gfc
07.01.05, 12:20
So, ich hab ein kleines Problem
Und zwar will ich folgendes Konzept aufziehen:
- Jeder user ist mitglied einer Gruppe.
- Jeder User und jede Gruppe hat einen Ordner mit 3 Unterordern:
-- in (andere Gruppen/user nur schreibrechte)
-- out (andere Gruppen/user nur Leserechte)
-- private (gar keine Rechte
-- der ordner selber sollte nur für die gruppe/User schreibbar sein
Nun hab ich folgendes eingestellt:
smb.conf:
#smb.conf
#2000-2004 slix's
#documentation www.slixs.at
# Global parameters
[global]
workgroup = iewblu
netbios name = iewblu
server string = samba-dc
encrypt passwords = Yes
update encrypted = Yes
password level = 4
log level = 2
log file = /var/log/samba/log.%m
os level = 33
max log size = 50
deadtime = 255
username map = /etc/samba/smbusers
admin users = root
deadtime = 225
admin users = root
#add machine script = /daten/admin/config/includes/ldap_addmachine %u
add machine script = /usr/sbin/useradd -s /bin/false %u
logon script = %G.bat
logon drive = H:
logon home = \\iewblu\%U
domain logons = Yes
os level = 65
domain master = Yes ldap
#ldap server = localhost
#ldap port = 389
passdb backend = ldapsam:ldap://localhost
ldap suffix = dc=iewblu,dc=net
ldap admin dn = cn=root,dc=iewblu,dc=net
ldap filter = "(&(uid=%u)(objectclass=sambaSamAccount))"
ldap machine suffix = ou=computers
ldap user suffix = sambaDomainName=iewblu
ldap group suffix = ou=groups
ldap delete dn = no
ldap ssl = off
#folgende Zeile erm?glicht Passwort?nderungen durch den
#Windows user per Strg+Alt+Entf
ldap passwd sync = yes
#
#printing = CUPS
#printcap name = CUPS
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096
wins support = yes
public = no
browseable = no
writeable = yes
[homes]
comment = Freigabe des Home-Verzeichnisses
valid users = %U, root
write list = %U, root
[netlogon]
comment = netlogon
path = /etc/samba/netlogon
write list = root
[profiles]
comment = Benutzerprofile
path = /daten/profiles
# read only = yes
force create mode = 0777
directory mask = 0777
# write list = %U, root
[apps]
comment = Applikationen
path = /daten/apps
# write list = root, i
# read only = yes
force create mode = 0777
directory mask = 0777
[gemeinsam]
comment = Gemeinsamer Ordner - Virus protected
path = /daten/gemeinsam
#
#
vfs object = vscan-clamav
vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
#
#
force create mode = 0777
directory mask = 0777
[kurse]
comment = Au?erschulische Datenordner
path = /daten/kurse
force create mode = 0777
directory mask = 0777
[gr-user]
comment = Daten der Gruppe gr-user
path = /daten/home/gr-user
force create mode = 0777
directory mask = 0777
valid users = @gr-lehrer
[daten]
comment = Daten
path = /daten
valid users = root
force create mode = 0777
directory mask = 0777
[sys]
comment = root
path = /
valid users = root
force create mode = 0777
directory mask = 0777
#[cdrom]
# comment = Cdromserver
# path = /daten/cdrom
# force create mode = 0755
# force directory mode = 0777
# write list = root
[lehrer-gem]
comment = Lehrer Daten
path = /daten/lehrer-gem
create mask = 0770
directory mask = 0770
valid users = @gr-lehrer
[direktion]
comment = Gruppe Direktion
path = /daten/home/direktion
vfs object = vscan-clamav
vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
create mask = 0770
directory mask = 0770
[ewerhart]
comment = Gruppe Ewerhart
path = /daten/home/ewerhart
vfs object = vscan-clamav
vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
create mask = 0777
directory mask = 0770
[fehr]
comment = Gruppe Fehr
path = /daten/home/fehr
vfs object = vscan-clamav
vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
create mask = 0770
directory mask = 0770
[frey]
comment = Gruppe Frey
path = /daten/home/frey
vfs object = vscan-clamav
vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
create mask = 0770
directory mask = 0770
[garbers]
comment = Gruppe Garbers
path = /daten/home/garbers
vfs object = vscan-clamav
vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
create mask = 0770
directory mask = 0770
[hens]
comment = Gruppe Hens
path = /daten/home/hens
vfs object = vscan-clamav
vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
create mask = 0770
directory mask = 0770
[Zweimueller]
comment = Gruppe Zweimueller
path = /daten/home/zweimueller
vfs object = vscan-clamav
vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
create mask = 0770
directory mask = 0770
[woitek]
comment = Gruppe Woitek
path = /daten/home/woitek
vfs object = vscan-clamav
vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
create mask = 0770
directory mask = 0770
[vorlagen]
comment = orlagen
path = /daten/vorlagen
create mask = 0774
directory mask = 0775
[backup]
comment = backup
path = /backup
valid users = root
force create mode = 0777
directory mask = 0777
Nun die rechte sehen folgendermassen aus:
root@iewblu:/daten/home# ls -l
insgesamt 40
drwxrwxr-x 6 root direktion 4096 2005-01-07 11:48 direktion
drwxrwxr-x 5 root ewerhart 4096 2005-01-07 11:54 ewerhart
drwxrwxr-x 5 root frey 4096 2005-01-07 11:54 frey
drwxrwxr-x 5 root garbers 4096 2005-01-07 11:54 garbers
drwxrwxrwx 2 root root 4096 2004-02-11 12:25 gr-kurse
drwxrwxrwx 3 root gr-lehrer 4096 2005-01-07 11:33 gr-lehrer
drwxrwxrwx 5 root root 4096 2005-01-07 11:08 gr-user
drwxrwxr-x 5 root hens 4096 2005-01-07 11:54 hens
drwxrwxr-x 5 root woitek 4096 2005-01-07 11:54 woitek
drwxrwxr-x 5 root zweimueller 4096 2005-01-07 11:54 zweimueller
die Unterordner folgendermassen (Beispiel Gruppe Direktion):
root@iewblu:/daten/home/direktion# ls -l
insgesamt 16
drwxrwx-w- 2 root direktion 4096 2005-01-07 11:47 in
drwxrwxr-x 2 root direktion 4096 2005-01-07 11:47 out
drwxrwx--- 2 root direktion 4096 2005-01-07 11:47 private
drwxr-xr-x 5 urnaut direktion 4096 2005-01-07 12:02 urnaut
beispiel User-Ordner
drwx-w--w- 2 urnaut direktion 4096 2005-01-07 11:48 in
drwxr-xr-x 2 urnaut direktion 4096 2005-01-07 12:02 out
drwx------ 2 urnaut direktion 4096 2005-01-07 11:48 private
nun herrscht folgendes Problem: ich kann keine Daten als "Fremder User" in den "in"-ordner tun!
es heisst immer "Zugriff verweigert.. aber ich seh das Rechte Problem nicht ganz..
Und zwar will ich folgendes Konzept aufziehen:
- Jeder user ist mitglied einer Gruppe.
- Jeder User und jede Gruppe hat einen Ordner mit 3 Unterordern:
-- in (andere Gruppen/user nur schreibrechte)
-- out (andere Gruppen/user nur Leserechte)
-- private (gar keine Rechte
-- der ordner selber sollte nur für die gruppe/User schreibbar sein
Nun hab ich folgendes eingestellt:
smb.conf:
#smb.conf
#2000-2004 slix's
#documentation www.slixs.at
# Global parameters
[global]
workgroup = iewblu
netbios name = iewblu
server string = samba-dc
encrypt passwords = Yes
update encrypted = Yes
password level = 4
log level = 2
log file = /var/log/samba/log.%m
os level = 33
max log size = 50
deadtime = 255
username map = /etc/samba/smbusers
admin users = root
deadtime = 225
admin users = root
#add machine script = /daten/admin/config/includes/ldap_addmachine %u
add machine script = /usr/sbin/useradd -s /bin/false %u
logon script = %G.bat
logon drive = H:
logon home = \\iewblu\%U
domain logons = Yes
os level = 65
domain master = Yes ldap
#ldap server = localhost
#ldap port = 389
passdb backend = ldapsam:ldap://localhost
ldap suffix = dc=iewblu,dc=net
ldap admin dn = cn=root,dc=iewblu,dc=net
ldap filter = "(&(uid=%u)(objectclass=sambaSamAccount))"
ldap machine suffix = ou=computers
ldap user suffix = sambaDomainName=iewblu
ldap group suffix = ou=groups
ldap delete dn = no
ldap ssl = off
#folgende Zeile erm?glicht Passwort?nderungen durch den
#Windows user per Strg+Alt+Entf
ldap passwd sync = yes
#
#printing = CUPS
#printcap name = CUPS
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096
wins support = yes
public = no
browseable = no
writeable = yes
[homes]
comment = Freigabe des Home-Verzeichnisses
valid users = %U, root
write list = %U, root
[netlogon]
comment = netlogon
path = /etc/samba/netlogon
write list = root
[profiles]
comment = Benutzerprofile
path = /daten/profiles
# read only = yes
force create mode = 0777
directory mask = 0777
# write list = %U, root
[apps]
comment = Applikationen
path = /daten/apps
# write list = root, i
# read only = yes
force create mode = 0777
directory mask = 0777
[gemeinsam]
comment = Gemeinsamer Ordner - Virus protected
path = /daten/gemeinsam
#
#
vfs object = vscan-clamav
vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
#
#
force create mode = 0777
directory mask = 0777
[kurse]
comment = Au?erschulische Datenordner
path = /daten/kurse
force create mode = 0777
directory mask = 0777
[gr-user]
comment = Daten der Gruppe gr-user
path = /daten/home/gr-user
force create mode = 0777
directory mask = 0777
valid users = @gr-lehrer
[daten]
comment = Daten
path = /daten
valid users = root
force create mode = 0777
directory mask = 0777
[sys]
comment = root
path = /
valid users = root
force create mode = 0777
directory mask = 0777
#[cdrom]
# comment = Cdromserver
# path = /daten/cdrom
# force create mode = 0755
# force directory mode = 0777
# write list = root
[lehrer-gem]
comment = Lehrer Daten
path = /daten/lehrer-gem
create mask = 0770
directory mask = 0770
valid users = @gr-lehrer
[direktion]
comment = Gruppe Direktion
path = /daten/home/direktion
vfs object = vscan-clamav
vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
create mask = 0770
directory mask = 0770
[ewerhart]
comment = Gruppe Ewerhart
path = /daten/home/ewerhart
vfs object = vscan-clamav
vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
create mask = 0777
directory mask = 0770
[fehr]
comment = Gruppe Fehr
path = /daten/home/fehr
vfs object = vscan-clamav
vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
create mask = 0770
directory mask = 0770
[frey]
comment = Gruppe Frey
path = /daten/home/frey
vfs object = vscan-clamav
vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
create mask = 0770
directory mask = 0770
[garbers]
comment = Gruppe Garbers
path = /daten/home/garbers
vfs object = vscan-clamav
vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
create mask = 0770
directory mask = 0770
[hens]
comment = Gruppe Hens
path = /daten/home/hens
vfs object = vscan-clamav
vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
create mask = 0770
directory mask = 0770
[Zweimueller]
comment = Gruppe Zweimueller
path = /daten/home/zweimueller
vfs object = vscan-clamav
vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
create mask = 0770
directory mask = 0770
[woitek]
comment = Gruppe Woitek
path = /daten/home/woitek
vfs object = vscan-clamav
vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
create mask = 0770
directory mask = 0770
[vorlagen]
comment = orlagen
path = /daten/vorlagen
create mask = 0774
directory mask = 0775
[backup]
comment = backup
path = /backup
valid users = root
force create mode = 0777
directory mask = 0777
Nun die rechte sehen folgendermassen aus:
root@iewblu:/daten/home# ls -l
insgesamt 40
drwxrwxr-x 6 root direktion 4096 2005-01-07 11:48 direktion
drwxrwxr-x 5 root ewerhart 4096 2005-01-07 11:54 ewerhart
drwxrwxr-x 5 root frey 4096 2005-01-07 11:54 frey
drwxrwxr-x 5 root garbers 4096 2005-01-07 11:54 garbers
drwxrwxrwx 2 root root 4096 2004-02-11 12:25 gr-kurse
drwxrwxrwx 3 root gr-lehrer 4096 2005-01-07 11:33 gr-lehrer
drwxrwxrwx 5 root root 4096 2005-01-07 11:08 gr-user
drwxrwxr-x 5 root hens 4096 2005-01-07 11:54 hens
drwxrwxr-x 5 root woitek 4096 2005-01-07 11:54 woitek
drwxrwxr-x 5 root zweimueller 4096 2005-01-07 11:54 zweimueller
die Unterordner folgendermassen (Beispiel Gruppe Direktion):
root@iewblu:/daten/home/direktion# ls -l
insgesamt 16
drwxrwx-w- 2 root direktion 4096 2005-01-07 11:47 in
drwxrwxr-x 2 root direktion 4096 2005-01-07 11:47 out
drwxrwx--- 2 root direktion 4096 2005-01-07 11:47 private
drwxr-xr-x 5 urnaut direktion 4096 2005-01-07 12:02 urnaut
beispiel User-Ordner
drwx-w--w- 2 urnaut direktion 4096 2005-01-07 11:48 in
drwxr-xr-x 2 urnaut direktion 4096 2005-01-07 12:02 out
drwx------ 2 urnaut direktion 4096 2005-01-07 11:48 private
nun herrscht folgendes Problem: ich kann keine Daten als "Fremder User" in den "in"-ordner tun!
es heisst immer "Zugriff verweigert.. aber ich seh das Rechte Problem nicht ganz..