This is the mail archive of the mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Re: permissioning on samba-mounted drive


What do the security mode settings do?

Noel on 2001.04.19 12:47:43

cc:   (bcc: Noel L Yap)
Subject:  Re: permissioning on samba-mounted drive

On Thu, Apr 19, 2001 at 12:11:14PM -0400, Earnie Boyd wrote:
> Noel L Yap wrote:
> >
> > I looked through this and found nothing that says whether or not cygwin will
> > support this in the future.
> >
> Oh, sorry, I'm pretending to be Chris today. ;^T  Yes, sometime in the
> future when somebody submits the patches to do so.  Are you wanting to
> contribute patches?

Nice try, Earnie ;-)

Cygwin can't support real unix permissions using samba due to the
mapping problem between samba and windows user accounts and due
to the way Samba translates NT ACLs to UNIX permissions. You can
control the behaviour in several interesting ways by tuning your
smb.conf file on the samba server box (man smb.conf is your friend)
but you will always have some limitations. I have good experiences
using the following settings:

- Use security modes "share" or "server".

- The old symlink implementation up to and including Cygwin 1.1.8
  needs setting of the `system' bit in the file attributes which
  is not supported by SAMBA by default. To support symlinks,
  smb.conf on the SAMBA server needs the "map system = yes"

- If you're using ntsec, I suggest using the following settings
  in smb.conf:

        force create mode = 0400                        <at least>
        force security mode = 0400                      <at least>
        force directory mode = 0400                     <at least>
        force directory security mode = 0400            <at least>

- If you're using ntsec I suggest adding the UNIX user accounts used
  for samba connections to your Cygwin's /etc/passwd INCLUDING the SIDs.
  Assuming the name of the samba server is "FOOBAR" and the name of
  the samba box user account is "gretchen", uid 100, which has the
  primary group "dummies", gid 200:

  The Cygwin uid and gid are computed following a SAMBA rule for
  user and group accounts:

  Windows user ID = UNIX uid * 2 + 1000
  Windows group ID = UNIX gid * 2 + 1001

  The samba server SID is a string which can be copied from the
  file /etc/MACHINE.SID on the samba server.

  The /etc/passwd entry:
  gretchen::1200:1401:U-FOOBAR\gretchen,<The SAMBA server SID>-1200::

  The /etc/group entry:
  dummies:<The SAMBA server SID>-1401:1401:

Hope, that helps a bit,

Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                      
Red Hat, Inc.

Want to unsubscribe from this list?
Check out:

This communication is for informational purposes only.  It is not intended as
an offer or solicitation for the purchase or sale of any financial instrument
or as an official confirmation of any transaction. All market prices, data
and other information are not warranted as to completeness or accuracy and
are subject to change without notice. Any comments or statements made herein
do not necessarily reflect those of J.P. Morgan Chase & Co., its
subsidiaries and affiliates.

Want to unsubscribe from this list?
Check out:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]