[prev in list] [next in list] [prev in thread] [next in thread]
List: netatalk
Subject: Re: [Netatalk-admins] Permissions of files created by Macs over
From: "Ben Bradley" <ben () batfastad ! com>
Date: 2008-09-30 21:46:47
Message-ID: 6970ac50809301446s3ac9227fhd30713d962baf8e6 () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi everyone
For reference I've kind of managed to solve this issue.
By setting the setguid bit of the parent folder and chmodding to 2770 has
got it solved
Still no idea why it was fine for 6-8 weeks and suddenly started happening,
but hopefully this has it sorted
Thanks, Ben
2008/9/24 Ben Bradley <ben@batfastad.com>
> Hi everyone
>
> I've built a NAS for our office running Ubuntu Server 8.04, it has one
> shared folder shared with Samba to all our Windows and also shared with
> Netatalk for the few remaining Macs. I installed Netatalk using the Synaptic
> package manager, so I guess that's the latest.
> There's 5 Macs, all running OSX between Panther and Tiger
>
> The shared folder is designed to be accessed by all users without
> passwords. With all users able to do anything to any files.
> On the Samba side, I've created a special shared user and group so all
> files created/added by Samba clients get set with those permissions.
>
> Here's my configuration files (omiting the commented manual lines):
>
> afpd.conf
> "FILE BEAST" -uamlist uams_guest.so -timeout 60 -noddp -nosavepassword
> -nouservol -nouservolfirst
>
> netatalk
> AFPD_MAX_CLIENTS=50
> ATALK_NAME=`/bin/hostname --short`
> ATALK_MAC_CHARSET='UTF8-MAC'
> ATALK_UNIX_CHARSET='LOCALE'
> AFPD_UAMLIST="-U uams_guest.so,uams_clrtxt.so,uams_randnum.so"
> AFPD_GUEST=administrator
> ATALKD_RUN=no
> PAPD_RUN=no
> CNID_METAD_RUN=no
> AFPD_RUN=yes
> TIMELORD_RUN=no
> A2BOOT_RUN=no
> ATALK_BGROUND=no
> export ATALK_MAC_CHARSET
> export ATALK_UNIX_CHARSET
>
> AppleVolumes.default
> /media/raid/shared "DWC SHARED" options:noadouble allow:@sambaaccess
>
>
> And for what it's worth, my smb.conf:
> [global]
> workgroup = domain-name.com
> netbios name = shared
> server string = %h server (Samba, UbuntuServer 8.04)
> encrypt passwords = yes
> log file = /var/log/samba/log.%m
> max log size = 10000
> syslog = 0
> panic action = /usr/share/samba/panic-action %d
> security = share
> dns proxy = no
> ;name resolve order = lmhosts host wins bcast
> interfaces = eth0
> bind interfaces only = true
> ;map to guest = bad user
> hosts allow = 192.168.1. 127.
>
> # EXTRA OPTIONS TO MAKE THIS A WINS SERVER/MASTER BROWSER
> # http://www.gentoo.org/doc/en/articles/samba-p2.xml
> wins support = yes
> local master = yes
> os level = 99
> domain master = no
> preferred master = yes
>
> socket options = TCP_NODELAY
>
> veto files =
> /:2eFBCLockFolder/.FBCLockFolder/:2eFBCIndex/.FBCIndex/:2eDS_Store/TheVolumeSettingsFolder/TheFindByContentFolder/Temporary
> Items/Network Trash
> Folder/.AppleDB/:2eVolumeIcon.icns/.VolumeIcon.icns/.AppleDouble/.AppleDesktop/RECYCLER/
> # NO VETO on .DS_Store files, otherwise annoying errors when copying Mac
> folders using a PC when .DS_Store already exists in a folder. Say from a DVD
> burned on a Mac, copied onto the shared with a PC
>
> delete veto files = yes
>
> [d-w-c]
> path = /media/raid/shared
> comment =
> browseable = yes
> public = yes
> writeable = yes
> read only = no
> guest only = yes
> guest ok = yes
> create mask = 0660
> directory mask = 0770
> force group = sambaaccess
>
>
> However when Macs create files with Netatalk, they are not accessible to
> the PCs over Samba. You can see them in the file list, but not change or
> even open.
> What's strange is that it all worked fine for 6 weeks, and only recently
> has this started happening. There's been no software changes or any config
> changes of any sort that could have suddenly started this behaviour.
>
> sambaaccess is the name of the group I created on the Ubuntu server. All
> files created over Samba get created with owner root and group sambaaccess.
> Not sure why owner gets set to root, but it seems to work.
>
> Files created over netatalk seem to have owner administrator and group
> administrator... administrator is the username on the Ubuntu server that I
> use to login and interact with config etc.
>
> What's the best way to make sure that files created over Netatalk have the
> same permissions?
>
>
> Should I create a 'netatalk' user, add it to that sambaaccess group and
> change AFPD_GUEST above to this netatalk username?
> I assume it's the AFPD_GUEST setting that might be causing this, since I
> only have uams_guest.so active in afpd.conf... to allow full access to the
> Macs without password prompts.
>
> Would that setting make owner root and group sambaaccess?
> Or would owner of the file/folder be whatever AFPD_GUEST is set to?
>
>
> It's strange that this worked perfectly for 6 weeks and suddenly started
> giving me these problems! Anyone else experienced anything like this?
>
> Any other comments/suggestions on best practice for Netatalk permissions?
>
>
> Thanks, Ben
>
[Attachment #5 (text/html)]
<div dir="ltr">Hi everyone<br><br>For reference I've kind of managed to solve \
this issue.<br>By setting the setguid bit of the parent folder and chmodding to 2770 \
has got it solved<br><br>Still no idea why it was fine for 6-8 weeks and suddenly \
started happening, but hopefully this has it sorted<br> <br>Thanks, \
Ben<br><br><br><br><div class="gmail_quote">2008/9/24 Ben Bradley <span \
dir="ltr"><<a href="mailto:ben@batfastad.com">ben@batfastad.com</a>></span><br><blockquote \
class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt \
0pt 0.8ex; padding-left: 1ex;"> <div dir="ltr">Hi everyone<br><br>I've built a \
NAS for our office running Ubuntu Server 8.04, it has one shared folder shared with \
Samba to all our Windows and also shared with Netatalk for the few remaining Macs. I \
installed Netatalk using the Synaptic package manager, so I guess that's the \
latest.<br>
There's 5 Macs, all running OSX between Panther and Tiger<br><br>The shared \
folder is designed to be accessed by all users without passwords. With all users able \
to do anything to any files.<br>On the Samba side, I've created a special shared \
user and group so all files created/added by Samba clients get set with those \
permissions.<br>
<br>Here's my configuration files (omiting the commented manual \
lines):<br><br>afpd.conf<br>"FILE BEAST" -uamlist uams_guest.so -timeout 60 \
-noddp -nosavepassword -nouservol -nouservolfirst<br><br>netatalk<br>
AFPD_MAX_CLIENTS=50<br>ATALK_NAME=`/bin/hostname \
--short`<br>ATALK_MAC_CHARSET='UTF8-MAC'<br>ATALK_UNIX_CHARSET='LOCALE'<br>AFPD_UAMLIST="-U \
uams_guest.so,uams_clrtxt.so,uams_randnum.so"<br>AFPD_GUEST=administrator<br>
ATALKD_RUN=no<br>PAPD_RUN=no<br>CNID_METAD_RUN=no<br>AFPD_RUN=yes<br>TIMELORD_RUN=no<br>A2BOOT_RUN=no<br>ATALK_BGROUND=no<br>export \
ATALK_MAC_CHARSET<br>export \
ATALK_UNIX_CHARSET<br><br>AppleVolumes.default<br>/media/raid/shared "DWC \
SHARED" options:noadouble allow:@sambaaccess<br>
<br><br>And for what it's worth, my smb.conf:<br>[global]<br>workgroup = <a \
href="http://domain-name.com" target="_blank">domain-name.com</a><br>netbios name = \
shared<br>server string = %h server (Samba, UbuntuServer 8.04)<br> encrypt passwords \
= yes<br> log file = /var/log/samba/log.%m<br>max log size = 10000<br>syslog = \
0<br>panic action = /usr/share/samba/panic-action %d<br>security = share<br>dns proxy \
= no<br>;name resolve order = lmhosts host wins bcast<br>interfaces = eth0<br>
bind interfaces only = true<br>;map to guest = bad user<br>hosts allow = <a \
href="http://192.168.1." target="_blank">192.168.1.</a> 127.<br><br># EXTRA OPTIONS \
TO MAKE THIS A WINS SERVER/MASTER BROWSER<br># <a \
href="http://www.gentoo.org/doc/en/articles/samba-p2.xml" \
target="_blank">http://www.gentoo.org/doc/en/articles/samba-p2.xml</a><br>
wins support = yes<br>local master = yes<br>os level = 99<br>domain master = \
no<br>preferred master = yes<br><br>socket options = TCP_NODELAY<br><br>veto files = \
/:2eFBCLockFolder/.FBCLockFolder/:2eFBCIndex/.FBCIndex/:2eDS_Store/TheVolumeSettingsFolder/TheFindByContentFolder/Temporary \
Items/Network Trash Folder/.AppleDB/:2eVolumeIcon.icns/.VolumeIcon.icns/.AppleDouble/.AppleDesktop/RECYCLER/<br>
# NO VETO on .DS_Store files, otherwise annoying errors when copying Mac folders \
using a PC when .DS_Store already exists in a folder. Say from a DVD burned on a Mac, \
copied onto the shared with a PC<br><br>delete veto files = yes<br>
<br>[d-w-c]<br>path = /media/raid/shared<br>comment = <br>browseable = yes<br>public \
= yes<br>writeable = yes<br>read only = no<br>guest only = yes<br>guest ok = \
yes<br>create mask = 0660<br>directory mask = 0770<br>force group = sambaaccess<br>
<br><br>However when Macs create files with Netatalk, they are not accessible to the \
PCs over Samba. You can see them in the file list, but not change or even \
open.<br>What's strange is that it all worked fine for 6 weeks, and only recently \
has this started happening. There's been no software changes or any config \
changes of any sort that could have suddenly started this behaviour.<br>
<br>sambaaccess is the name of the group I created on the Ubuntu server.
All files created over Samba get created with owner root and group
sambaaccess. Not sure why owner gets set to root, but it seems to work.<br><br>Files \
created over netatalk seem to have owner administrator and group administrator... \
administrator is the username on the Ubuntu server that I use to login and interact \
with config etc.<br>
<br>What's the best way to make sure that files created over Netatalk have the \
same permissions?<br><br><br>Should I create a 'netatalk' user, add it to \
that sambaaccess group and change AFPD_GUEST above to this netatalk username?<br>
I assume it's the AFPD_GUEST setting that might be causing this, since I only \
have uams_guest.so active in afpd.conf... to allow full access to the Macs without \
password prompts.<br><br>Would that setting make owner root and group \
sambaaccess?<br>
Or would owner of the file/folder be whatever AFPD_GUEST is set \
to?<br><br><br>It's strange that this worked perfectly for 6 weeks and suddenly \
started giving me these problems! Anyone else experienced anything like this?<br>
<br>Any other comments/suggestions on best practice for Netatalk \
permissions?<br><br><br>Thanks, Ben<br></div> </blockquote></div><br></div>
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Netatalk-admins mailing list
Netatalk-admins@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/netatalk-admins
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic