On 10/13/2011 2:04 AM, lynn wrote:
On Wednesday 12 Oct 2011 20:28:13 John Andersen wrote:
On 10/11/2011 11:59 PM, lynn wrote:
Hi. Thanks. As you say, 'somelinuxuser' is better than root but my client boxes do not have any users on them.
Huh? That makes no sense at all. How can you have no users defined on a client box and at the same time complain that things are mounted root:root?
With no users defined, what possible other choice would there be.
I want any user to be able to log in on any client on my lan and see and create their own files using their own permissions no matter which client box they sit at. That's one of the good points in having a server isn't it? Everything is centralised.
Lan users are defined only on the server. With nfs and nis this just works: nfs mounts /home from the server as /home on the client. They authenticate using nis and all files they create are owened user:group as defined on the server. It's as if they were using the client box as a local user. It's an option you have for installing a client during the yast setup.
What I thought was that I could replace nfs with cifs and nis with ldap. Ldap is working (Thank gad for yast. Don't try installing it without!). My only problem in implementing the change is the cifs user:group issue.
Well this is exactly what we were doing under SLES, which used LDAP as well. Several Linux boxes logged in and their Samba home directories as well as some shared data directories were mounted by the users.*** We found that files created by these users were owned by root or some random user when we allowed the local machine to attempt to set uid/gid. (The difference between our environments was that these users had their own linux machines, or shared specific machines rather than migrating around from machine to machine so it is not exactly the environment you are dealing with). Ken quoted the man page above. Its a bit of a mess, but the first sentence in each of the two paragraphs makes sense by itself. The following sentences... not so much. It was exactly these settings that I mentioned earlier, but again I'm working from memory, and that site is a couple states away from me now. The key was to disallow the local machine from setting uid/gid on the server, and allow samba to do this via the rules in the smb.conf. We always set the smb.conf to force some things: [datashares] comment = Company Files path = /raid/....... force group = +datashare read only = No create mask = 0660 force create mode = 0660 security mask = 0770 directory mask = 0770 force directory mode = 0770 directory security mask = 0770 *** I seem to remember we created fstab entries for these files in the local machines, but set it noauto,user. And we waited to mount them until AFTER the user logged in so that samba knew who the user was. Sorry I can't be more specific, memory, like light, falls off as the square of age. -- _____________________________________ ---This space for rent--- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org