Samba share permissions
Hi,
I am able to access the linux share from windows server. But I am having problem with the permissions. My smb.conf file looks following for the test share: [test] path = /export/samba/test read only = No guest ok = Yes create mode = 0755 directory mode = 0755 browseable = yes Writable = Yes Even the root user not able to write or modify the files in this share. I am confused what's wrong in my config file. Please help. Thanks, CBC |
Samba share permissions
When dealing with Samba shares you need to remember that underneath the Windows/Samba permission stuff is still the Linux permissions on files and folders. If those permission are "locked down" then Samba will not be able to deal with the files in the way you expect.
When you say the "root" user do you mean the Linux root user or a Samba user with the name "root"? |
Hey dannybpng, thanks for ur reply. I mean samba admin user who has root privileges. Still he cant modify the files in share..
Any ideas are appreciated. Thanks. |
Run the command ls -l on the files in the directory and report back the results. That should reveal permissions and ownership.
If the results are basically all the same, it should not be necessary to report them all back, just enough to give a flavor. |
Hi frankbell,
Here are the listings: share directory permissions : drwxrwxr-x 6 root root 4096 Jul 18 17:12 . Files permissions in the share : rwxrwxrwt 1 root root 18 Jul 8 03:02 a -rw-r--r-- 1 root root 4 Jul 8 03:02 af drwxr-xr-x 2 root root 4096 Jul 8 11:26 d drwxr-xr-x 2 uskump01adm domain users 4096 Jul 11 14:20 hello drwxr-xr-x 2 uskump01adm domain users 4096 Jul 11 09:51 hi drwxr-xr-x 2 uskump01adm domain users 4096 Jul 11 09:33 hiii -rw------- 1 root root 4 Jul 11 09:40 newtest -rwxr--r-- 1 uskops00 domain users 4 Jul 8 10:58 somefile -rwxr--r-- 1 uskump01adm domain users 9934 Jul 8 21:01 test.docx Thanks, CBC |
Below is my general purpose samba server used in QA env, with one condition.
All permissions are controlled via SAMBA, (This means all folders that are shared via samba has a permission mask of "777" on file system level), you should review all options in conf, as some of the options are specifically mentioned for QA requirement, such as recycle & VFS objects etc. # more /etc/samba/smb.conf [global] server string = RS ( QA HUDSON Staging Server ) workgroup = QA netbios name = RS security = share guest only = yes dns proxy = no preserve case = yes short preserve case = yes default case = lower socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 33 syslog = 0 log level = 0 Dos charset = 850 Unix charset = ISO8859-1 load printers = no follow symlinks = yes wide links = yes disable spoolss = yes show add printer wizard = no # security = user encrypt passwords = yes level2 oplocks = true read raw = no large readwrite = yes nt pipe support = yes nt status support = yes announce as = NT announce version = 4.9 unix extensions = yes client signing = auto hostname lookups = no wins support = no veto files = /.recycle/*.bash*/ delete veto files = yes write cache size = 262144 nt acl support = yes inherit permissions = yes vfs objects = vscan-clamav vscan-clamav: config-file = /etc/samba/vscan-clamav.conf [staging] comment = none path = /opt/staging browseable = yes public = yes guest ok = yes printable = no create mask = 0777 directory mask = 0775 write list = @qa @build staging valid users = @qa @build staging writeable = no force user = staging vfs object = recycle:repository recycle:keeptree recycle:versions recycle:touch recycle:exclude recycle:exclude_dir recycle:maxsize recycle:noversions vfs object = recycle:repository=".recycle" recycle:keeptree=True recycle:repository=./RECYCLED recycle:keeptree=yes recycle:versions=yes recycle:touch=no recycle:exclude=*.tmp|*.temp|*.obj|~\$* recycle:exclude_dir=/tmp|/temp|/cache Trash max size is 100 Gb recycle:maxsize=107374182400 recycle:noversions=*.mdb [builds] comment = BUILDS path = /home/build browseable = yes public = yes guest ok = yes printable = no create mask = 0777 directory mask = 0775 write list = @qa @build valid users = @qa @build writeable = Yes force user = builds vfs object = recycle:repository=".recycle" recycle:keeptree=True [rserver] comment = RSERVER (Angela's Junk left from hourly compile, no data left after compile moved to staging) path = /home/rserver browseable = yes public = yes guest ok = yes printable = no create mask = 0777 directory mask = 0775 write list = @qa @build rserver valid users = @qa @build rserver writeable = Yes force user = rserver vfs object = recycle:repository=".recycle" recycle:keeptree=True [sushi] comment = SUSHI NFS Mount path = /home/sushi/development browseable = yes public = yes guest ok = yes printable = no create mask = 0777 directory mask = 0775 write list = @qa @build sushi valid users = @qa @build sushi writeable = no force user = sushi [transit] comment = tEMp fILe eXcHaNgE (QA Only) path = /home/transit browseable = yes public = yes guest ok = yes printable = no create mask = 0777 directory mask = 0775 write list = @qa @build transit valid users = @qa @build sushi transit writeable = yes force user = transit vfs objects = vscan-clamav vscan-clamav: config-file = /etc/samba/vscan-clamav.conf [wiki] comment = Wiki Cash path = /home/wiki browseable = yes public = yes guest ok = yes printable = no create mask = 0777 directory mask = 0775 write list = @qa @build wiki valid users = @qa @build wiki writeable = no force user = wiki vfs object = recycle:repository=".recycle" recycle:keeptree=True |
Quote:
What would you like the permissions to be instead of what they are? |
Hi Frankbell, I agree with you. But the files created at the linux level are not matching with the files created in the windows server.
|
Looking at your very 2nd last post, I can see that you are using SAMBA as domain;
You have not specified that if the share is a user home share or a group share or open share; but on very 1st post you are using "guest ok = Yes" You have to be cleared about few things Files created inside linux shell/console or any command used at linux OS if that command is not authing it self to a required user auth, but have direct access to share via network e.g. ssh key pairs or any internal process creating files inside that share will have a different ownership, a process that is being "run as" or currently logged-in user. In your case, referring to your conf; guest ok = Yes create mode = 0755 directory mode = 0755 But looking at your above conf, who is owning the files being created & permission mask is default of OS level where 7 is for owner & 55 is for others & group, which will not let you create files from windows side as they are being blocked by 55 permissions, but referring to your 2nd last post out put of LS command; drwxr-xr-x 2 root root 4096 Jul 8 11:26 d drwxr-xr-x 2 uskump01adm domain users 4096 Jul 11 14:20 hello drwxr-xr-x 2 uskump01adm domain users 4096 Jul 11 09:51 hi drwxr-xr-x 2 uskump01adm domain users 4096 Jul 11 09:33 hiii Above are the OS level permissions & in your samba conf you have just set the same as samba permissions, they both are different, you have to give the "W" permission on OS level as well & then control the write using samba referring to my conf file write list = @qa @build wiki valid users = @qa @build wiki "@" symbol denotes that its a group; user you are trying to use from windows side is that user is part of "write" group, as well as a valid as well from windows side. Conf I have given you above is a QA staging server; we use smbclient from within linux to connect a share where possible even though if that share is located right on localhost, because then we do not have to worry about ownership of files & permission levels. If we do not have choice of that, such as in our case the very same server is being user by RSERVER which specifically use OS filesystem rather than SMB share we use scripts via cronjob to do that. e.g. create mask = 0777 directory mask = 0775 So last question, you have not specified, if you are using your server as domain server or a general purpose server; my conf is a general purpose, its a total different conf for a domain server & permissions setup. |
Quote:
Do you mean I have give 777 permissions on OS level. IS that means create mode & directory mode = 777 ? I am using this samba server as a domain member server. And all the domain users should access these shares. Only administrators should have the privileges to write to the share. Thanks. CBC |
All times are GMT -5. The time now is 06:49 PM. |