Samba and File Permissions headache (Ubuntu)

  • Thread starter Thread starter JC
  • Start date Start date

JC

JC

JC

Soldato
Joined
10 Dec 2003
Posts
5,774
Location
Surrey
I've been playing around with Ubuntu for over 6 months but always been the single user so I've never come across these file permission problems before!

This is what I'd like to achieve:

Computer 1 - acting as a desktop and file server - runs Ubuntu 9.04
User Accounts: A (Admin), B (User) and C (User)

2 Hard drives shared as Samba1 and Samba2

Computer 2 - A's Desktop - runs Ubuntu 8.04
User Accounts: A (Admin)

Computer 3 - C's Desktop - runs Ubuntu 9.04
User Accounts: C (Admin)

Computer 4 - a generic windows computer
Click to expand...

I'd like all users A,B and C to have read and write access to all parts of the shares Samba1 and Samba2 from their respective computers on Ubuntu or Windows.
Similarly I'd like users A, B and C to be able to read the data on the local drives of computer 1 when they are logged in.

I'd ideally like to retain the password access.

Currently I have the samba shares working, although the network browser doesn't seem to find the shares often and I have to manually type the IP/host name. Any reason for that?

This is my samba config (edited to reflect the names used earlier)
Code: 
[global]
    ; General server settings
    netbios name = Computer1
    server string =
    workgroup = HOME
    announce version = 5.0
    socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192

    passdb backend = tdbsam
    security = user
    null passwords = true
    username map = /etc/samba/smbusers
    name resolve order = hosts wins bcast

    wins support = yes

    printing = CUPS
    printcap name = CUPS

    syslog = 1
    syslog only = yes

    hosts allow = 127.0.0.1 192.168.1.0/24
    hosts deny = 0.0.0.0/0

[Samba1]
    path = /media/Data/Samba
    browseable = yes
    read only = no
    guest ok = no
    create mask = 0644
    directory mask = 0755
    force user = A
    force group = A

[Samba2]
    path = /media/Data2/Samba
    browseable = yes
    read only = no
    guest ok = no
    create mask = 0644
    directory mask = 0755
    force user = A
    force group = A

The problem is that to achieve the write access, the force user access for A is now blocking users B and C from reading the data locally unless they mount the Samba share.

What do I need to do to maintain the read and write access to the share without compromising the local read access to other users?

Thanks kindly for any assistance
 
I think in order to make them visible you need to set the public = yes flag.

Ok, first of all with standard unix permissions you have the numbers in order of ABCD (e.g 0755). Hopefully you know what these stand for but if you don't that is BIT-OWNER-GROUP-OTHER.

If you make a group (groupadd) and add users to the group (easiest way seriously is sudo vim /etc/group) then set permissions as 2775, this will give the owners of the files write access, the people in the group write access and everyone else read only access. The 2 at the front means whatever file created in there will always have the same group (otherwise users won't be able to open/edit other users files if they are in the group).

--

Another way is to look up the setfacl command which makes permissions more direct. Go to the top folder of the share and run commands like:

setfacl -Rm d:u:A:rwx (Set the default file creation permissons of every file in that folder as rwx/7)
setfacl -Rm u:A:rwx (Sets the actual file permissions of every file in that folder as rwx/7)

You can also do it for groups or other for example:

setfacl -Rm g:groupA:rwx (for the group)
or
setfacl -Rm o:rwx (for other users undefined by the current permissions set).

Hope this helps, if you need me to be any clearer on some points please ask and if I'm not around I'm sure someone else can help too :)
 
Thanks for your post, I've followed some instructions that I eventually found on the web prior to seeing this.

I've changed
Code: 
force group = A
to
Code: 
force group = share

and created the new group share and placed all those users into it.

Running the commands below has sorted the existing directories and seems to permit local and samba directory access :D

Code: 
sudo chgrp -R share /media/Data/Samba/Music
sudo chmod -R g+r+w+X /media/Data/Samba/Music

I've also changed the permissions from 0775 to 2775 and will see if this gives me the solution I'm looking for when creating files into the Samba share from remote access.
 
You must log in or register to reply here.
Back
Top Bottom