Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Setting Permissions for Ubuntu 9.1 Peer-to-Peer LAN

Status
Not open for further replies.

amatureo

Programmer
Aug 5, 2008
38
US
I've been running a peer-to-peer LAN with 20 XPPro SP2 and Win98SE computers. Our MAIN computer contains the data files and folders which are created by individual computers but accessible to all for read/write/execute.

I recently decided to upgrade all the Win98SE computers to XPPro SP2. Because of XP's 10 user access limit, I thought I could replace the Win98SE MAIN data storage computer OS with Ubuntu 9.1. I have NO experience with Linux!! I downloaded and successfully installed Ubuntu 9.1 for my MAIN computer. I created a shared directory into which I copied subdirectories and data files which I want all computers to access with read/write/execute permissions. All appeared to be fine, with all computers able to map to the shared drive and access data on the Ubuntu computer, but when users started their regular work.... trouble! Additional files/folders can be created by users, but they are locked from other users who try to make alterations. The OS defaults to ownership for the creating computer only.

Can I modify a setting on the Linux computer that will unlock and make all files and subdirectories in the shared directory available to all for read and write? How do I insure that all files/folders created in the future are available for read/write no matter which XP computer created them on the Linux computer?

I apologize for such a basic question, but I'm a newbie who is going to need specific step by step instructions to make this work.

Thanks

 
Generally created directories/files are owned by the creator.

In order to fix this, you need to:

1. create a new user group
2. assign the new group to the shared directory (recursively)
3. set the group sticky bit (forced group permissions on new directories/files
4. make sure all users belong to said group.

Code:
$ groupadd shared
$ chgrp -R shared /path/to/shared/directory
$ chmod g+s /path/to/shared/directory
$ gpasswd -a shared <user>
 
I executed the first three steps from the Linux terminal, but couldn't get the fourth one to work. Is <user> supposed to be a workstation computer name or a workstation computer's account name? Neither worked to execute the command from the Linux computer. Am I supposed to somehow get all 20 workstations added to the group?

We don't currently require any login passwords. Workstations don't even require user logins, since all XP computers have only one account - staff.

After following the first three steps, I created a new file in the shared Linux folder from a workstation. The Linux computer shows it as locked, with user nobody, and access read-only (same as before). I was actually able to change data in the file from a second workstation, but there was a huuuuuge delay as Foxpro was saving the change. It saved it, but the huge delay will not be tolerated by my staff during their busy day.

I think I need a bit more coaching.

Thanks
 
What is your configuration of the SAMBA share that the users are accessing? It should be in your smb.conf. Did you configure it manually or using a GUI tool?

Annihilannic.
 
Created the shared folder from the GUI. Haven't even looked at SMB.conf
 
I'm not that familiar with Ubuntu (or GUI tools.)

Without knowing how Samba is configured, we won't be able to help you. Samba may be using one user for all file access, and that user needs to be in the new group you created above.
 
Your configuration should be in /etc/samba/smb.conf. The share you added should be somewhere near the bottom of that file.

Annihilannic.
 
Opened /etc/samba/smb.conf to find:

;[netlogon]
; comment = Network Logon Service
; path = /home/samba/netlogon
; quest ok = yes
; read only = yes
; share modes = no

;[profiles]
; comment= Users profiles
; path = /home/samba/profiles
; guest ok = no
; browseable = no
; create mask = 0600
; directory mask = 0700

I'd like users to be able to read/write/execute when they access my Linux shared directory. I'd like subdirectories created by one user to be read/write/execute for other users. Do I need to uncomment and alter these entries? To what?

Thanks
 
Those two are just examples - is there no uncommented entry anywhere in the file for the share you created through the GUI tool?

If you just want to allow everyone to do everything, I think setting both create mask and directory mask to 0777 should do the trick. If that doesn't work, try the force create mode and force directory mode options. These are all documented in man smb.conf.

Annihilannic.
 
Ok, I did a little reading in the smb.conf file, and actually uncommented and adjusted some earlier lines:

[homes]
comment = Home Directories
browseable = no
read only = no
create mask = 0775
directory mask = 0775

I left the netlogon and profiles lines commented.

After rebooting the Linux computer, I was able to create a file in the Linux shared directory from an XP workstation and change it from another XP workstation. I couldn't, however, change the file from the Linux computer!!

Question now is whether I need to do something with netlogon and profiles?
 
[homes] is a special section for dynamic shares belonging to individual users. See the SPECIAL SECTIONS section of man smb.conf. I'm not sure why uncommenting it made a difference for you, but there should definitely be a different section for you to adjust the settings of your statically configured share. What is your share called? And what directory is it pointing to?

Are there any include statements in your smb.conf referring to other configuration files? Perhaps the GUI tool used that method to add the share.

Annihilannic.
 
amatureo said:
I was actually able to change data in the file from a second workstation, but there was a huuuuuge delay as Foxpro was saving the change. It saved it, but the huge delay will not be tolerated by my staff during their busy day.
I had a similar issue with users using an Access DB, but I'm sure this would apply to all file based databases. Try disabling all oplocks. I also read about tweaking the "lock spin" parameters, but havent tried them as the disabling oplocks did it for me. As a matter of fact, you may want to create 2 different shares, one for normal files with oplocks enabled and the other for databases with oplocks disabled.

--== Anything can go wrong. It's just a matter of how far wrong it will go till people think its right. ==--
 
Taking up residence in a foreign land has some major drawbacks. Even a highly intelligent person feels like an idiot until he learns to speak the language. I'm new to Linux. I'm still stumbling around learning basic things like using SUDO and command line prompts. I'm very comfortable working from a DOS command line. I just haven't learned the linux commands yet.

Annihilannic: I'm finally taking your advice and reading the documentation for SMB.CONF. I'm excited about all that can be managed, but it will take me a while to learn. The shared folder, which I created and set permissions for via GUI, is OMS. It resides in my Home Directory, and it is definitely available on my LAN.

I used testparm -s to compress my SMB.CONF to the actual initialized commands. It looks like this, with no reference to the OMS shared folder:

[global]
workgroup = OMSWIN
server string = %h server (Samba, Ubuntu)
map to guest = Bad User
obey pam restrictions = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
unix password sync = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
dns proxy = No
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d

[homes]
comment = Home Directories
read only = No
create mask = 0775
directory mask = 0775
browseable = No
browsable = No

[printers]
comment = All Printers
path = /var/spool/samba
create mask = 0700
printable = Yes
browseable = No
browsable = No

[print$]
comment = Printer Drivers
path = /var/lib/samba/printers


zeland: My goal is to get the 20 XP computers that are currently reading and writing files on a Win98SE peer to start using a Ubuntu 9.1 computer for the data. A good part of the network traffic is a DOS Foxpro program that requires multiple users to write to the same DBF files throughout the day. I don't think my current Win98SE data computer uses oplocks, but some of the quirks I've been getting sure sound like XP caching issues. Do I need to worry about any oplocks settings on XP workstations? How do I insure that my new Ubuntu data computer doesn't use oplocks?


 
I'd ignore the GUI tool (most of us do :) ) and just add a new section to smb.conf, something like:

Code:
[OMS]
  comment = Something Interesting
  path = /path/to/oms
  create mask = 0777
  directory mask = 0777
  browseable = Yes

...and see how it goes.

If you read and understand all of man smb.conf you'll know a hell of a lot more about SAMBA than I do. :)

I know nothing about the oplocks stuff, so I'll leave that to zeland's greater experience.

Annihilannic.
 
ACTION: Okay, I got rid of the [homes] entries, which I realized were only offered as examples, and created a section for my shared OMS folder. My SMB.CONF now looks like this:

[global]
workgroup = OMSWIN
server string = %h server (Samba, Ubuntu)
map to guest = Bad User
obey pam restrictions = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
unix password sync = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
dns proxy = No
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d

[OMS]
comment = MAIN
path = /home/drb/OMS
read only = No
create mask = 0777
directory mask = 0777
guest ok = Yes

[printers]
comment = All Printers
path = /var/spool/samba
create mask = 0700
printable = Yes
browseable = No

[print$]
comment = Printer Drivers
path = /var/lib/samba/printers

GOOD NEWS: I'm now able to create files and folders from a workstation and modify the files from a different workstation. If I look at the permissions on the Linux server, the files are owned by nobody, and have read/write permissions.

BAD NEWS: If I create a subfolder or file in my shared linux folder from the Linux computer, not a workstation, it is not accessible by workstations unless I manually adjust the permissions. The Linux computer takes ownership.

QUESTION: Is there another setting I need to adjust to allow automatic permission transmission to subfolders and files created by the Linux data computer in the shared folder?
 
I copied all my dbf, photo, and document folders/files from my Win98SE computer to the Linux computer. When viewed by Linux, the permissions show up as Read/Write for Owner nobody, but Read Only for Group and Others.

Are there additional settings I need to make in SMB.CONF to set read/write for Group and Others?

 
The force create mode option I mentioned earlier may help.

Failing that, using ACLs on the Linux side to set default file creation ownership and/or permissions may be an option, but they are a bit of a pig to use if you're not used to them. See man setfacl if you're feeling brave. :)

Annihilannic.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top