LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 07-18-2011, 04:54 PM   #1
cbc
LQ Newbie
 
Registered: Jun 2011
Posts: 20

Rep: Reputation: Disabled
Samba share permissions


Hi,

I am able to access the linux share from windows server. But I am having problem with the permissions. My smb.conf file looks following for the test share:

[test]
path = /export/samba/test
read only = No
guest ok = Yes
create mode = 0755
directory mode = 0755
browseable = yes
Writable = Yes

Even the root user not able to write or modify the files in this share. I am confused what's wrong in my config file.

Please help.

Thanks,

CBC
 
Old 07-18-2011, 07:52 PM   #2
dannybpng
Member
 
Registered: Sep 2003
Location: USA
Distribution: Fedora 20
Posts: 60

Rep: Reputation: 19
Samba share permissions

When dealing with Samba shares you need to remember that underneath the Windows/Samba permission stuff is still the Linux permissions on files and folders. If those permission are "locked down" then Samba will not be able to deal with the files in the way you expect.

When you say the "root" user do you mean the Linux root user or a Samba user with the name "root"?
 
Old 07-18-2011, 07:54 PM   #3
cbc
LQ Newbie
 
Registered: Jun 2011
Posts: 20

Original Poster
Rep: Reputation: Disabled
Hey dannybpng, thanks for ur reply. I mean samba admin user who has root privileges. Still he cant modify the files in share..

Any ideas are appreciated.

Thanks.
 
Old 07-18-2011, 08:09 PM   #4
frankbell
Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Mageia, Mint
Posts: 7,749

Rep: Reputation: 1462Reputation: 1462Reputation: 1462Reputation: 1462Reputation: 1462Reputation: 1462Reputation: 1462Reputation: 1462Reputation: 1462Reputation: 1462
Run the command ls -l on the files in the directory and report back the results. That should reveal permissions and ownership.

If the results are basically all the same, it should not be necessary to report them all back, just enough to give a flavor.
 
Old 07-18-2011, 08:15 PM   #5
cbc
LQ Newbie
 
Registered: Jun 2011
Posts: 20

Original Poster
Rep: Reputation: Disabled
Hi frankbell,

Here are the listings:

share directory permissions :

drwxrwxr-x 6 root root 4096 Jul 18 17:12 .

Files permissions in the share :

rwxrwxrwt 1 root root 18 Jul 8 03:02 a
-rw-r--r-- 1 root root 4 Jul 8 03:02 af
drwxr-xr-x 2 root root 4096 Jul 8 11:26 d
drwxr-xr-x 2 uskump01adm domain users 4096 Jul 11 14:20 hello
drwxr-xr-x 2 uskump01adm domain users 4096 Jul 11 09:51 hi
drwxr-xr-x 2 uskump01adm domain users 4096 Jul 11 09:33 hiii
-rw------- 1 root root 4 Jul 11 09:40 newtest
-rwxr--r-- 1 uskops00 domain users 4 Jul 8 10:58 somefile
-rwxr--r-- 1 uskump01adm domain users 9934 Jul 8 21:01 test.docx

Thanks,

CBC
 
Old 07-19-2011, 03:27 PM   #6
shuja_khan
LQ Newbie
 
Registered: Nov 2008
Posts: 11

Rep: Reputation: 0
Below is my general purpose samba server used in QA env, with one condition.

All permissions are controlled via SAMBA, (This means all folders that are shared via samba has a permission mask of "777" on file system level), you should review all options in conf, as some of the options are specifically mentioned for QA requirement, such as recycle & VFS objects etc.

# more /etc/samba/smb.conf

[global]

server string = RS ( QA HUDSON Staging Server )
workgroup = QA
netbios name = RS
security = share
guest only = yes
dns proxy = no
preserve case = yes
short preserve case = yes
default case = lower
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
os level = 33
syslog = 0
log level = 0
Dos charset = 850
Unix charset = ISO8859-1
load printers = no
follow symlinks = yes
wide links = yes
disable spoolss = yes
show add printer wizard = no
# security = user
encrypt passwords = yes
level2 oplocks = true
read raw = no
large readwrite = yes
nt pipe support = yes
nt status support = yes
announce as = NT
announce version = 4.9
unix extensions = yes
client signing = auto
hostname lookups = no
wins support = no
veto files = /.recycle/*.bash*/
delete veto files = yes
write cache size = 262144
nt acl support = yes
inherit permissions = yes
vfs objects = vscan-clamav
vscan-clamav: config-file = /etc/samba/vscan-clamav.conf


[staging]
comment = none
path = /opt/staging
browseable = yes
public = yes
guest ok = yes
printable = no
create mask = 0777
directory mask = 0775
write list = @qa @build staging
valid users = @qa @build staging
writeable = no
force user = staging
vfs object = recycle:repository recycle:keeptree recycle:versions recycle:touch recycle:exclude recycle:exclude_dir recycle:maxsize recycle:noversions
vfs object = recycle:repository=".recycle"
recycle:keeptree=True
recycle:repository=./RECYCLED
recycle:keeptree=yes
recycle:versions=yes
recycle:touch=no
recycle:exclude=*.tmp|*.temp|*.obj|~\$*
recycle:exclude_dir=/tmp|/temp|/cache
Trash max size is 100 Gb
recycle:maxsize=107374182400
recycle:noversions=*.mdb


[builds]
comment = BUILDS
path = /home/build
browseable = yes
public = yes
guest ok = yes
printable = no
create mask = 0777
directory mask = 0775
write list = @qa @build
valid users = @qa @build
writeable = Yes
force user = builds
vfs object = recycle:repository=".recycle" recycle:keeptree=True


[rserver]
comment = RSERVER (Angela's Junk left from hourly compile, no data left after compile moved to staging)
path = /home/rserver
browseable = yes
public = yes
guest ok = yes
printable = no
create mask = 0777
directory mask = 0775
write list = @qa @build rserver
valid users = @qa @build rserver
writeable = Yes
force user = rserver
vfs object = recycle:repository=".recycle" recycle:keeptree=True



[sushi]
comment = SUSHI NFS Mount
path = /home/sushi/development
browseable = yes
public = yes
guest ok = yes
printable = no
create mask = 0777
directory mask = 0775
write list = @qa @build sushi
valid users = @qa @build sushi
writeable = no
force user = sushi

[transit]
comment = tEMp fILe eXcHaNgE (QA Only)
path = /home/transit
browseable = yes
public = yes
guest ok = yes
printable = no
create mask = 0777
directory mask = 0775
write list = @qa @build transit
valid users = @qa @build sushi transit
writeable = yes
force user = transit
vfs objects = vscan-clamav
vscan-clamav: config-file = /etc/samba/vscan-clamav.conf

[wiki]
comment = Wiki Cash
path = /home/wiki
browseable = yes
public = yes
guest ok = yes
printable = no
create mask = 0777
directory mask = 0775
write list = @qa @build wiki
valid users = @qa @build wiki
writeable = no
force user = wiki
vfs object = recycle:repository=".recycle" recycle:keeptree=True
 
Old 07-19-2011, 08:07 PM   #7
frankbell
Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Mageia, Mint
Posts: 7,749

Rep: Reputation: 1462Reputation: 1462Reputation: 1462Reputation: 1462Reputation: 1462Reputation: 1462Reputation: 1462Reputation: 1462Reputation: 1462Reputation: 1462
Quote:
Originally Posted by cbc;4418590rwxrwxrwt
1 root root 18 Jul 8 03:02 a
-rw-r--r-- 1 root root 4 Jul 8 03:02 af
drwxr-xr-x 2 root root 4096 Jul 8 11:26 d
drwxr-xr-x 2 uskump01adm domain users 4096 Jul 11 14:20 hello
drwxr-xr-x 2 uskump01adm domain users 4096 Jul 11 09:51 hi
drwxr-xr-x 2 uskump01adm domain users 4096 Jul 11 09:33 hiii
-rw------- 1 root root 4 Jul 11 09:40 newtest
-rwxr--r-- 1 uskops00 domain users 4 Jul 8 10:58 somefile
-rwxr--r-- 1 uskump01adm domain users 9934 Jul 8 21:01 test.docx
All I come up with is another question, but I think it's an important one.

What would you like the permissions to be instead of what they are?
 
Old 07-19-2011, 08:18 PM   #8
cbc
LQ Newbie
 
Registered: Jun 2011
Posts: 20

Original Poster
Rep: Reputation: Disabled
Hi Frankbell, I agree with you. But the files created at the linux level are not matching with the files created in the windows server.
 
Old 07-20-2011, 02:33 AM   #9
shuja_khan
LQ Newbie
 
Registered: Nov 2008
Posts: 11

Rep: Reputation: 0
Looking at your very 2nd last post, I can see that you are using SAMBA as domain;
You have not specified that if the share is a user home share or a group share or open share; but on very 1st post you are using "guest ok = Yes"

You have to be cleared about few things
Files created inside linux shell/console or any command used at linux OS if that command is not authing it self to a required user auth, but have direct access to share via network e.g. ssh key pairs or any internal process creating files inside that share will have a different ownership, a process that is being "run as" or currently logged-in user.

In your case, referring to your conf;
guest ok = Yes
create mode = 0755
directory mode = 0755

But looking at your above conf, who is owning the files being created & permission mask is default of OS level where 7 is for owner & 55 is for others & group, which will not let you create files from windows side as they are being blocked by 55 permissions, but referring to your 2nd last post out put of LS command;

drwxr-xr-x 2 root root 4096 Jul 8 11:26 d
drwxr-xr-x 2 uskump01adm domain users 4096 Jul 11 14:20 hello
drwxr-xr-x 2 uskump01adm domain users 4096 Jul 11 09:51 hi
drwxr-xr-x 2 uskump01adm domain users 4096 Jul 11 09:33 hiii

Above are the OS level permissions & in your samba conf you have just set the same as samba permissions, they both are different, you have to give the "W" permission on OS level as well & then control the write using samba

referring to my conf file

write list = @qa @build wiki
valid users = @qa @build wiki

"@" symbol denotes that its a group; user you are trying to use from windows side is that user is part of "write" group, as well as a valid as well from windows side.

Conf I have given you above is a QA staging server; we use smbclient from within linux to connect a share where possible even though if that share is located right on localhost, because then we do not have to worry about ownership of files & permission levels.

If we do not have choice of that, such as in our case the very same server is being user by RSERVER which specifically use OS filesystem rather than SMB share we use scripts via cronjob to do that.
e.g.
create mask = 0777
directory mask = 0775

So last question, you have not specified, if you are using your server as domain server or a general purpose server; my conf is a general purpose, its a total different conf for a domain server & permissions setup.

Last edited by shuja_khan; 07-20-2011 at 02:35 AM. Reason: typo error
 
Old 07-20-2011, 12:25 PM   #10
cbc
LQ Newbie
 
Registered: Jun 2011
Posts: 20

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by shuja_khan View Post
Looking at your very 2nd last post, I can see that you are using SAMBA as domain;
You have not specified that if the share is a user home share or a group share or open share; but on very 1st post you are using "guest ok = Yes"

You have to be cleared about few things
Files created inside linux shell/console or any command used at linux OS if that command is not authing it self to a required user auth, but have direct access to share via network e.g. ssh key pairs or any internal process creating files inside that share will have a different ownership, a process that is being "run as" or currently logged-in user.

In your case, referring to your conf;
guest ok = Yes
create mode = 0755
directory mode = 0755

But looking at your above conf, who is owning the files being created & permission mask is default of OS level where 7 is for owner & 55 is for others & group, which will not let you create files from windows side as they are being blocked by 55 permissions, but referring to your 2nd last post out put of LS command;

drwxr-xr-x 2 root root 4096 Jul 8 11:26 d
drwxr-xr-x 2 uskump01adm domain users 4096 Jul 11 14:20 hello
drwxr-xr-x 2 uskump01adm domain users 4096 Jul 11 09:51 hi
drwxr-xr-x 2 uskump01adm domain users 4096 Jul 11 09:33 hiii

Above are the OS level permissions & in your samba conf you have just set the same as samba permissions, they both are different, you have to give the "W" permission on OS level as well & then control the write using samba

referring to my conf file

write list = @qa @build wiki
valid users = @qa @build wiki

"@" symbol denotes that its a group; user you are trying to use from windows side is that user is part of "write" group, as well as a valid as well from windows side.

Conf I have given you above is a QA staging server; we use smbclient from within linux to connect a share where possible even though if that share is located right on localhost, because then we do not have to worry about ownership of files & permission levels.

If we do not have choice of that, such as in our case the very same server is being user by RSERVER which specifically use OS filesystem rather than SMB share we use scripts via cronjob to do that.
e.g.
create mask = 0777
directory mask = 0775

So last question, you have not specified, if you are using your server as domain server or a general purpose server; my conf is a general purpose, its a total different conf for a domain server & permissions setup.
Hi Shuja Khan, Thanks for your reply.

Do you mean I have give 777 permissions on OS level. IS that means create mode & directory mode = 777 ?

I am using this samba server as a domain member server. And all the domain users should access these shares. Only administrators should have the privileges to write to the share.

Thanks.

CBC
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Samba Share Permissions? new2linux09 Linux - Server 4 08-10-2009 04:55 PM
Permissions on samba share sarajevo Linux - Server 1 02-13-2009 03:43 PM
Samba share permissions TalkingMarble Linux - Newbie 4 07-04-2008 05:51 AM
Samba share permissions anorman Linux - Software 1 10-22-2005 02:49 AM
Samba Share Permissions stever Linux - Newbie 4 05-17-2003 02:26 AM


All times are GMT -5. The time now is 01:35 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration