Unix & Linux Asked on December 15, 2021
I have a headless server running Debian 10 with Samba 4.9.5. On it I want to share a folder where any user has full read/write access. Here is my entire smb.conf file:
[global]
workgroup = WORKGROUP
netbios name = MyServerName
security = user
map to guest = bad user
guest account = myuser
dns proxy = no
log level = 4
[Stuff]
path = /home/myuser/share
force user = myuser
force group = myuser
browseable = yes
guest ok = yes
write list = myuser
read only = no
myuser has read / write access for all files and read / write / execute access for all folders in /home/myuser/share. However, some of the files don’t have write access for their group or other permissions. i.e. their permissions are 755, 644, etc.
For whatever reason, those files and folders are not writable by any client that connects to the share, even though I have force user set to myuser.
I also just noticed that map to guest doesn’t seem to be working correctly either. If I connect with an invalid user name, it rejects it rather than mapping it to the myuser account and allowing access to Stuff.
Could someone help me figure out why this isn’t working?
I did search around for similar questions and found this: How to create a Samba share that is writable from Windows without 777 permissions, but the accepted solution there is to use force user, which is precisely what I’m doing, but for some reason it’s still not working.
I think I'm encountering the same problem you have. For some reason force user seems to require group write permissions. It does not appear to require world write permissions though, so as a workaround you should be able to get away with 660/770 permissions rather than 777. This shouldn't reduce security; it's just annoying to move files into it outside of samba since you need to make them group-writeable.
Put this in your smb.conf under [Stuff]:
force user = myuser
create mask = 0660
directory mask = 0770
Then run this on your share folder:
sudo chown -R myuser:myuser /home/myuser/share
sudo chmod -R 0660 /home/myuser/share
sudo chmod -R ug+X /home/myuser/share
Then restart smbd. The above will set all files to 660 and all directories to 770, for currently existing files and for files newly created through samba. Note that you don't need force group; by default it matches the primary group of force user. Also note that I'm denying world permissions entirely here. You could probably use 0664, 0775 and ugw+X instead if you want them world-readable.
Unfortunately I haven't been able to make it work without group write permissions. I suspect it's a bug in samba. The recent samba bug #14617 prevented deleting files via force user. It's possible this is another related bug but I don't know enough about it to report it. If you figure out how to get it working with 0644/0755 please let me know!
Answered by ludocode on December 15, 2021
OK, have you created users with 'smbpasswd -a username' (needs to be run as root) ? If you haven't, then your guest account 'myuser' will not work. This means that no one will be able to access your share. Authentication (based on your smb.conf) works like this: A user connects to Samba and if the user is known and supplies the correct password, they are allowed access to your share, but anything they save will be saved as if belonging to 'myuser', but they will be able to read and write files. If they are a known user, but supply a wrong password, then the connection is silently dropped. Because you have 'map to guest = bad user' in global and 'guest ok = yes' in the share, an unknown user that connects to Samba will be mapped to the guest account 'myuser' before it gets anywhere near the share and as they are now a known user, they will be allowed access to the share. As for the smb.conf being too short, well, yours could be even shorter. You do not need the 'force group' line, the 'force user' will do that for you, also as 'myuser' has write permissions by default, you do not need the 'write list' line. Finally, you never need to set 'browseable = yes' anywhere, it is a default setting.
Answered by Rowland Penny on December 15, 2021
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP