay.
Show:
db accounts show <ibayname>
db accounts show <groupname>
Where group name is the group set to ibay name.
-
db accounts show accdata
accdata=ibay
CgiBin=disabled
Gid=5010
Group=accounts
KeepVersions=disabled
Name=accounts data
PasswordSet=no
PublicAccess=none
RecycleBin=enabled
Uid=5010
UserAccess=wr-group-rd-group
[root@newdellsme1 ~]# db accounts show accounts
accounts=group
Description=accounts staff
Gid=5002
Members=ashwinraj,girish,psekar,purohit,ravisunny,rkpurohit,swamy,veeresh
Uid=5002
-
Other than accounts group users,any other group users can access accdata ibay....
-
Are the users Windows clients with Workgroup or Domain log-on?
Can they see their home folder OK and not "admin"?
-
Windows clients are members of the SME domain.
I didn't understand your 2nd Q. If I have understood your question to some extend then the user is able access his home directory. When I log in as a user it can see only it's home directory not any others.
-
[root@newdellsme1 ~]# db accounts show accounts
accounts=group
Description=accounts staff
Gid=5002
Members=ashwinraj,girish,psekar,purohit,ravisunny,rkpurohit,swamy,veeresh
Uid=5002
So the user that CAN access the "accdata" is NOT in the above "members" correct ? If so that should work out of the box. Can you log on to the console and type:
cd /home/e-smith/files/ibays/
then type:
ll -ls accdata
?
I notice you also have recycle bin enabled, there is a bug see:
Bug 1734 (http://bugs.contribs.org/show_bug.cgi?id=1734)
-
[root@newdellsme1 ibays]# ll -ls accdata
total 12
4 drwxrws--- 2 root accounts 4096 Dec 8 2006 cgi-bin
4 drwxrws--- 59 swamy accounts 4096 Sep 24 11:28 files
4 drwxrws--- 2 root accounts 4096 Jun 22 2007 html
[root@newdellsme1 ibays]#
-
Tejaswini
As per bug 1734 try modifying and then saving accdata ibay
then again run
ll -ls accdata
show us the results
-
If u dont mind...can u explain me how to modify that ibay....I din't get how to modify that...
-
Tejaswini
Open server manager, click information bays, click modify next to the ibay in question, click save
No need to actually change anything, but you must click save
-
I got same result.
[root@newdellsme1 ibays]# ll -ls accdata/
total 12
4 drwxrws--- 2 root accounts 4096 Dec 8 2006 cgi-bin
4 drwxrws--- 59 swamy accounts 4096 Sep 25 11:18 files
4 drwxrws--- 2 root accounts 4096 Jun 22 2007 html
-
Tejaswini
I would ask what do you actually mean by "access the ibays" ?
All users will be able to see all ibays, but not actually access and open files unless they are members of the group that the ibay belongs to.
Can your users actually open and save files in the ibay they should not have access to ?
Please show the complete output of
cat /etc/samba/smb.conf
After that you could do
signal-event post-upgrade
signal-event reboot
and see if access changes
-
Users can access and open the files although they are not members of the group that the ibay belongs to.
Here is the output of /etc/samba/smb.conf
[homes]
comment = Home directory
browseable = no
guest ok = no
read only = no
writable = yes
printable = no
create mode = 0660
force create mode = 0660
directory mode = 0770
force directory mode = 0770
path = /home/e-smith/files/users/%S/home
root preexec = "/usr/local/bin/generate_netlogon /home/e-smith/files/samba/netlogon/netlogon.template /home/e-smith/files/users/%U/home/netlogon.bat %U %m %a %T"
vfs objects = recycle
recycle:exclude_dir=/tmp|/temp|/cache
recycle:repository=Recycle Bin
recycle:versions=False
recycle:keeptree=True
recycle:touch=True
recycle:exclude=*.tmp|*.temp|*.o|*.obj|~$*
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
use client driver = yes
[netlogon]
comment = Network Logon Service
path = /home/e-smith/files/samba/netlogon
guest ok = yes
writable = yes
browseable = no
[print$]
comment = Printer drivers
path = /home/e-smith/files/samba/printers
guest ok = yes
browseable = yes
writable = no
[Primary]
comment = Primary i-bay
path = /home/e-smith/files/ibays/Primary
read only = no
writable = yes
printable = no
inherit permissions = yes
create mode = 0640
force group = shared
[accdata]
comment = accounts data
path = /home/e-smith/files/ibays/accdata/files
read only = no
writable = yes
printable = no
inherit permissions = yes
create mode = 0660
force group = accounts
vfs objects = recycle
recycle:exclude_dir=/tmp|/temp|/cache
recycle:repository=Recycle Bin
recycle:versions=False
recycle:keeptree=True
recycle:touch=True
recycle:exclude=*.tmp|*.temp|*.o|*.obj|~$*
[assmdata]
comment = assembly data
path = /home/e-smith/files/ibays/assmdata/files
read only = no
writable = yes
printable = no
inherit permissions = yes
create mode = 0660
force group = assembly
vfs objects = recycle
recycle:exclude_dir=/tmp|/temp|/cache
recycle:repository=Recycle Bin
recycle:versions=False
recycle:keeptree=True
recycle:touch=True
recycle:exclude=*.tmp|*.temp|*.o|*.obj|~$*
[common]
comment = common data
path = /home/e-smith/files/ibays/common/files
read only = no
writable = yes
printable = no
inherit permissions = yes
create mode = 0660
force group = shared
vfs objects = recycle
recycle:exclude_dir=/tmp|/temp|/cache
recycle:repository=Recycle Bin
recycle:versions=False
recycle:keeptree=True
recycle:touch=True
recycle:exclude=*.tmp|*.temp|*.o|*.obj|~$*
[comptest]
comment = data testing
path = /home/e-smith/files/ibays/comptest/files
read only = no
writable = yes
printable = no
inherit permissions = yes
create mode = 0660
force group = test
[designdata]
comment = design data
path = /home/e-smith/files/ibays/designdata/files
read only = no
writable = yes
printable = no
inherit permissions = yes
create mode = 0660
force group = design
vfs objects = recycle
recycle:exclude_dir=/tmp|/temp|/cache
recycle:repository=Recycle Bin
recycle:versions=False
recycle:keeptree=True
recycle:touch=True
recycle:exclude=*.tmp|*.temp|*.o|*.obj|~$*
[glpi]
comment = ibay for glpi and ocs inventory
path = /home/e-smith/files/ibays/glpi
read only = no
writable = yes
printable = no
inherit permissions = yes
create mode = 0660
force group = admin
[inspdata]
comment = inspection data
path = /home/e-smith/files/ibays/inspdata/files
read only = no
writable = yes
printable = no
inherit permissions = yes
create mode = 0660
force group = inspection
vfs objects = recycle
recycle:exclude_dir=/tmp|/temp|/cache
recycle:repository=Recycle Bin
recycle:versions=False
recycle:keeptree=True
recycle:touch=True
recycle:exclude=*.tmp|*.temp|*.o|*.obj|~$*
[iso9001-2000]
comment = iso
path = /home/e-smith/files/ibays/iso9001-2000/files
read only = no
writable = yes
printable = no
inherit permissions = yes
create mode = 0664
force group = iso9001
[processdata]
comment = processdatas
path = /home/e-smith/files/ibays/processdata/files
read only = no
writable = yes
printable = no
inherit permissions = yes
create mode = 0664
force group = process
[proddata]
comment = production data
path = /home/e-smith/files/ibays/proddata/files
read only = no
writable = yes
printable = no
inherit permissions = yes
create mode = 0664
force group = production
vfs objects = recycle
recycle:exclude_dir=/tmp|/temp|/cache
recycle:repository=Recycle Bin
recycle:versions=False
recycle:keeptree=True
recycle:touch=True
recycle:exclude=*.tmp|*.temp|*.o|*.obj|~$*
[progdata]
comment = program data
path = /home/e-smith/files/ibays/progdata/files
read only = no
writable = yes
printable = no
inherit permissions = yes
create mode = 0660
force group = programmers
vfs objects = recycle
recycle:exclude_dir=/tmp|/temp|/cache
recycle:repository=Recycle Bin
recycle:versions=False
recycle:keeptree=True
recycle:touch=True
recycle:exclude=*.tmp|*.temp|*.o|*.obj|~$*
[securitydata]
comment = security data
path = /home/e-smith/files/ibays/securitydata/files
read only = no
writable = yes
printable = no
inherit permissions = yes
create mode = 0660
force group = security
vfs objects = recycle
recycle:exclude_dir=/tmp|/temp|/cache
recycle:repository=Recycle Bin
recycle:versions=False
recycle:keeptree=True
recycle:touch=True
recycle:exclude=*.tmp|*.temp|*.o|*.obj|~$*
[vendordata]
comment = vendor data
path = /home/e-smith/files/ibays/vendordata/files
read only = no
writable = yes
printable = no
inherit permissions = yes
create mode = 0640
force group = vendor
vfs objects = recycle
recycle:exclude_dir=/tmp|/temp|/cache
recycle:repository=Recycle Bin
recycle:versions=False
recycle:keeptree=True
recycle:touch=True
recycle:exclude=*.tmp|*.temp|*.o|*.obj|~$*
-
Tejaswini
I got same result.
I was wonderig whether access ability changed after doing the ibay modify & save.
-
Tejaswini
What version sme are you running ?
Your smb.conf is missing a whole Global section (compared to my sme7.4).
Did you install the Shared Folders contrib referred to earlier in this thread ?
I think this problem should be moved to bugzilla, it's getting out of hand here.
Please open a bug there and put a link to that bug in this thread, and please summarise what has already happened in this thread, with a link back to this thread.
Also attach the output of the following commands to your bug report
/sbin/e-smith/audittools/newrpms
/sbin/e-smith/audittools/templates
Please do not post any more answers here.
-
I'll ask the moderator to
close lock this 3ad after OP posted the bugzilla reference