Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am able to access the linux share from windows server. But I am having problem with the permissions. My smb.conf file looks following for the test share:
[test]
path = /export/samba/test
read only = No
guest ok = Yes
create mode = 0755
directory mode = 0755
browseable = yes
Writable = Yes
Even the root user not able to write or modify the files in this share. I am confused what's wrong in my config file.
When dealing with Samba shares you need to remember that underneath the Windows/Samba permission stuff is still the Linux permissions on files and folders. If those permission are "locked down" then Samba will not be able to deal with the files in the way you expect.
When you say the "root" user do you mean the Linux root user or a Samba user with the name "root"?
Below is my general purpose samba server used in QA env, with one condition.
All permissions are controlled via SAMBA, (This means all folders that are shared via samba has a permission mask of "777" on file system level), you should review all options in conf, as some of the options are specifically mentioned for QA requirement, such as recycle & VFS objects etc.
# more /etc/samba/smb.conf
[global]
server string = RS ( QA HUDSON Staging Server )
workgroup = QA
netbios name = RS
security = share
guest only = yes
dns proxy = no
preserve case = yes
short preserve case = yes
default case = lower
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
os level = 33
syslog = 0
log level = 0
Dos charset = 850
Unix charset = ISO8859-1
load printers = no
follow symlinks = yes
wide links = yes
disable spoolss = yes
show add printer wizard = no
# security = user
encrypt passwords = yes
level2 oplocks = true
read raw = no
large readwrite = yes
nt pipe support = yes
nt status support = yes
announce as = NT
announce version = 4.9
unix extensions = yes
client signing = auto
hostname lookups = no
wins support = no
veto files = /.recycle/*.bash*/
delete veto files = yes
write cache size = 262144
nt acl support = yes
inherit permissions = yes
vfs objects = vscan-clamav
vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
[staging]
comment = none
path = /opt/staging
browseable = yes
public = yes
guest ok = yes
printable = no
create mask = 0777
directory mask = 0775
write list = @qa @build staging
valid users = @qa @build staging
writeable = no
force user = staging
vfs object = recycle:repository recycle:keeptree recycle:versions recycle:touch recycle:exclude recycle:exclude_dir recycle:maxsize recycle:noversions
vfs object = recycle:repository=".recycle"
recycle:keeptree=True
recycle:repository=./RECYCLED
recycle:keeptree=yes
recycle:versions=yes
recycle:touch=no
recycle:exclude=*.tmp|*.temp|*.obj|~\$*
recycle:exclude_dir=/tmp|/temp|/cache
Trash max size is 100 Gb
recycle:maxsize=107374182400
recycle:noversions=*.mdb
[builds]
comment = BUILDS
path = /home/build
browseable = yes
public = yes
guest ok = yes
printable = no
create mask = 0777
directory mask = 0775
write list = @qa @build
valid users = @qa @build
writeable = Yes
force user = builds
vfs object = recycle:repository=".recycle" recycle:keeptree=True
[rserver]
comment = RSERVER (Angela's Junk left from hourly compile, no data left after compile moved to staging)
path = /home/rserver
browseable = yes
public = yes
guest ok = yes
printable = no
create mask = 0777
directory mask = 0775
write list = @qa @build rserver
valid users = @qa @build rserver
writeable = Yes
force user = rserver
vfs object = recycle:repository=".recycle" recycle:keeptree=True
[sushi]
comment = SUSHI NFS Mount
path = /home/sushi/development
browseable = yes
public = yes
guest ok = yes
printable = no
create mask = 0777
directory mask = 0775
write list = @qa @build sushi
valid users = @qa @build sushi
writeable = no
force user = sushi
[transit]
comment = tEMp fILe eXcHaNgE (QA Only)
path = /home/transit
browseable = yes
public = yes
guest ok = yes
printable = no
create mask = 0777
directory mask = 0775
write list = @qa @build transit
valid users = @qa @build sushi transit
writeable = yes
force user = transit
vfs objects = vscan-clamav
vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
[wiki]
comment = Wiki Cash
path = /home/wiki
browseable = yes
public = yes
guest ok = yes
printable = no
create mask = 0777
directory mask = 0775
write list = @qa @build wiki
valid users = @qa @build wiki
writeable = no
force user = wiki
vfs object = recycle:repository=".recycle" recycle:keeptree=True
Looking at your very 2nd last post, I can see that you are using SAMBA as domain;
You have not specified that if the share is a user home share or a group share or open share; but on very 1st post you are using "guest ok = Yes"
You have to be cleared about few things
Files created inside linux shell/console or any command used at linux OS if that command is not authing it self to a required user auth, but have direct access to share via network e.g. ssh key pairs or any internal process creating files inside that share will have a different ownership, a process that is being "run as" or currently logged-in user.
In your case, referring to your conf;
guest ok = Yes
create mode = 0755
directory mode = 0755
But looking at your above conf, who is owning the files being created & permission mask is default of OS level where 7 is for owner & 55 is for others & group, which will not let you create files from windows side as they are being blocked by 55 permissions, but referring to your 2nd last post out put of LS command;
Above are the OS level permissions & in your samba conf you have just set the same as samba permissions, they both are different, you have to give the "W" permission on OS level as well & then control the write using samba
referring to my conf file
write list = @qa @build wiki
valid users = @qa @build wiki
"@" symbol denotes that its a group; user you are trying to use from windows side is that user is part of "write" group, as well as a valid as well from windows side.
Conf I have given you above is a QA staging server; we use smbclient from within linux to connect a share where possible even though if that share is located right on localhost, because then we do not have to worry about ownership of files & permission levels.
If we do not have choice of that, such as in our case the very same server is being user by RSERVER which specifically use OS filesystem rather than SMB share we use scripts via cronjob to do that.
e.g.
create mask = 0777
directory mask = 0775
So last question, you have not specified, if you are using your server as domain server or a general purpose server; my conf is a general purpose, its a total different conf for a domain server & permissions setup.
Last edited by shuja_khan; 07-20-2011 at 02:35 AM.
Reason: typo error
Looking at your very 2nd last post, I can see that you are using SAMBA as domain;
You have not specified that if the share is a user home share or a group share or open share; but on very 1st post you are using "guest ok = Yes"
You have to be cleared about few things
Files created inside linux shell/console or any command used at linux OS if that command is not authing it self to a required user auth, but have direct access to share via network e.g. ssh key pairs or any internal process creating files inside that share will have a different ownership, a process that is being "run as" or currently logged-in user.
In your case, referring to your conf;
guest ok = Yes
create mode = 0755
directory mode = 0755
But looking at your above conf, who is owning the files being created & permission mask is default of OS level where 7 is for owner & 55 is for others & group, which will not let you create files from windows side as they are being blocked by 55 permissions, but referring to your 2nd last post out put of LS command;
Above are the OS level permissions & in your samba conf you have just set the same as samba permissions, they both are different, you have to give the "W" permission on OS level as well & then control the write using samba
referring to my conf file
write list = @qa @build wiki
valid users = @qa @build wiki
"@" symbol denotes that its a group; user you are trying to use from windows side is that user is part of "write" group, as well as a valid as well from windows side.
Conf I have given you above is a QA staging server; we use smbclient from within linux to connect a share where possible even though if that share is located right on localhost, because then we do not have to worry about ownership of files & permission levels.
If we do not have choice of that, such as in our case the very same server is being user by RSERVER which specifically use OS filesystem rather than SMB share we use scripts via cronjob to do that.
e.g.
create mask = 0777
directory mask = 0775
So last question, you have not specified, if you are using your server as domain server or a general purpose server; my conf is a general purpose, its a total different conf for a domain server & permissions setup.
Hi Shuja Khan, Thanks for your reply.
Do you mean I have give 777 permissions on OS level. IS that means create mode & directory mode = 777 ?
I am using this samba server as a domain member server. And all the domain users should access these shares. Only administrators should have the privileges to write to the share.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.