This is the mail archive of the
mailing list for the Cygwin project.
Re: permissioning on samba-mounted drive
On Thu, Apr 19, 2001 at 12:11:14PM -0400, Earnie Boyd wrote:
> Noel L Yap wrote:
> > I looked through this and found nothing that says whether or not cygwin will
> > support this in the future.
> Oh, sorry, I'm pretending to be Chris today. ;^T Yes, sometime in the
> future when somebody submits the patches to do so. Are you wanting to
> contribute patches?
Nice try, Earnie ;-)
Cygwin can't support real unix permissions using samba due to the
mapping problem between samba and windows user accounts and due
to the way Samba translates NT ACLs to UNIX permissions. You can
control the behaviour in several interesting ways by tuning your
smb.conf file on the samba server box (man smb.conf is your friend)
but you will always have some limitations. I have good experiences
using the following settings:
- Use security modes "share" or "server".
- The old symlink implementation up to and including Cygwin 1.1.8
needs setting of the `system' bit in the file attributes which
is not supported by SAMBA by default. To support symlinks,
smb.conf on the SAMBA server needs the "map system = yes"
- If you're using ntsec, I suggest using the following settings
force create mode = 0400 <at least>
force security mode = 0400 <at least>
force directory mode = 0400 <at least>
force directory security mode = 0400 <at least>
- If you're using ntsec I suggest adding the UNIX user accounts used
for samba connections to your Cygwin's /etc/passwd INCLUDING the SIDs.
Assuming the name of the samba server is "FOOBAR" and the name of
the samba box user account is "gretchen", uid 100, which has the
primary group "dummies", gid 200:
The Cygwin uid and gid are computed following a SAMBA rule for
user and group accounts:
Windows user ID = UNIX uid * 2 + 1000
Windows group ID = UNIX gid * 2 + 1001
The samba server SID is a string which can be copied from the
file /etc/MACHINE.SID on the samba server.
The /etc/passwd entry:
gretchen::1200:1401:U-FOOBAR\gretchen,<The SAMBA server SID>-1200::
The /etc/group entry:
dummies:<The SAMBA server SID>-1401:1401:
Hope, that helps a bit,
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:firstname.lastname@example.org
Red Hat, Inc.
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple