Discussion:
[Samba] force user not working
Chris
2004-03-31 00:20:23 UTC
Permalink
Hello.

I am making a new samba server. My old samba server was a RedHat machine
(6.2) with samba 2.0.7 on it. My new samba server is a Gentoo machine with
Samba 3.0.2a.

Aside from the fact that I am now using ADS instead of a traditional NT4
domain -- everything else is the same. I am keeping all the shares the same,
I have synced all the gid's and uid's between the two machines, and I rsynced
all the files and directories over from the old machine so that all the
permissions and ownerships are the same between the two machines.

For some reason, on the new machine, my "Force User =" is not working. All
files are owned by root no matter what -- not the user that created them.
For all of my common directories (each dept has a commond dir that only their
dept can access) I have "Force User = %U". This is important, because
without it the created files do not apply to the user's quota.

I wish to stress that this did *not* happen with 2.0.7... it worked just as it
should.

Could someone please give me a hand here?

TIA

Chris

Here is a clip from my smb.conf:

[global]
netbios name = PERSEUS
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
idmap uid = 10000-20000
winbind enum users = yes
winbind gid = 10000-20000
winbind enum groups = yes
dns proxy = no
realm= MY.DOMAIN
workgroup = MYWRKGRP
netbios aliases = PERSEUS
server string = PERSEUS
security = ADS
wins proxy = no
map to guest = Bad User
password server = sisyphus.my.domain
name resolve order = lmhosts wins bcast
time server = Yes
os level = 0
preferred master = No
local master = No
domain master = No
wins server = 10.10.10.10
hosts allow = 127.0.0.1, 10.10.10.
oplocks = No
follow symlinks = No
printing = cups
printcap name = cups
load printers = yes
===================<snip>===============================

[Members]
path = "/home/Members"
valid users = +member_serv, chrisd, kurtk, administrator, jeffh
admin users = chrisd, kurtk, administrator, jeffh
read list = +member_serv, chrisd, kurtk, administrator, jeffh
write list = +member_serv, chrisd, kurtk, administrator, jeffh
force user = %U
force group = member_serv
read only = No
create mask = 0660
directory mask = 2770
browseable = No

=================</snip>=================================
Chris
2004-03-31 01:45:11 UTC
Permalink
Okay.

Nevermind. I got it.

Chris
Post by Chris
Hello.
I am making a new samba server. My old samba server was a RedHat machine
(6.2) with samba 2.0.7 on it. My new samba server is a Gentoo machine with
Samba 3.0.2a.
Aside from the fact that I am now using ADS instead of a traditional NT4
domain -- everything else is the same. I am keeping all the shares the
same, I have synced all the gid's and uid's between the two machines, and I
rsynced all the files and directories over from the old machine so that all
the permissions and ownerships are the same between the two machines.
For some reason, on the new machine, my "Force User =" is not working. All
files are owned by root no matter what -- not the user that created them.
For all of my common directories (each dept has a commond dir that only
their dept can access) I have "Force User = %U". This is important,
because without it the created files do not apply to the user's quota.
I wish to stress that this did *not* happen with 2.0.7... it worked just as
it should.
Could someone please give me a hand here?
TIA
Chris
[global]
netbios name = PERSEUS
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
idmap uid = 10000-20000
winbind enum users = yes
winbind gid = 10000-20000
winbind enum groups = yes
dns proxy = no
realm= MY.DOMAIN
workgroup = MYWRKGRP
netbios aliases = PERSEUS
server string = PERSEUS
security = ADS
wins proxy = no
map to guest = Bad User
password server = sisyphus.my.domain
name resolve order = lmhosts wins bcast
time server = Yes
os level = 0
preferred master = No
local master = No
domain master = No
wins server = 10.10.10.10
hosts allow = 127.0.0.1, 10.10.10.
oplocks = No
follow symlinks = No
printing = cups
printcap name = cups
load printers = yes
===================<snip>===============================
[Members]
path = "/home/Members"
valid users = +member_serv, chrisd, kurtk, administrator, jeffh
admin users = chrisd, kurtk, administrator, jeffh
read list = +member_serv, chrisd, kurtk, administrator, jeffh
write list = +member_serv, chrisd, kurtk, administrator, jeffh
force user = %U
force group = member_serv
read only = No
create mask = 0660
directory mask = 2770
browseable = No
=================</snip>=================================
Chris
2004-03-31 01:52:59 UTC
Permalink
Post by Chris
:0)
Just kidding. I wouldn't do that to you guys :0)

I just hate it when people get the answer they want, and then don't post the
solution! How selfish!

The answer was this: "admin users = chris, administrator"

Apparently, this is handled differently in 2.0.7 than it is in 3.0.2a. 3.0.2a
basicly says that anyone on the admin list is effectively root. Since I was
testing it with my account, it was setting my user to root, and hence any
file I made was owned by the man.

I am simply going to do away with admin users, since I have no real use for
that anymore anyway.

ciao.

Chris
Post by Chris
Okay.
Nevermind. I got it.
Chris
Post by Chris
Hello.
I am making a new samba server. My old samba server was a RedHat machine
(6.2) with samba 2.0.7 on it. My new samba server is a Gentoo machine
with Samba 3.0.2a.
Aside from the fact that I am now using ADS instead of a traditional NT4
domain -- everything else is the same. I am keeping all the shares the
same, I have synced all the gid's and uid's between the two machines, and
I rsynced all the files and directories over from the old machine so that
all the permissions and ownerships are the same between the two machines.
For some reason, on the new machine, my "Force User =" is not working.
All files are owned by root no matter what -- not the user that created
them. For all of my common directories (each dept has a commond dir that
only their dept can access) I have "Force User = %U". This is important,
because without it the created files do not apply to the user's quota.
I wish to stress that this did *not* happen with 2.0.7... it worked just
as it should.
Could someone please give me a hand here?
TIA
Chris
[global]
netbios name = PERSEUS
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
idmap uid = 10000-20000
winbind enum users = yes
winbind gid = 10000-20000
winbind enum groups = yes
dns proxy = no
realm= MY.DOMAIN
workgroup = MYWRKGRP
netbios aliases = PERSEUS
server string = PERSEUS
security = ADS
wins proxy = no
map to guest = Bad User
password server = sisyphus.my.domain
name resolve order = lmhosts wins bcast
time server = Yes
os level = 0
preferred master = No
local master = No
domain master = No
wins server = 10.10.10.10
hosts allow = 127.0.0.1, 10.10.10.
oplocks = No
follow symlinks = No
printing = cups
printcap name = cups
load printers = yes
===================<snip>===============================
[Members]
path = "/home/Members"
valid users = +member_serv, chrisd, kurtk, administrator, jeffh
admin users = chris, administrator
read list = +member_serv, chrisd, kurtk, administrator, jeffh
write list = +member_serv, chrisd, kurtk, administrator, jeffh
force user = %U
force group = member_serv
read only = No
create mask = 0660
directory mask = 2770
browseable = No
=================</snip>=================================
Loading...