[SOLVED] Write permission for group in samba share
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi..All,
I want to create samba share for a group with write permission for the group members by which the user can edit other files. For that I created folders with below permission
Code:
ls -l /samba/
total 12
drwxrws--- 3 kumar sambashare 4096 2012-01-16 23:33 kumar
drwxrwxrwx 2 root root 4096 2012-01-16 23:43 public
drwxrws--- 4 roopa sambashare 4096 2012-01-16 23:50 roopa
Here I have enabled the SGID permission for kumar and roopa folders and also have set the umask permission as 002 in the /etc/profile file. Now if those users create files and folders in others directory after logging into the linux server the default permission will be 775 folders and 664 for the files. So it is working fine. But if they create files and folders from the windows machine, the files and folders not getting the write permission for the group even if they create it in their directory itself. And the permissions are like this for the files and folders which created by windows PCs
Code:
ls -l /samba/kumar/
total 12
drwxr-sr-x 2 kumar sambashare 4096 2012-01-16 23:33 kumar
drwxr-sr-x 2 kumar sambashare 4096 2012-01-17 00:10 new
ls -l /samba/kumar/kumar/
total 12
-rwxr--r-- 1 kumar sambashare 9867 2012-01-16 23:32 kumar.docx
Now roopa is unable to edit kumar.docx file, while roopa will be able to edit the files if kumar create the files in the linux server.
So please help me to enable automatic group write permissions.
Here is the smb.conf file details
Code:
[Public]
comment = Public Files
path = /samba/public
browseable = yes
guest ok = yes
read only = no
force user = admin
[Roopa]
comment = Personal Files
path = /samba/roopa
browseable = yes
guest ok = no
read only = no
valid users = roopa kumar
[Kumar]
comment = Personal Files
path = /samba/kumar
browseable = yes
guest ok = no
read only = no
valid users = roopa kumar
Please also find the attachment of smb.conf file and kindly assist me that how can I enable automatic group write permission for the new files and folders that to be created by the users called roopa and kumar
Last edited by mandyapenguin; 01-16-2012 at 01:09 PM.
What's your OS? Do you have SELinux enabled? If you have SELinux enabled what context are your shares?
If you don't know how to answer those questions then you need to run the following commands.
OS?
Code:
uname -a
cat /etc/issue
SELinux enabled?
Code:
getenforce
Security context?
Code:
ls -Z /samba/roopa
It should have samba_share_t context on the folders.
If you have SELinux installed then you'll want to read the following man page.
Code:
man samba_selinux
Also here's my global section in my smb.conf.
Code:
[global]
workgroup = WORKGROUP
server string = home
netbios name = stealth
printing = cups
printcap name = cups
load printers = yes
cups options = raw
log file = /var/log/samba/%m.log
log level = 0
max log size = 150
socket options = TCP_NODELAY
preferred master = yes
os level = 60
time server = yes
unix extensions = no
wide links = yes
veto files = /*.nws/riched20.dll/*.{*}/
security = user
passdb backend = tdbsam
#username map script = /usr/share/hda-platform/hda-usermap
large readwrite = yes
encrypt passwords = yes
dos charset = CP850
unix charset = UTF8
display charset = LOCALE
guest account = nobody
map to guest = Bad User
wins support = yes
printer admin = root, @ntadmin, administrator
I usually enable the passdb to be tdbsam and then run the smbpasswd command to set/change a users password. That separates your smb credentials from the local /etc/passwd credentials. Mind you I run samba with SELinux enabled on Fedora 16 so you likely have a different setup.
Hl...Thanks for the reply sag47
I am sorry, I forgot to tell about the O/S
Code:
uname -a
Linux virtubuntu 2.6.38-8-generic #42-Ubuntu SMP Mon Apr 11 03:31:50 UTC 2011 i686 i686 i386 GNU/Linux
Code:
cat /etc/issue
Ubuntu 11.04 \n \l
Code:
getenforce
The program 'getenforce' is currently not installed. You can install it by typing:
apt-get install selinux-utils
Code:
ls -Z /samba/roopa/
? kumar ? test
ls -Z /samba/public/ls -Z /samba/kumar/
? kumar ? new ? roopa
The samba is working fine, if roopa run the below command in the run window
Code:
\\ip_address_of_samba_server
from her windows machine she will get public, roopa and kumar folders and also can create her files and folders inside the kumar, roopa and public folders as well as kumar can create his files and folders in those 3 folders from his windows PC. But whenever they create, the group write permission is not coming for their files and folders.
But if roopa creates files and folders inside kumar folder after logging into samba server, then those files and folders becomes as sambashare group with write permission enabled. But it is not happening from the window PCs.
So please help me that how can I fix this problem.
Last edited by mandyapenguin; 01-16-2012 at 08:21 PM.
I added above entry in public, kumar and roopa section.
Now roopa can create files and folders from /samba/kumar folders as well as kumar can create files and folders in /samba/roopa folders while normal users can do it only with /samba/public folders.
But still both are unable to edit/create the file/folders which belongs to other even those directory is owned by sambashare group with write permission enabled. For example
the kumar directory is coming without write permission enbled whenever he creates so roopa will not be able to create files and folders inside /samba/kumar/kumar folder. And she should be able to write kumar.docx and kumar.txt files but she is unable to write. But she can create her own files and folders inside the /samba/kumar. Samething is happening for also kumar. All users roopa, kumar and other users able to read, write others files and folders which are in /samba/public folder.
ls -l /samba/
total 12
drwxrwsrwt 3 kumar sambashare 4096 2012-01-18 08:28 kumar
drwxrwxrwx 5 root root 4096 2012-01-18 08:02 public
drwxrwsrwt 4 roopa sambashare 4096 2012-01-18 08:29 roopa
roopa and kumar still not able to edit/create files/folders in /samba/kumar/kumar/ and /samba/roopa/roopa respectively even after changing the create mask as 0777. Please see the below permissions
Here kumar also not able to edit/create file/folder inside the /samba/roopa/roopa/. But he can create his own files/folders only inside /samba/roopa
But both can edit/create if they login to linux box. Since I don't want to allow them to linux server I have given /usr/sbin/nologin shell. So they can not login to the server but they can create files/folders by accessing shared folders.
So please help me what can be done to allow roopa to edit/create file/folder inside /samba/kumar/kumar as well as to kumar to edit/create file/folder inside the /samba/roopa/roopa
Last edited by mandyapenguin; 01-17-2012 at 09:29 PM.
I added above entry in public, kumar and roopa section.
Now roopa can create files and folders from /samba/kumar folders as well as kumar can create files and folders in /samba/roopa folders while normal users can do it only with /samba/public folders.
But still both are unable to edit/create the file/folders which belongs to other even those directory is owned by sambashare group with write permission enabled. For example
is roopa a member of sambashare?
as the above says that kumar is the owner and for others there is no permission but for sambshare group you have given write permission.
so you can give 0755 or I would say 1755 would be better.
Code:
#chmod -R 1750 /samba/kumar
now only the owner will have write permissions and group can read your file but will not be able to make any changes.
and honestly reading all those is confusing me
so it would be better if you can tell me in brief what type of permission implementation are you looking for?
create mask = 0775
force create mode = 0775
directory mask = 0775
force directory mode = 0775
I mentioned the above rules in the kumar, roopa and public sections. Now it is working fine. This is what I had expected that one of the group members need also edit, as well as delete for other files.
Yes, you are correct, But one of the group members were asking also write permission to others files.
So I will make one more group and enables the sticky bit permission without write permission to the others of the group.
Once again thank you both and very very thanks to linuxquestions.org site.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.