Samba: Can't access or modify file unless directory mode is 777 and files are 666

ACiD GRiM · #1 8th November 2010, 07:53 PM

Solved

I have a multi user system for my roommates and myself that has separate folders for each of us. I've got user authentication working with samba, but unless I set every file and folder readable/writeable by all users, I can't browse it or edit the files.

This isn't ideal as the shares are open to other users access, so I'm hoping there's a way to keep folders at 750 and files at 660 while allowing samba users to browse, delete and edit.

Also, the samba share is actually a mounted NFS share from another server. Both the NFS server and the Samba server have the same users/uid's. When a file is created from a Windows host via the Samba client, the NFS server's permissions do show that the correct user owns the files, but since the files aren't mode 666 but 640 I can't edit or delete the file.

I am using the following smb.conf:

Code:

[global]

	workgroup = domain.net
	server string = Samba Server Version %v
	strict locking = no

	netbios name = FILE



	security = share
;	passdb backend = tdbsam


	local master = yes
	os level = 999
	preferred master = yes


;	map archive = no
;	map hidden = no
;	map read only = no
;	map system = no
	encrypt passwords = yes
;	guest ok = yes
	guest account = nobody
;	store dos attributes = yes
	socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=49152 SO_SNDBUF=49152 SO_KEEPALIVE
	deadtime = 15
	invalid users = root
	strict sync = no
	sync always = no
;	syslog = 1
;	syslog only = yes


#============================ Share Definitions ==============================

;[homes]
;	comment = Home Directories
;	browseable = no
;	writable = yes
;	valid users = %S
;	valid users = MYDOMAIN\%S

;[printers]
;	comment = All Printers
;	path = /var/spool/samba
;	browseable = no
;	guest ok = no
;	writable = No
;	printable = yes

# Un-comment the following and create the netlogon directory for Domain Logons:
;	[netlogon]
;	comment = Network Logon Service
;	path = /var/lib/samba/netlogon
;	guest ok = yes
;	writable = no
;	share modes = no

# Un-comment the following to provide a specific roving profile share.
# The default is to use the user's home directory:
;	[Profiles]
;	path = /var/lib/samba/profiles
;	browseable = no
;	guest ok = yes

# A publicly accessible directory that is read only, except for users in the
# "staff" group (which have write permissions):
;	[public]
;	comment = Public Stuff
;	path = /home/samba
;	public = yes
;	writable = yes
;	printable = no
;	write list = +staff

[share]
	path = /mnt/share/
	read only = no
;	browseable = yes
	guest ok = yes
	guest only = yes
	force group = share
	force user = share
	create mask = 666
	directory mask = 0777
	hosts allow = 10.0.2.0/24 10.0.10.0/24



[user]
	path = /mnt/users/ben
	read only = no
;	browseable = yes
	valid users = ben
	hosts allow = 10.0.2.0/24
	guest ok = no
	create mask = 666
	directory mask = 0777



[user1]
	path = /mnt/users/bhasani
	read only = no
;	browseable = yes
	valid users = bhasani
	guest ok = no



[user2]
	path = /mnt/users/khasani
	read only = no
;	browseable = yes
	valid users = khasani
	guest ok = no

Sicinthemind · #2 8th November 2010, 08:35 PM

Please exclude the extra unnecessary garble before posting...
cat /etc/samba/smb.conf | grep -v ";" | grep -v "#"

Code:

cat /etc/samba/smb.conf | grep -v ";" | grep -v "#"
[global]

        workgroup = workgroupname
        server string = servername
        browseable = yes
        writable = yes
        hosts allow = 10.       #octet.[blank] implies any match with the rest wild
        security = share
        guest ok = yes
        guest account = smbguest            # Create a guest account for guests
        username map = /etc/samba/smbusers # Entry: smbusers   smbusers

You have browsable commented out. Remove the ";" character on that line and add the line "writable = yes"

Also note: /mnt/ is not a good directory and in fact outside of best practices to mount user profiles there... You should just use the [Home] mounting options to automatically mount them to their home directories on the server. /home/%s

http://www.microsoft.com/downloads/e...displaylang=en - This should allow you to connect directly to NFS based on the username.
You can also use net use commands with /persistent:yes parameters to automate authentication at each log on.

ACiD GRiM · #3 8th November 2010, 09:14 PM

Thanks for the output config tip!

Unfortunately after I returned all of the folders to their proper modes, the suggestions you gave still don't allow me to even view the shares, let alone write anything now. But if I use chmod a+rwx to the root dir of each share, I can then browse and edit files.

current config:

Code:

[global]


        workgroup = nexusnebula.net
        server string = Samba Server Version %v
        strict locking = no

        netbios name = FILE



        log file = /var/log/samba/log.%m
        max log size = 50


        security = share











        local master = yes
        os level = 999
        preferred master = yes





        cups options = raw



        encrypt passwords = yes
        guest account = nobody
        socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=49152 SO_SNDBUF=49152 SO_KEEPALIVE
        deadtime = 15
        invalid users = root
        strict sync = no
        sync always = no
        browseable = yes
        writeable = yes








[share]
        path = /mnt/share/
        read only = no
        guest ok = yes
        guest only = yes
        force group = share
        force user = share
        hosts allow = 10.0.2.0/24 10.0.10.0/24



[ben]
        path = /mnt/users/ben
        read only = no
        valid users = ben
        hosts allow = 10.0.2.0/24
        guest ok = no



[bhasani]
        path = /mnt/users/bhasani
        read only = no
        valid users = bhasani
        guest ok = no



[khasani]
        path = /mnt/users/khasani
        read only = no
        valid users = khasani
        guest ok = no

Vector · #4 10th November 2010, 03:18 AM

Are you sure that you've setup the user accounts on the samba server the right way? Did you also check "writable"? Are the people attempting to write/edit to the files also the owners of the files? This has helped a few people out:

http://linuxintro.com/?a=WCMS_Page_D...a_Server_Setup

ACiD GRiM · #5 10th November 2010, 03:22 AM

Thanks for replying, I actually solved it after I realized that the NFS share that Samba was serving wasn't reporting the file permissions properly (they were nobody nobody). Once I got that straightened out everything works.

If someone is looking for a similar problem on google, I used

Code:

exportfs -r

on the NFS server. If that doesn't work, try rebooting the NFS server.