Acessos indevidos - SAMBA

1. Acessos indevidos - SAMBA

Maurício Silva
Urso_Polar

(usa Ubuntu)

Enviado em 31/05/2011 - 14:03h

AMigos, preciso de uma ajuda. Montei um servidor Samba no Debian. Criei a estrutura de pastas, cadastrei todos os usuários no linux e no samba também, dei chmod em todas as patas.

O que ocorre:

Ex.: São 12 pastas de departamentos + a pasta Publico. Dentro da pasta de cada departamento, criei a pasta dos usuários. O usuários só podem acessar as pastas de seus departamentos. O usuário vera, tem uma pasta chamada Vera dentro da Pasta Area_Tecnica. Ela só deveria enxergar os arquivos desta pasta raiz e da própria pasta dela, mas não é o que ocorre! O cliente já está no meu pé..rs o que pode ter saído errado? Posto meu smb.conf abaixo. Obrigado desde já!

Obs: Estou tratando a rede como workgroup mesmo.

#===========================

[global]

workgroup = labmattos
server string = %h server
netbios name = osiris
dns proxy = no
security = user
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
add machine script = /usr/sbin/adduser -n -r -g machines -c "Samba machine" -d /dev/null -s /bin/false %u
unix charset = iso-8859-1
display charset = cp850

vfs objects = recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:repository = /var/samba/trash/
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso
recycle:exclude_dir = tmp, cache

[lixeira]
path = /var/samba/trash/
writable = yes

#=========== Compartilhamento de Diretórios ===========#

[Administrativo]
comment = Diretorio Restrito
path = /samba/Administrativo
force create mode = 0777
force directory mode = 0777
browseable = yes
writable = yes
public = no
valid users = carmen tania

vfs objects = recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:repository = lixeira
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso
recycle:exclude_dir = tmp

[Administrativo - Carmen]
comment = Diretorio Restrito
path = /samba/Administrativo/Carmen
force create mode = 0777
force directory mode = 0777
browseable = yes
writable = yes
public = no
valid users = carmen

vfs objects = recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:repository = lixeira
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso
recycle:exclude_dir = tmp

[Administrativo - Tania]
comment = Diretorio Restrito
path = /samba/Administrativo/Tania
force create mode = 0777
force directory mode = 0777
browseable = yes
writable = yes
public = no
valid users = tania

vfs objects = recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:repository = lixeira
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso
recycle:exclude_dir = tmp

#==========================================================

[Area Tecnica]
comment = Diretorio Restrito
path = /samba/Area_Tecnica
force create mode = 0777
force directory mode = 0777
browseable = yes
writable = yes
public = no
valid users = claudia debora julio leonardo luiz marcos vera

vfs objects = recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:repository = lixeira
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso
recycle:exclude_dir = tmp

[Area Tecnica - Claudia]
comment = Diretorio Restrito
path = /samba/Area_Tecnica/Claudia
force create mode = 0777
force directory mode = 0777
browseable = yes
writable = yes
public = no
valid users = claudia

vfs objects = recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:repository = lixeira
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso
recycle:exclude_dir = tmp

[Area Tecnica - Debora]
comment = Diretorio Restrito
path = /samba/Area_Tecnica/Debora
force create mode = 0777
force directory mode = 0777
browseable = yes
writable = yes
public = no
valid users = debora

vfs objects = recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:repository = lixeira
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso
recycle:exclude_dir = tmp

[Area Tecnica - Julio]
comment = Diretorio Restrito
path = /samba/Area_Tecnica/Julio
force create mode = 0777
force directory mode = 0777
browseable = yes
writable = yes
public = no
valid users = julio

vfs objects = recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:repository = lixeira
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso
recycle:exclude_dir = tmp

[Area Tecnica - Leonardo]
comment = Diretorio Restrito
path = /samba/Area_Tecnica/Leonardo
force create mode = 0777
force directory mode = 0777
browseable = yes
writable = yes
public = no
valid users = leonardo

vfs objects = recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:repository = lixeira
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso
recycle:exclude_dir = tmp

[Area Tecnica - Luiz]
comment = Diretorio Restrito
path = /samba/Area_Tecnica/Luiz
force create mode = 0777
force directory mode = 0777
browseable = yes
writable = yes
public = no
valid users = luiz

vfs objects = recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:repository = lixeira
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso
recycle:exclude_dir = tmp

[Area Tecnica - Marcos]
comment = Diretorio Restrito
path = /samba/Area_Tecnica/Marcos
force create mode = 0777
force directory mode = 0777
browseable = yes
writable = yes
public = no
valid users = marcos

vfs objects = recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:repository = lixeira
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso
recycle:exclude_dir = tmp

[Area Tecnica - Vera]
comment = Diretorio Restrito
path = /samba/Area_Tecnica/Vera
force create mode = 0777
force directory mode = 0777
browseable = yes
writable = yes
public = no
valid users = vera

vfs objects = recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:repository = lixeira
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso
recycle:exclude_dir = tmp

#==========================================================

[Comercial]
comment = Diretorio Restrito
path = /samba/Comercial
force create mode = 0777
force directory mode = 0777
browseable = yes
writable = yes
public = no
valid users = tania

vfs objects = recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:repository = lixeira
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso
recycle:exclude_dir = tmp

[Comercial - Tania]
comment = Diretorio Restrito
path = /samba/Comercial/Tania
force create mode = 0777
force directory mode = 0777
browseable = yes
writable = yes
public = no
valid users = tania

vfs objects = recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:repository = lixeira
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso
recycle:exclude_dir = tmp

#==========================================================

[Departamento Pessoal]
comment = Diretorio Restrito
path = /samba/Departamento_Pessoal
force create mode = 0777
force directory mode = 0777
browseable = yes
writable = yes
public = no
valid users = josiane

vfs objects = recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:repository = lixeira
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso
recycle:exclude_dir = tmp

[Departamento Pessoal - Josiane]
comment = Diretorio Restrito
path = /samba/Departamento_Pessoal/Josiane
force create mode = 0777
force directory mode = 0777
browseable = yes
writable = yes
public = no
valid users = josiane

vfs objects = recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:repository = lixeira
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso
recycle:exclude_dir = tmp

#==========================================================

[Diretoria]
comment = Diretorio Restrito
path = /samba/Diretoria
force create mode = 0777
force directory mode = 0777
browseable = yes
writable = yes
public = no
valid users = carmen

vfs objects = recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:repository = lixeira
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso
recycle:exclude_dir = tmp

[Diretoria - Carmen]
comment = Diretorio Restrito
path = /samba/Diretoria/Carmen
force create mode = 0777
force directory mode = 0777
browseable = yes
writable = yes
public = no
valid users = carmen

vfs objects = recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:repository = lixeira
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso
recycle:exclude_dir = tmp

#==========================================================

[Estoque]
comment = Diretorio Restrito
path = /samba/Estoque
force create mode = 0777
force directory mode = 0777
browseable = yes
writable = yes
public = no
valid users = diego

vfs objects = recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:repository = lixeira
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso
recycle:exclude_dir = tmp

[Estoque - Diego]
comment = Diretorio Restrito
path = /samba/Estoque/Diego
force create mode = 0777
force directory mode = 0777
browseable = yes
writable = yes
public = no
valid users = diego

vfs objects = recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:repository = lixeira
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso
recycle:exclude_dir = tmp

#==========================================================

[Financeiro]
comment = Diretorio Restrito
path = /samba/Financeiro
force create mode = 0777
force directory mode = 0777
browseable = yes
writable = yes
public = no
valid users = carmen jaqueline vivian

vfs objects = recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:repository = lixeira
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso
recycle:exclude_dir = tmp

[Financeiro - Carmen]
comment = Diretorio Restrito
path = /samba/Financeiro/Carmen
force create mode = 0777
force directory mode = 0777
browseable = yes
writable = yes
public = no
valid users = carmen

vfs objects = recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:repository = lixeira
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso
recycle:exclude_dir = tmp

[Financeiro - Jaqueline]
comment = Diretorio Restrito/Jaqueline
path = /samba/Financeiro
force create mode = 0777
force directory mode = 0777
browseable = yes
writable = yes
public = no
valid users = jaqueline

vfs objects = recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:repository = lixeira
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso
recycle:exclude_dir = tmp

[Financeiro - Vivian]
comment = Diretorio Restrito
path = /samba/Financeiro/Vivian
force create mode = 0777
force directory mode = 0777
browseable = yes
writable = yes
public = no
valid users = vivian

vfs objects = recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:repository = lixeira
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso
recycle:exclude_dir = tmp

#==========================================================

[Informatica]
comment = Diretorio Restrito
path = /samba/Diretoria
force create mode = 0777
force directory mode = 0777
browseable = yes
writable = yes
public = no
valid users = samuel

vfs objects = recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:repository = lixeira
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso
recycle:exclude_dir = tmp

[Informatica - Samuel]
comment = Diretorio Restrito
path = /samba/Diretoria/Samuel
force create mode = 0777
force directory mode = 0777
browseable = yes
writable = yes
public = no
valid users = samuel

vfs objects = recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:repository = lixeira
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso
recycle:exclude_dir = tmp

#==========================================================

[Operacional]
comment = Diretorio Restrito
path = /samba/Operacional
force create mode = 0777
force directory mode = 0777
browseable = yes
writable = yes
public = no
valid users = aline eder rachell silveira

vfs objects = recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:repository = lixeira
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso
recycle:exclude_dir = tmp

[Operacional - Aline]
comment = Diretorio Restrito
path = /samba/Operacional/Aline
force create mode = 0777
force directory mode = 0777
browseable = yes
writable = yes
public = no
valid users = aline

vfs objects = recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:repository = lixeira
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso
recycle:exclude_dir = tmp

[Operacional - Eder]
comment = Diretorio Restrito
path = /samba/Operacional/Eder
force create mode = 0777
force directory mode = 0777
browseable = yes
writable = yes
public = no
valid users = eder

vfs objects = recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:repository = lixeira
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso
recycle:exclude_dir = tmp

[Operacional - Rachell]
comment = Diretorio Restrito
path = /samba/Operacional/Rachell
force create mode = 0777
force directory mode = 0777
browseable = yes
writable = yes
public = no
valid users = rachell

vfs objects = recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:repository = lixeira
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso
recycle:exclude_dir = tmp

[Operacional - Silveira]
comment = Diretorio Restrito
path = /samba/Operacional/Silveira
force create mode = 0777
force directory mode = 0777
browseable = yes
writable = yes
public = no
valid users = silveira

vfs objects = recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:repository = lixeira
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso
recycle:exclude_dir = tmp

#==========================================================

[Operacional Hospitalar]
comment = Diretorio Restrito
path = /samba/Operacional_Hospitalar
force create mode = 0777
force directory mode = 0777
browseable = yes
writable = yes
public = no
valid users = aline eder rachell silva

vfs objects = recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:repository = lixeira
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso
recycle:exclude_dir = tmp

[Operacional Hospitalar - Aline]
comment = Diretorio Restrito
path = /samba/Operacional_Hospitalar/Aline
force create mode = 0777
force directory mode = 0777
browseable = yes
writable = yes
public = no
valid users = aline

vfs objects = recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:repository = lixeira
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso
recycle:exclude_dir = tmp

[Operacional Hospitalar - Eder]
comment = Diretorio Restrito
path = /samba/Operacional_Hospitalar/Eder
force create mode = 0777
force directory mode = 0777
browseable = yes
writable = yes
public = no
valid users = eder

vfs objects = recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:repository = lixeira
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso
recycle:exclude_dir = tmp

[Operacional Hospitalar - Rachell]
comment = Diretorio Restrito
path = /samba/Operacional_Hospitalar/Rachell
force create mode = 0777
force directory mode = 0777
browseable = yes
writable = yes
public = no
valid users = rachell

vfs objects = recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:repository = lixeira
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso
recycle:exclude_dir = tmp

[Operacional Hospitalar - Silva]
comment = Diretorio Restrito
path = /samba/Operacional_Hospitalar/Silva
force create mode = 0777
force directory mode = 0777
browseable = yes
writable = yes
public = no
valid users = silva

vfs objects = recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:repository = lixeira
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso
recycle:exclude_dir = tmp

#==========================================================

[Recepcao]
comment = Diretorio Restrito
path = /samba/Recepcao
force create mode = 0777
force directory mode = 0777
browseable = yes
writable = yes
public = no
valid users = diego lidiane

vfs objects = recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:repository = lixeira
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso
recycle:exclude_dir = tmp

[Recepcao - Diego]
comment = Diretorio Restrito
path = /samba/Recepcao/Diego
force create mode = 0777
force directory mode = 0777
browseable = yes
writable = yes
public = no
valid users = diego

vfs objects = recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:repository = lixeira
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso
recycle:exclude_dir = tmp

[Recepcao - Lidiane]
comment = Diretorio Restrito
path = /samba/Recepcao/Lidiane
force create mode = 0777
force directory mode = 0777
browseable = yes
writable = yes
public = no
valid users = lidiane

vfs objects = recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:repository = lixeira
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso
recycle:exclude_dir = tmp

#==========================================================

[Resultados]
comment = Diretorio Restrito
path = /samba/Resultados
force create mode = 0777
force directory mode = 0777
browseable = yes
writable = yes
public = no
valid users = diego

vfs objects = recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:repository = lixeira
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso
recycle:exclude_dir = tmp

[Resultados - Diego]
comment = Diretorio Restrito
path = /samba/Resultados/Diego
force create mode = 0777
force directory mode = 0777
browseable = yes
writable = yes
public = no
valid users = diego

vfs objects = recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:repository = lixeira
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso
recycle:exclude_dir = tmp

#==========================================================

[Publico]
comment = Diretorio Publico
path = /samba/Publico
force create mode = 0777
force directory mode = 0777
browseable = yes
writable = yes
public = yes

vfs objects = recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:repository = lixeira
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso
recycle:exclude_dir = tmp




  


2. Re: Acessos indevidos - SAMBA

Daniel Lara Souza
danniel-lara

(usa Fedora)

Enviado em 31/05/2011 - 14:20h

ela tem acesso a todas as pasta do samba ?


3. Re: Acessos indevidos - SAMBA

Maurício Silva
Urso_Polar

(usa Ubuntu)

Enviado em 31/05/2011 - 14:25h

Somente a pastas com o nome dela e os departamentos que ela pertence, conforme coloquei no smb.conf (sessão de compartilhamentos)..

O que pode ter de errado? Obs.: Não criei grupos no Linux.. somente os usuários.. e os adicionei no samba tb (smbpasswd -a nomedouser).


4. Re: Acessos indevidos - SAMBA

Maurício Silva
Urso_Polar

(usa Ubuntu)

Enviado em 31/05/2011 - 14:29h

Daniel, exemplo (olha esse trecho do meu smb.conf):

[Area Tecnica]
comment = Diretorio Restrito
path = /samba/Area_Tecnica
force create mode = 0777
force directory mode = 0777
browseable = yes
writable = yes
public = no
valid users = claudia debora julio leonardo luiz marcos vera

vfs objects = recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:repository = lixeira
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso
recycle:exclude_dir = tmp

[Area Tecnica - Claudia]
comment = Diretorio Restrito
path = /samba/Area_Tecnica/Claudia
force create mode = 0777
force directory mode = 0777
browseable = yes
writable = yes
public = no
valid users = claudia

Na pasta /samba/Area_Tecnica, são permitidos os usuários: claudia debora julio leonardo luiz marcos vera. Dentro da pasta Area_Tecnica, exitem mais 7 pastas, que são os nomes dos usuários. O usuário claudia acessa a raiz de Area_Tecnica e a pasta com o nome dela, mas não pode ver as pastas (acessar) com os nomes dos outros 6 usuarios. E não é o que está acontecendo.. =\


5. gerenciar por grupos

Maycon Vieira
msurf

(usa Debian)

Enviado em 31/05/2011 - 20:45h

Amigo, a melhor maneira é vc gerenciar isso por grupos, e outra suas pastas estam com acesso total em todas 777, vc deve ver o nivel de acesso que vc quer dar aos usuarios, e isso vario 775, 770, entre outros, ai vc ve qual melhor tipo de acesso a cada usuario.
Ma como ja disse a melhor maneira de gerenciar isso e atraves de grupos de usuarios, e outra utilize o webmin, e uma ferramenta otima parea gerentes de redes.






Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts