Samba Shares Inaccessible from Win98 1

[gwinn7]

BACKGROUND:

Running Linux 7.2.1 with Samba 2.2.1a.

We have been running this server for weeks with users accessing all five SMB shares with no problems. These shares are simple folders located on a data drive on the server containing business related data.

PROBLEM:
Yesterday, all the users reported that they were unable gain access to 3 of those shares with the following message from their Windows 98 clients...

<path> &quot;inaccessible&quot;

ACTION TAKEN:
I checked the log file. It said that permissions were not sufficient, literally &quot;Access Denied&quot;. I checked the permissions in both the SWAT and the files/folders themselves and nothing has changed.

Anyone from the &quot;users&quot; group has full access to those specific folders. All of the users belong to the &quot;users&quot; group.

To my knowledge, no one has changed anything on the server since it was working. The only way I could get the users access back to their files was to make them all a member of the &quot;root&quot; group. I realize this is very dangerous, but I need this workaround until I can get a resolution.

PLEA FOR HELP:
Can you help? Any ideas?

Thanks,
Gary
gwinn7
A+, Network+

 

[KarveR]

Check the complete path to the direcotries, has any of the higher level folders got inccorect permissions?

eg /shared <--700 perms
/shared/data1 <- 777 perms

only root or roots group will get into data1 , /shared needs 755 to at least grant readonly access. ***************************************
Party on, dudes!

 

[gwinn7]

Ok, that worked. Thank you!

Its interesting how the rights cascade like that. I thought I could do the following...

/shared with 700
/shared/data with 770

I thought I could do this. It kinda concerns me because what if I don't want people accessing the files above &quot;data&quot;? How would I lock the &quot;shared&quot; folder from other users?

Thanks again for your help.

Gary
gwinn7
A+, Network+

 

[fluid11]

You can give the everyone group execute permissions on the /shared directory.

chmod o+x /shared

This will allow the users to traverse through the directory tree, while disallowing read and write permissions. Your permissions on /shared could be 701 or drwx-----x.


ChrisP

 

[gwinn7]

Right, but how can I make the &quot;shared&quot; folder off limits, but yet certain sub folders read/writeable to different groups. Is this possible?

Gary
gwinn7
A+, Network+

 

[fluid11]

Yes, thats what I was saying.

/shared 701 or (drwx-----x)
/shared/subfolder1 (770 or drwxrwx---)
/shared/subfolder2 (770 or drwxrwx---)

Do something like this...

chmod 701 /shared
chmod 770 /shared/subfolder1
chmod 770 /shared/subfolder2

Users will be able to only pass through /shared, but not see anything inside of it. After /shared, just apply the correct permissions for each subfolder.


ChrisP

 

[gwinn7]

Ok, based on all the prior posts, so the &quot;01&quot; in the &quot;701&quot; is the key to locking out the upper level folder while opening up the subfolders for user access then, correct? If not, then I am still a little confused. However, I understand exactly what your prior post conveyed. I am just trying to complete my understanding of it.

Gary
gwinn7
A+, Network+

 

[fluid11]

r (read) = 4
w (write) = 2
x (execute) = 1

701 is rwx for the owner, no permissions for the group, and execute only for others. If only the execute permission is given for a directory, then users may only pass through the folder to get to subfolders that they do have access to. Users will not be able to 'cd' into /shared at all, but they will be able to 'cd' into /shared/subfolder if they are given the proper permissions.


ChrisP ---------------------------------------
If someone's post was helpful to you, please click the box &quot;Click here to mark this post as a helpful or expert post&quot;.

 

[gwinn7]

Thank you for your explanation of how that execute bit works. That makes sense to me now.


Gary
gwinn7
A+, Network+