Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT sources DOT redhat DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT sources DOT redhat DOT com>
List-Help: <mailto:cygwin-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT sources DOT redhat DOT com
Delivered-To: mailing list cygwin AT sources DOT redhat DOT com
Date: Thu, 19 Apr 2001 18:47:43 +0200
From: Corinna Vinschen <cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: permissioning on samba-mounted drive
Message-ID: <20010419184743.M12557@cygbert.vinschen.de>
Mail-Followup-To: cygwin AT cygwin DOT com
References: <85256A33 DOT 0056EF34 DOT 00 AT nyc-ntgw-n01 DOT ny DOT jpmorgan DOT com> <3ADF0E22 DOT 42A7F6D5 AT yahoo DOT com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <3ADF0E22.42A7F6D5@yahoo.com>; from earnie_boyd@yahoo.com on Thu, Apr 19, 2001 at 12:11:14PM -0400

On Thu, Apr 19, 2001 at 12:11:14PM -0400, Earnie Boyd wrote:
> Noel L Yap wrote:
> > 
> > I looked through this and found nothing that says whether or not cygwin will
> > support this in the future.
> > 
> 
> Oh, sorry, I'm pretending to be Chris today. ;^T  Yes, sometime in the
> future when somebody submits the patches to do so.  Are you wanting to
> contribute patches?

Nice try, Earnie ;-)

Cygwin can't support real unix permissions using samba due to the
mapping problem between samba and windows user accounts and due
to the way Samba translates NT ACLs to UNIX permissions. You can
control the behaviour in several interesting ways by tuning your
smb.conf file on the samba server box (man smb.conf is your friend)
but you will always have some limitations. I have good experiences
using the following settings:

- Use security modes "share" or "server".

- The old symlink implementation up to and including Cygwin 1.1.8
  needs setting of the `system' bit in the file attributes which
  is not supported by SAMBA by default. To support symlinks,
  smb.conf on the SAMBA server needs the "map system = yes"
  entry.

- If you're using ntsec, I suggest using the following settings
  in smb.conf:

        force create mode = 0400                        <at least>
        force security mode = 0400                      <at least>
        force directory mode = 0400                     <at least>
        force directory security mode = 0400            <at least>

- If you're using ntsec I suggest adding the UNIX user accounts used
  for samba connections to your Cygwin's /etc/passwd INCLUDING the SIDs.
  Assuming the name of the samba server is "FOOBAR" and the name of
  the samba box user account is "gretchen", uid 100, which has the
  primary group "dummies", gid 200:

  The Cygwin uid and gid are computed following a SAMBA rule for
  user and group accounts:

  Windows user ID = UNIX uid * 2 + 1000 
  Windows group ID = UNIX gid * 2 + 1001

  The samba server SID is a string which can be copied from the
  file /etc/MACHINE.SID on the samba server.

  The /etc/passwd entry:
  gretchen::1200:1401:U-FOOBAR\gretchen,<The SAMBA server SID>-1200::

  The /etc/group entry:
  dummies:<The SAMBA server SID>-1401:1401:

Hope, that helps a bit,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin AT cygwin DOT com
Red Hat, Inc.

--
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple