[CentOS] Network FS w/o user setup
Ted Miller
tedjeanmiller at sbcglobal.net
Tue Jun 24 01:16:20 UTC 2008
Les Mikesell wrote:
> Ted Miller wrote:
>>
>>> After this, a windows user mapping a samba-shared directory from your
>>> office2 machine will have the same access as the same user logged in
>>> locally. There are the same issues with directories that users share
>>> with group permissions, but samba offers some extra options to force
>>> owner/group/permissions on newly created files that will help.
>>
>> That is something I need to fix, because I do have some issues with
>> group accessed files, where certain operations require me to log in as
>> root and run a script that cleans up the file ownership, otherwise
>> some users can no longer access the files. Any pointers on where to
>> find documentation on this?
>
> Newly created files default to having the group ownership of the primary
> group of the user creating it, and the RH scheme is to give every user
> his own group. You can do something like this in the samba share
> configuration:
> valid users = @groupname
> force group = groupname
> force create mode = 0775
> force directory mode = 0775
How about if I just change the primary user group to being the user group
that I want their files' group ownership set to? Would that "just take
care of it" on the group side? Then I could just set the "force create
mode" and "force directory mode".
> You can find samba docs here:
> http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/
>
>> I have been using 'share' mode, but a little reading makes it sound
>> like I should switch to 'user' mode to make my life easier. I have
>> been adding various user permission lines to each share. Will they
>> keep working if I just comment out those lines?
>
> Share vs. user doesn't make a difference in how things work after the
> connection is established - it controls when authentication happens.
> Share mode just lets you browse the share list before authenticating and
> you can connect to different shares with different credentials.
>
>>> You might look at webmin, since it has an option to maintain unix and
>>> samba passwords at the same time and it can also keep multiple
>>> machines in sync.
>>
>> Does anyone maintain webmin for Centos? I have most of the common
>> repos hooked to yum, but webmin draws a blank.
>
> This is one of the reasons I usually install k12ltsp instead of the
> stock centos distribution (you don't lose anything, it just adds some
> extras and makes the updates yummable). You probably can grab the RPM
> directly from the webmin site.
Can I just add a k12ltsp repo and use their webmin?
>>> There is also the issue that users who have root access to their own
>>> workstation can pretend to be any user over NFS.
>>
>> Not an issue in this situation, users do not have root access.
>
> Do they have the same uid/gid, and group lists on their workstations as
> on the file server?
yes, got that straight a while back.
>>> Centralizing
>>> authentication will help if you have many users and password changes.
>>> But that can be as simple as turning on domain controller emulation
>>> on samba on your office2 server and configuring everything else
>>> (windows and Linux) to use it.
>>
>> Any pointers to where I could learn the implications/pluses/minuses of
>> that? It might be useful with my multiple machines (real and virtual)
>> per user.
>
> Samba authentication for linux just checks that a login/password match.
> You still have to create the users and if you use NFS, make sure the
> uid/gid's are all the same. For windows it works like a domain
> controller and once you've logged in as a windows user, you
> automatically authenticate to the samba shares as the same user and the
> server can force login scripts to run on the client.
I looked at the How-To for domain control, and it looks interesting. I'll
have to dig into that further.
Ted Miller
More information about the CentOS
mailing list