Problem number one is to do with Samba. I created an LVM partition with a permanent mount point on my openSUSE 13.1 installation. I’ve configured Samba (i.e. configured Samba server under YaST with workgroup name, not DC controller, NetBios hostname, created file share with guest access and not reed only, and opened port in firewall). The result is that I am able to see and view the folder from the other PCs on the network (both Windows 7), but not edit it.
From Dolphin I’ve changed the properties to share with Samba, set name, allow guests, and set ‘Everyone’ to ‘Full Control’… and this is where it’s going wrong. I can hit save, but the settings are not retained (when I next go in, the ‘Everyone’ ‘Full Control’ setting is lost and the other PCs are still unable to edit the folder).
Suggestions?
Also, what I’m attempting above is a simple proof of concept. I’d really like to apply stricter security, such that only specified users or PCs can access the file share (there will be only three users). There’s so much documentation on Samba that it’s confusing rather than helping me, especially in the command line / config files vs. GUI situations (I’d prefer to magage it via GUI, but I can cope with command lines and editing config files).
Again, suggestions for resources to look at / approaches?
On 3/25/2014 6:36 AM, phual wrote:
>
> Hi
>
> Some time ago I started making plans to create a home server and asked
> for some general advice (http://tinyurl.com/my3gq6z). Well, I’m now
> getting round to doing it and falling into the inevitable problems, so
> I’m seeking advice.
>
> Problem number one is to do with Samba. I created an LVM partition with
> a permanent mount point on my openSUSE 13.1 installation. I’ve
> configured Samba (i.e. configured Samba server under YaST with workgroup
> name, not DC controller, NetBios hostname, created file share with guest
> access and not reed only, and opened port in firewall). The result is
> that I am able to see and view the folder from the other PCs on the
> network (both Windows 7), but not edit it.
>
> From Dolphin I’ve changed the properties to share with Samba, set name,
> allow guests, and set ‘Everyone’ to ‘Full Control’… and this is where
> it’s going wrong. I can hit save, but the settings are not retained
> (when I next go in, the ‘Everyone’ ‘Full Control’ setting is lost and
> the other PCs are still unable to edit the folder).
>
> Suggestions?
>
> Also, what I’m attempting above is a simple proof of concept. I’d really
> like to apply stricter security, such that only specified users or PCs
> can access the file share (there will be only three users). There’s so
> much documentation on Samba that it’s confusing rather than helping me,
> especially in the command line / config files vs. GUI situations (I’d
> prefer to magage it via GUI, but I can cope with command lines and
> editing config files).
>
> Again, suggestions for resources to look at / approaches?
>
> Thanks
>
> Stuart
>
>
Stuart;
What version of openSUSE?
Is Apparmor running? There is a recent post that AppArmor can interfere with share access
What are the permissions on the share:
ls -ld <path to share>
–
P.V.
“We’re all in this together, I’m pulling for you” Red Green
I’m running openSUSE 13.1 under KDE 4. Apparmor is indeed running, though I’ve tried turning it off to no avail.
The permissions are as follows:
drwxr-xr-x 3 myusername users 4096 Mar 24 15:33 /FileServer
Thanks for the link (my problem was so generic I had no luck searching for an existing post). I’m working through some of the suggestions, but have so far found that:
If I create a new (Linux) user and give them Samba access (
smbpasswd -a username
), then they can read and write their home directory via Windows 7, but only read /FileServer.
Disabling (and restarting) AppArmor makes no difference.
Adding /FileServer to /usr/sbin/smbd under AppArmor with rw permissions makes no difference.
According to the permissions of the share, only the user mysusername have read, write and execute rights. The members of the group users and the other users only have read and execute rights.
By default, the Samba guest account is mapped to the user nobody with nobody primary group. In consequence, Samba guests would only be able to read and execute the files on the share. This is confirmed by what you described next:
Users’ have read, write and execute rights to their home directory (hopefully). This is why when you added a user to the Samba user database using smbpasswd and connected to your Samba server with this Samba user’s credentials you could read, write and execute files in his home share. Why you couldn’t write to your share /FileServer may was because the Samba user wasn’t the same as the owner of the share or because the share has the parameter guest only = yes.
In either case, a quick and dirty solution to your issue would be to add write and execute rights to everyone on /FileServer:
# chmod -R ugo=rwx /FileServer
You could also change the ownership of the share so Samba guests own it:
On 3/26/2014 8:36 PM, kalten wrote:
>
> Hi phual,
>
> phual Wrote:
>>
>> …]
>>
>> The permissions are as follows:
>>>
> Code:
> --------------------
> > >
> > drwxr-xr-x 3 myusername users 4096 Mar 24 15:33 /FileServer
> >
> --------------------
>>>
>>
>
> According to the permissions of the share, only the user mysusername
> have read, write and execute rights. The members of the group users and
> the other users only have read and execute rights.
>
> By default, the Samba guest account is mapped to the user nobody with
> nobody primary group. In consequence, Samba guests would only be able to
> read and execute the files on the share. This is confirmed by what you
> described next:
>
> phual Wrote:
>>
>> …]
>>
>> If I create a new (Linux) user and give them Samba access (
>> Code:
>>
>> smbpasswd -a username
>>
>> ), then they can read and write their home directory via Windows 7, but
>> only read /FileServer.
>>
>
> Users’ have read, write and execute rights to their home directory
> (hopefully). This is why when you added a user to the Samba user
> database using smbpasswd and connected to your Samba server with this
> Samba user’s credentials you could read, write and execute files in his
> home share. Why you couldn’t write to your share /FileServer may was
> because the Samba user wasn’t the same as the owner of the share or
> because the share has the parameter guest only = yes.
>
> In either case, a quick and dirty solution to your issue would be to add
> write and execute rights to everyone on /FileServer:
>
>
> Code:
> --------------------
>
> # chmod -R ugo=rwx /FileServer
>
> --------------------
>
>
> You could also change the ownership of the share so Samba guests own it:
>
> Code:
> --------------------
>
> # chown -R nobody:nobody /FileServer
>
> --------------------
>
>
phual;
If the suggestions made by kalten do not fix your problem, please post the contents of /etc/samba/smb.conf.
–
P.V.
“We’re all in this together, I’m pulling for you” Red Green
After another issue that diverted me for a while, I was able to confirm that the issue was (as kalten said) as simple as not setting the folder permissions in Linux (nothing to do with Samba at all). After changing the permissions as follows, it worked fine:
[ul]
[li]Owner: can view and modify [/li][li]Group: can view and modify [/li][li]Others: forbidden [/li][li]Ownership - user: myusername [/li][li]Ownership - group: users [/li][/ul]
For the assistance of those who may follow (for what use it might be), this was my whole process to have a (semi-) secure samba network. My starting point was a partition formatted as LVM and mounted to /FileServer.
[ol]
[li]In YaST, choose Samba Server[/li][LIST=1]
[li]Workgroup = ‘SomeWorkGroupName’ [/li][li]Not a domain controller [/li][li]NetBios hostname = ‘NameYouWantForServer’ [/li][li]Start during boot [/li][li]Open port in firewall [/li][li]Create /FileServer as a file share (don’t need to change default settings) [/li][li]Disable all other file shares (not necessary for my needs, though other may want them) [/li][li]Okay [/li][/ol]
[li]Change permissions on the FileServer folder so that the owning user is not root and owning group is ‘users’. [/li][li]Create new users:[/li][ol]
[li]YaST, user and group management, create new Linux users [/li][li]From command line (as root), add these users to Samba (smbpasswd -a username) [/li][/ol]
[/LIST]
That was it!
Thanks all. Now onto my next problem (of what may be many).