Why don't I have write permission to a Samba server from a Windows 2003 client.
Hi, I have a samba server, and want to get write permission on a windows 2003 client. but everytime when I want to write files, it prompts me "Access is denied" and I think that should not happen at all.
And ideas will be highly appreciated. I set security level to "share", please see details below [global] workgroup=demo server string = Samba Server log file = /var/adm/samba_log.%m security = SHARE [smbshare] path = /export/home/smbshare guest ok = yes writable = yes browsable = yes guest account = root and if I run "ls -l /export/home", you will see, which means, root should have all the write permissions. # ls -l /export/home total 18 drwx------ 2 root root 8192 Oct 28 16:32 lost+found drwxr-xr-x 2 root root 512 Feb 23 19:08 smbshare but I can only read files on that Samba Server from a windows client, but have no write permissions? why, please help me, thanks in advance. |
Your windows user needs appropriate rights on that share, corresponding to a samba user on the server. Have a look at smbpasswd.
|
Quote:
what I don't understand here is the "share" security level, in my mind, "share" means, it doesn't have to do authentication. and just give a guest account to sb who wants to access the Samba share, so do you mean I need to run this in "user" level, and add the samba user account by smbpassed? Thanks Andy |
The usual linux filesystem permissions still apply !
"guest ok = yes" just means that samba accepts unauthenticated users, the rest depends on linux file permissions. The problem here is that if you grant write access for a guest user, which is mapped to the user nobody if I remember right, you'll either have to move all files to nobody.nogroup or set them 777. |
Quote:
Why it will be mapped to the user "nobody", I set this "guest account = root", shouldn't it be mapped to the user "root" Andy |
Quote:
simply put "chmod 777 smbshare" so now others also have write permissions there, and I verifed on my windows client, it's cool, I can write files there already, but still don't understand why after I set "guest account = root", but I was still mapped to "nobody"? can you give me some hints? Thanks Andy |
I think "guest account = root" is very unsafe and therefore not allowed / ignored, just like setting the files to 777!
You should create a new linux user (smbshare for example) and set "guest account = smbshare" and set the linux file permissions for this user. So 700 (best), 750 or 755 should be OK, depending on your security requirements. You'll want to have a look at smb.conf config options with the term "mask" in them like "create mask". They may be necessary to make sure that newly created files/directories are actually writable and not just readable. |
Quote:
I think this really make sense to me, I should never use "guest account" in dailywork. whatever, this "guest account = root" doesn't work like I thought of. Thanks again, wish you all a nice day. Andy |
All times are GMT -5. The time now is 03:59 AM. |