Topic: Primary Share Access

[Tim Jabaut]

I know that I can login as Admin and be able to access the Primary Share, but what I am trying to figure out is why I cannot access this share using another user.

I have tried to modify the smb.conf file commenting out the the chmod syntax, chown'd the directory itself, played with custominzing the smb.conf template files all to no avail.

It may be a simple answer to login as admin for a Win9x box but on an NT Box where all of the development tools have already been installed under a different user account, it would prove not to be advantageous to login as another user.

Please assist in helping me to understand why I cannot change/add another user to the group that can modify the Primary Share. I feel that you have a superior product and I am trying to evaluate it with the purpose of rolling it out to several clients, but I need to be able to make it do what I want it to.

[Charlie Brady]

Tim Jabaut wrote:
>
> I know that I can login as Admin and be able to access the
> Primary Share, but what I am trying to figure out is why I
> cannot access this share using another user.
>
> I have tried to modify the smb.conf file commenting out the
> the chmod syntax, chown'd the directory itself, played with
> custominzing the smb.conf template files all to no avail.
>
> It may be a simple answer to login as admin for a Win9x box
> but on an NT Box where all of the development tools have
> already been installed under a different user account, it
> would prove not to be advantageous to login as another user.

The 'primary' i-bay is currently restricted to the admin user, but we are exploring ways to unify it with the other i-bay management. This turns out to be non-trivial, because we then need to define simple and clear ways that we can assign i-bays to each website, including the 'primary', and we also need to be able to assign other i-bays as sub-levels of each virtual domain web site.
 
> Please assist in helping me to understand why I cannot
> change/add another user to the group that can modify the
> Primary Share.

You are experiencing some of the growing pains of the e-smith design. Earlier version did not support groups, or multiple virtual domains, and the restriction of only the admin user being able to update "the web site" was not a problem.

> I feel that you have a superior product and I
> am trying to evaluate it with the purpose of rolling it out
> to several clients, but I need to be able to make it do what
> I want it to.

As an immediate workaround, I'd suggest that you set up a group restricted i-bay that your web developers use as a staging area, and you then have "admin" copy the site over. Another option that you have is to change the configured domain name, and then set up a virtual domain tied to a group restricted i-bay as the web site for your real domain.

As you are rolling this out to clients, I'd like to draw your attention to the e-smith partners program, which you can read about on http://partners.e-smith.com/. Joining this program will give you priority technical support and many other benefits, including the knowledge that you are assisting the continued development of the e-smith software, for the shared benefit of us, you and your clients.

Regards

Charlie

[Tim Jabaut]

Thanks Charlie,

I would like to ask how you are restricting the Primary iBay at this time. What is prohibiting me from changing/breaking the current setup.

[Charlie Brady]

Tim Jabaut wrote:

> I would like to ask how you are restricting the Primary iBay
> at this time.

By file and directory ownership and permissions.

Charlie

[Tim Jabaut]

Hi Charlie,

Still looking for a little constructive criticism.

I can get a user, say myself tim to have full access to the Primary Share if I do a chown. I don't think that I want to do that as other services may require root ownership.

Is their a way to add myself as a user to the root group?

[Franck PIERRE]

Here is what i did :
Creation of a group "htmlusers"
Creation of a user "writer" member of "htmlusers"
Creation of this script /home/e-smith/files/primary/rights.sh :
----------------
#!/bin/bash

REP="/home/e-smith/files/primary"

ch_dir()
{
 for i in ls -A $1
 do
  if [ -d $1/$i ]
  then
   chmod 771 $1/$i
   ch_dir "$1/$i"
  fi
 done
}

chown -R root.htmlusers $REP
chmod -R 664 $REP
chmod -R 775 $REP/cgi-bin/awstats/*.pl
chmod 775 $REP/html/divers/mrtg/scripts/*.sh
chmod 700 $REP/rights.sh
chmod 771 .
ch_dir $REP
----------------
So, my "writer" user can read/write any file or directory in the primary.

This is just my exemple and i'm not sure there is no security hole in doing that.

Regards.
--
Franck
grand-pa@grand-pa.dyndns.org
http://www.grand-pa.dyndns.org

[Tim Jabaut]

Thanks Franck, I will give it a try.

Tim