LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-23-2009, 09:11 PM   #1
andy820303
LQ Newbie
 
Registered: Feb 2009
Location: Dalian, China
Posts: 12

Rep: Reputation: 0
Why don't I have write permission to a Samba server from a Windows 2003 client.


Hi, I have a samba server, and want to get write permission on a windows 2003 client. but everytime when I want to write files, it prompts me "Access is denied" and I think that should not happen at all.

And ideas will be highly appreciated.

I set security level to "share", please see details below

[global]
workgroup=demo
server string = Samba Server
log file = /var/adm/samba_log.%m
security = SHARE

[smbshare]
path = /export/home/smbshare
guest ok = yes
writable = yes
browsable = yes
guest account = root

and if I run "ls -l /export/home", you will see, which means, root should have all the write permissions.
# ls -l /export/home
total 18
drwx------ 2 root root 8192 Oct 28 16:32 lost+found
drwxr-xr-x 2 root root 512 Feb 23 19:08 smbshare

but I can only read files on that Samba Server from a windows client, but have no write permissions?
why, please help me, thanks in advance.
 
Old 02-23-2009, 09:33 PM   #2
TBC Cosmo
Member
 
Registered: Feb 2004
Location: NY
Distribution: Fedora 10, CentOS 5.4, Debian 5 Sparc64
Posts: 355

Rep: Reputation: 43
Your windows user needs appropriate rights on that share, corresponding to a samba user on the server. Have a look at smbpasswd.
 
Old 02-23-2009, 09:43 PM   #3
andy820303
LQ Newbie
 
Registered: Feb 2009
Location: Dalian, China
Posts: 12

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by TBC Cosmo View Post
Your windows user needs appropriate rights on that share, corresponding to a samba user on the server. Have a look at smbpasswd.
Thanks for your timely reply.

what I don't understand here is the "share" security level, in my mind, "share" means, it doesn't have to do authentication. and just give a guest account to sb who wants to access the Samba share, so do you mean I need to run this in "user" level, and add the samba user account by smbpassed?

Thanks
Andy
 
Old 02-23-2009, 09:53 PM   #4
rtspitz
Member
 
Registered: Jan 2005
Location: germany
Distribution: suse, opensuse, debian, others for testing
Posts: 307

Rep: Reputation: 32
The usual linux filesystem permissions still apply !

"guest ok = yes" just means that samba accepts unauthenticated users, the rest depends on linux file permissions.

The problem here is that if you grant write access for a guest user, which is mapped to the user nobody if I remember right, you'll either have to move all files to nobody.nogroup or set them 777.

Last edited by rtspitz; 02-23-2009 at 09:57 PM.
 
Old 02-23-2009, 10:05 PM   #5
andy820303
LQ Newbie
 
Registered: Feb 2009
Location: Dalian, China
Posts: 12

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by rtspitz View Post
The usual linux filesystem permissions still apply !

"guest ok = yes" just means that samba accepts unauthenticated users, the rest depends on linux file permissions.

The problem here is that if you grant write access for a guest user, which is mapped to the user nobody if I remember right, you'll either have to move all files to nobody.nogroup or set them 777.
First, thanks for your reply!

Why it will be mapped to the user "nobody", I set this "guest account = root", shouldn't it be mapped to the user "root"

Andy
 
Old 02-23-2009, 10:11 PM   #6
andy820303
LQ Newbie
 
Registered: Feb 2009
Location: Dalian, China
Posts: 12

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by rtspitz View Post
The usual linux filesystem permissions still apply !

"guest ok = yes" just means that samba accepts unauthenticated users, the rest depends on linux file permissions.

The problem here is that if you grant write access for a guest user, which is mapped to the user nobody if I remember right, you'll either have to move all files to nobody.nogroup or set them 777.
Just now, I did what you told me to do.
simply put "chmod 777 smbshare"
so now others also have write permissions there, and I verifed on my windows client, it's cool, I can write files there already, but still don't understand why after I set "guest account = root", but I was still mapped to "nobody"? can you give me some hints?

Thanks
Andy
 
Old 02-23-2009, 10:31 PM   #7
rtspitz
Member
 
Registered: Jan 2005
Location: germany
Distribution: suse, opensuse, debian, others for testing
Posts: 307

Rep: Reputation: 32
I think "guest account = root" is very unsafe and therefore not allowed / ignored, just like setting the files to 777!

You should create a new linux user (smbshare for example) and set "guest account = smbshare" and set the linux file permissions for this user. So 700 (best), 750 or 755 should be OK, depending on your security requirements. You'll want to have a look at smb.conf config options with the term "mask" in them like "create mask". They may be necessary to make sure that newly created files/directories are actually writable and not just readable.
 
Old 02-23-2009, 10:44 PM   #8
andy820303
LQ Newbie
 
Registered: Feb 2009
Location: Dalian, China
Posts: 12

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by rtspitz View Post
I think "guest account = root" is very unsafe and therefore not allowed / ignored, just like setting the files to 777!

You should create a new linux user (smbshare for example) and set "guest account = smbshare" and set the linux file permissions for this user. So 700 (best), 750 or 755 should be OK, depending on your security requirements. You'll want to have a look at smb.conf config options with the term "mask" in them like "create mask". They may be necessary to make sure that newly created files/directories are actually writable and not just readable.
Thanks a lot.

I think this really make sense to me, I should never use "guest account" in dailywork. whatever, this "guest account = root" doesn't work like I thought of.

Thanks again, wish you all a nice day.
Andy
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
connecting ubuntu client to Windows 2003 terminal server rewenger Linux - Server 5 08-10-2011 01:51 PM
Connect LINUX client to WINDOWS 2003 server linuxy2 Linux - Networking 8 07-29-2009 06:02 AM
Samba and Windows Server 2003 SP1 campbellop Linux - Networking 5 08-18-2005 11:41 PM
samba server in windows 2003 domain aizkorri Linux - Networking 1 04-07-2005 11:36 AM
Fedora Core 3 PC , how to be connected as client to windows server 2003 domain omaramir Linux - Networking 4 02-03-2005 03:28 AM


All times are GMT -5. The time now is 12:43 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration