Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT sources DOT redhat DOT com Delivered-To: mailing list cygwin AT sources DOT redhat DOT com X-Lotus-FromDomain: JPMORGAN AT SMTP From: "Noel L Yap" To: cygwin AT cygwin DOT com Message-ID: <85256A33.00623817.00@nyc-ntgw-n01.ny.jpmorgan.com> Date: Thu, 19 Apr 2001 13:52:54 -0400 Subject: Re: permissioning on samba-mounted drive Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline Thanks. What do the security mode settings do? Noel cygwin AT cygwin DOT com on 2001.04.19 12:47:43 To: cygwin AT cygwin DOT com cc: (bcc: Noel L Yap) Subject: Re: permissioning on samba-mounted drive On Thu, Apr 19, 2001 at 12:11:14PM -0400, Earnie Boyd wrote: > Noel L Yap wrote: > > > > I looked through this and found nothing that says whether or not cygwin will > > support this in the future. > > > > Oh, sorry, I'm pretending to be Chris today. ;^T Yes, sometime in the > future when somebody submits the patches to do so. Are you wanting to > contribute patches? Nice try, Earnie ;-) Cygwin can't support real unix permissions using samba due to the mapping problem between samba and windows user accounts and due to the way Samba translates NT ACLs to UNIX permissions. You can control the behaviour in several interesting ways by tuning your smb.conf file on the samba server box (man smb.conf is your friend) but you will always have some limitations. I have good experiences using the following settings: - Use security modes "share" or "server". - The old symlink implementation up to and including Cygwin 1.1.8 needs setting of the `system' bit in the file attributes which is not supported by SAMBA by default. To support symlinks, smb.conf on the SAMBA server needs the "map system = yes" entry. - If you're using ntsec, I suggest using the following settings in smb.conf: force create mode = 0400 force security mode = 0400 force directory mode = 0400 force directory security mode = 0400 - If you're using ntsec I suggest adding the UNIX user accounts used for samba connections to your Cygwin's /etc/passwd INCLUDING the SIDs. Assuming the name of the samba server is "FOOBAR" and the name of the samba box user account is "gretchen", uid 100, which has the primary group "dummies", gid 200: The Cygwin uid and gid are computed following a SAMBA rule for user and group accounts: Windows user ID = UNIX uid * 2 + 1000 Windows group ID = UNIX gid * 2 + 1001 The samba server SID is a string which can be copied from the file /etc/MACHINE.SID on the samba server. The /etc/passwd entry: gretchen::1200:1401:U-FOOBAR\gretchen,-1200:: The /etc/group entry: dummies:-1401:1401: Hope, that helps a bit, Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Developer mailto:cygwin AT cygwin DOT com Red Hat, Inc. -- Want to unsubscribe from this list? Check out: http://cygwin.com/ml/#unsubscribe-simple This communication is for informational purposes only. It is not intended as an offer or solicitation for the purchase or sale of any financial instrument or as an official confirmation of any transaction. All market prices, data and other information are not warranted as to completeness or accuracy and are subject to change without notice. Any comments or statements made herein do not necessarily reflect those of J.P. Morgan Chase & Co., its subsidiaries and affiliates. -- Want to unsubscribe from this list? Check out: http://cygwin.com/ml/#unsubscribe-simple