Samba share read only for guests and write for some specific users
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Samba share read only for guests and write for some specific users
Hi All,
I've been reading for a while about samba but I haven't found a solution to my problem yet.
I'd like to know if, the configuration I have in mind, is possible at all ("security = user" is what I'm using now).
I want a directory to be:
1) read only for guests and some UNIX users;
2) write for some other UNIX users.
;eg:
[Music]
path = /data/Music
guest ok = yes
read list = someone, @users
write list = andrea
The advantage of this configuration would be that every single user in my LAN (with or without a UNIX account) would be able to read the content of the shared directory Music and I (UNIX user andrea) could manage the folder directly trough samba preserving the correct owner/group and permissions on the new files/folder created.
Notes about my configuration above:
1) as it is now every user gets authenticated by samba as nobody so even I (andrea) cannot write in it;
2) commenting out the line "guest ok = yes" I can authenticate as "andrea" and write in it but guest access is not possible any longer.
Did you run the`smbpasswd' program so the linux user is an smb user as well?
Try adding the "andrea" user to the read list as well. Maybe then you will need to authenticate as the andrea user before reading, and not be a "bad user".
Also check the samba logs for clues. (Under /var/lib/samba/ or /var/log). This could reveal unforeseen causes such as selinux or apparmor write restrictions on the smbd daemon.
I've done the original setup a few months ago so I don't remember exactly but I'm pretty sure I've run smbpasswd. Also bacause I can see shares enabled for the user "andrea" only after having entered the required password.
I checked the samba logs and I can see that, with the "guest ok = yes" option, I get authenticated as user "nobody" even though I should be the user "andrea".
If I remove that option I can see from the logs that I get authenticated as "nobody" without having to enter a password.
I read somewhere that with the option "guest ok = yes" ALL users will be authenticated as guests... :-/
I've done the original setup a few months ago so I don't remember exactly but I'm pretty sure I've run smbpasswd. Also bacause I can see shares enabled for the user "andrea" only after having entered the required password.
I checked the samba logs and I can see that, with the "guest ok = yes" option, I get authenticated as user "nobody" even though I should be the user "andrea".
If I remove that option I can see from the logs that I get authenticated as "nobody" without having to enter a password.
I read somewhere that with the option "guest ok = yes" ALL users will be authenticated as guests... :-/
Default is to try login with your login user at your workstation.
So, if you are logged with user1, windows will try to auth you as user1.
If samba has a user1 will ask for a passwd.
If not you will be logged as nobody.
You might do two different shares with the same path. One with read only = yes and guest ok = yes and other authenticated for your login user.
I would suggest setting up a private share for `andrea' and try logging in. Make sure that authentication works for user `andrea'. If it doesn't, look in the logs for info on what the problem is.
Did you try adding `andrea' to the read list of your public share? Add it before the @users group.
List the permissions of the /data/Music directory: ls -ld /data/Music
Is Andrea the owner? If not change the ownership of the directory or use setfacl to give andrea write permissions
I'll guess that the owner is "andrea" and the group "users" with rwx-rxr-x permissions set.
As you probably are aware, the 'guest' user in windows is equivalent to the 'nobody' user in Linux. The 'o' permission bit for r & x needs to be set on the directory to allow nobody to read it.
- tristezo2k
At the moment there are no Windows machines at all (I managed to get rid of most of them :-D).
I can login with my user (andrea) at the workstation as well as with samba (for instance when I access my home directory trough samba I'm asked for my password).
When I access (trough Nautilus/Ubuntu) the samba share "Music" with "guest ok = yes" though I'm not asked for any password at all (samba log sais I've been logged in as user "nobody").
I thought about making two different shares but that would be a pretty ugly solution since I should do it for 7/8 shared directories and I would end up with: Music, Music_writable, Something, Something_writable and so on... and on...
- scott8035
Thanks for that. I can then confirm that I've run smbpasswd before.
The output of that command is:
sudo pdbedit -L
nobody:65534:nobody
andrea:1001:Andrea Surname
other:1000:Other Surname
etc...
- jschiwal
I confirm you that the authentication for the user "andrea" works.
As stated above I can access my home directory after having authenticated as "andrea".
Just to make sure folder permissions is not the issue I've set it temporarily to 777... nothing changed. :-/
Thanks again guys and any other suggestion is welcome.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.