LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Why don't I have write permission to a Samba server from a Windows 2003 client. (https://www.linuxquestions.org/questions/linux-newbie-8/why-dont-i-have-write-permission-to-a-samba-server-from-a-windows-2003-client-706985/)

andy820303 02-23-2009 08:11 PM
Why don't I have write permission to a Samba server from a Windows 2003 client.
 
Hi, I have a samba server, and want to get write permission on a windows 2003 client. but everytime when I want to write files, it prompts me "Access is denied" and I think that should not happen at all.

And ideas will be highly appreciated.

I set security level to "share", please see details below

[global]
workgroup=demo
server string = Samba Server
log file = /var/adm/samba_log.%m
security = SHARE

[smbshare]
path = /export/home/smbshare
guest ok = yes
writable = yes
browsable = yes
guest account = root

and if I run "ls -l /export/home", you will see, which means, root should have all the write permissions.
# ls -l /export/home
total 18
drwx------ 2 root root 8192 Oct 28 16:32 lost+found
drwxr-xr-x 2 root root 512 Feb 23 19:08 smbshare

but I can only read files on that Samba Server from a windows client, but have no write permissions?
why, please help me, thanks in advance.

TBC Cosmo 02-23-2009 08:33 PM
Your windows user needs appropriate rights on that share, corresponding to a samba user on the server. Have a look at smbpasswd.

andy820303 02-23-2009 08:43 PM
Quote:
Originally Posted by TBC Cosmo (Post 3455080)
Your windows user needs appropriate rights on that share, corresponding to a samba user on the server. Have a look at smbpasswd.
Thanks for your timely reply.

what I don't understand here is the "share" security level, in my mind, "share" means, it doesn't have to do authentication. and just give a guest account to sb who wants to access the Samba share, so do you mean I need to run this in "user" level, and add the samba user account by smbpassed?

Thanks
Andy

rtspitz 02-23-2009 08:53 PM
The usual linux filesystem permissions still apply !

"guest ok = yes" just means that samba accepts unauthenticated users, the rest depends on linux file permissions.

The problem here is that if you grant write access for a guest user, which is mapped to the user nobody if I remember right, you'll either have to move all files to nobody.nogroup or set them 777.

andy820303 02-23-2009 09:05 PM
Quote:
Originally Posted by rtspitz (Post 3455090)
The usual linux filesystem permissions still apply !

"guest ok = yes" just means that samba accepts unauthenticated users, the rest depends on linux file permissions.

The problem here is that if you grant write access for a guest user, which is mapped to the user nobody if I remember right, you'll either have to move all files to nobody.nogroup or set them 777.
First, thanks for your reply!

Why it will be mapped to the user "nobody", I set this "guest account = root", shouldn't it be mapped to the user "root"

Andy

andy820303 02-23-2009 09:11 PM
Quote:
Originally Posted by rtspitz (Post 3455090)
The usual linux filesystem permissions still apply !

"guest ok = yes" just means that samba accepts unauthenticated users, the rest depends on linux file permissions.

The problem here is that if you grant write access for a guest user, which is mapped to the user nobody if I remember right, you'll either have to move all files to nobody.nogroup or set them 777.
Just now, I did what you told me to do.
simply put "chmod 777 smbshare"
so now others also have write permissions there, and I verifed on my windows client, it's cool, I can write files there already, but still don't understand why after I set "guest account = root", but I was still mapped to "nobody"? can you give me some hints?

Thanks
Andy

rtspitz 02-23-2009 09:31 PM
I think "guest account = root" is very unsafe and therefore not allowed / ignored, just like setting the files to 777!

You should create a new linux user (smbshare for example) and set "guest account = smbshare" and set the linux file permissions for this user. So 700 (best), 750 or 755 should be OK, depending on your security requirements. You'll want to have a look at smb.conf config options with the term "mask" in them like "create mask". They may be necessary to make sure that newly created files/directories are actually writable and not just readable.

andy820303 02-23-2009 09:44 PM
Quote:
Originally Posted by rtspitz (Post 3455108)
I think "guest account = root" is very unsafe and therefore not allowed / ignored, just like setting the files to 777!

You should create a new linux user (smbshare for example) and set "guest account = smbshare" and set the linux file permissions for this user. So 700 (best), 750 or 755 should be OK, depending on your security requirements. You'll want to have a look at smb.conf config options with the term "mask" in them like "create mask". They may be necessary to make sure that newly created files/directories are actually writable and not just readable.
Thanks a lot.

I think this really make sense to me, I should never use "guest account" in dailywork. whatever, this "guest account = root" doesn't work like I thought of.

Thanks again, wish you all a nice day.
Andy


All times are GMT -5. The time now is 03:59 AM.