[CentOS] Network FS w/o user setup

Ted Miller tedjeanmiller at sbcglobal.net
Tue Jun 24 01:16:20 UTC 2008

Les Mikesell wrote:
> Ted Miller wrote:
>>> After this, a windows user mapping a samba-shared directory from your 
>>> office2 machine will have the same access as the same user logged in 
>>> locally.  There are the same issues with directories that users share 
>>> with group permissions, but samba offers some extra options to force 
>>> owner/group/permissions on newly created files that will help.
>> That is something I need to fix, because I do have some issues with 
>> group accessed files, where certain operations require me to log in as 
>> root and run a script that cleans up the file ownership, otherwise 
>> some users can no longer access the files.  Any pointers on where to 
>> find documentation on this?
> Newly created files default to having the group ownership of the primary 
> group of the user creating it, and the RH scheme is to give every user 
> his own group.  You can do something like this in the samba share 
> configuration:
> valid users = @groupname
> force group = groupname
> force create mode = 0775
> force directory mode = 0775

How about if I just change the primary user group to being the user group 
that I want their files' group ownership set to?  Would that "just take 
care of it" on the group side?  Then I could just set the "force create 
mode" and "force directory mode".

> You can find samba docs here: 
> http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/
>> I have been using 'share' mode, but a little reading makes it sound 
>> like I should switch to 'user' mode to make my life easier.  I have 
>> been adding various user permission lines to each share.  Will they 
>> keep working if I just comment out those lines?
> Share vs. user doesn't make a difference in how things work after the 
> connection is established - it controls when authentication happens. 
> Share mode just lets you browse the share list before authenticating and 
> you can connect to different shares with different credentials.
>>> You might look at webmin, since it has an option to maintain unix and 
>>> samba passwords at the same time and it can also keep multiple 
>>> machines in sync.
>> Does anyone maintain webmin for Centos?  I have most of the common 
>> repos hooked to yum, but webmin draws a blank.
> This is one of the reasons I usually install k12ltsp instead of the 
> stock centos distribution (you don't lose anything, it just adds some 
> extras and makes the updates yummable).  You probably can grab the RPM 
> directly from the webmin site.

Can I just add a k12ltsp repo and use their webmin?

>>> There is also the issue that users who have root access to their own 
>>> workstation can pretend to be any user over NFS.
>> Not an issue in this situation, users do not have root access.
> Do they have the same uid/gid, and group lists on their workstations as 
> on the file server?

yes, got that straight a while back.

>>> Centralizing 
>>> authentication will help if you have many users and password changes. 
>>> But that can be as simple as turning on domain controller emulation 
>>> on samba on your office2 server and configuring everything else 
>>> (windows and Linux) to use it.
>> Any pointers to where I could learn the implications/pluses/minuses of 
>> that?  It might be useful with my multiple machines (real and virtual) 
>> per user.
> Samba authentication for linux just checks that a login/password match. 
> You still have to create the users and if you use NFS, make sure the 
> uid/gid's are all the same.  For windows it works like a domain 
> controller and once you've logged in as a windows user, you 
> automatically authenticate to the samba shares as the same user and the 
> server can force login scripts to run on the client.

I looked at the How-To for domain control, and it looks interesting.  I'll 
have to dig into that further.

Ted Miller

More information about the CentOS mailing list