User1 and User2 should both be able to read&write in the folder test.
Guest Users should be able to read
I made a simple Samba share and changed the Owner of the shared folder to User1 (User1 is a special User wich will get some more rights to other shares)
If i want to connect to the Folder, i always have to use Name+Password. It seems like Anonymous Read/Guest read doesnt works.
here is my config file:
# smb.conf is the main Samba configuration file. You find a full commented
# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
# samba-doc package is installed.
# Date: 2008-04-23
[global]
workgroup = abc
netbios name = XXXXXX
interfaces = 172.0.0.1, xx.xx.xx.xx/24
bind interface only = yes
#map to guest = Bad User
security = user
[test]
comment = test Volume
path=/data/test
read only = No
guest ok = yes
browsable = no
force create mode = 0770
force directory mode = 0770
force user = User1
valid user = User1, User2
force group = users
write list = User1, User2
read list= User1, User2, guest
level2 oplocks = no
oplocks = no
locking = no
strict locking = no
On Fri November 21 2008 08:26 am, Linuxator wrote:
>
> Hi,
>
> i wanted the following:
>
> User1 and User2 should both be able to read&write in the folder test.
> Guest Users should be able to read
>
> I made a simple Samba share and changed the Owner of the shared folder
> to User1 (User1 is a special User wich will get some more rights to
> other shares)
>
> If i want to connect to the Folder, i always have to use Name+Password.
> It seems like Anonymous Read/Guest read doesnt works.
>
> here is my config file:
>
>
> Code:
> --------------------
>
> # smb.conf is the main Samba configuration file. You find a full commented
> # version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
> # samba-doc package is installed.
> # Date: 2008-04-23
> [global]
> workgroup = abc
> netbios name = XXXXXX
> interfaces = 172.0.0.1, xx.xx.xx.xx/24
> bind interface only = yes
> #map to guest = Bad User
> security = user
>
> [test]
> comment = test Volume
> path=/data/test
> read only = No
> guest ok = yes
> browsable = no
> force create mode = 0770
> force directory mode = 0770
> force user = User1
> valid user = User1, User2
> force group = users
> write list = User1, User2
> read list= User1, User2, guest
> level2 oplocks = no
> oplocks = no
> locking = no
> strict locking = no
> --------------------
>
Linuxator;
First of all, uncomment “map to guest = Bad User” in the global section.
Otherwise there will not be guests (unless they login as nobody). In the
share, “force user = User1” means that anyone connecting to the share will be
authenticated as User1 so much of the rest does little for you. Try
something like this;
[test]
comment = test Volume
path=/data/test
read only = yes
guest ok = yes
; browsable = no (not sure why you want this)
force create mode = 0774
force directory mode = 0774
write list = User1, User2
; level2 oplocks = no (not sure why you want this)
; oplocks = no (not sure why you want this)
; locking = no (default value)
strict locking = no
This should give essentially everyone read access with User1 and User2 able to
write. (write list supercedes read only). Be sure to give “others” read
access. See man smb.conf for details on the use of these parameters, in
particular do not see why you have all the lock options parameters,
sometimes they are needed but generally the default values work just fine.
Your global section is a bit sparce, but if it works for you so be it.
I think you mean “bind interfaces only” and “valid users”.
A user who is in both the “write list” and the “read list” will end up with write access – so user “guest” gets write access, or somethiong complicated like that.
Uncomment the line: “map to guest = bad user”. That will cause users with names that don’t exist (e.g. guests) to be mapped to the “guest” account, thereby getting access from the parameter “guest ok = yes”
No need to put “read only = no” because the “write list” defines the writeability of the share. Don’t define it a second time with the “read only” parameter.
It seems to me to be a contradiction to allow guest access with the “guest ok” parameter and to then restrict the service with the “valid users” parameter, so leave the “valid users” parameter out.
It’s a very complex share, many parameters, I cant get my head around it, so try it with this simple form to start with:
[test]
comment = test Volume
path=/data/test
guest ok = yes
force user = User1
force group = users
write list = User1, User2
>
> I think you mean “bind interfaces only” and “valid users”.
>
> A user who is in both the “write list” and the “read list” will end up
> with write access – so user “guest” gets write access, or somethiong
> complicated like that.
>
> Uncomment the line: “map to guest = bad user”. That will cause users
> with names that don’t exist (e.g. guests) to be mapped to the “guest”
> account, thereby getting access from the parameter “guest ok = yes”
>
> No need to put “read only = no” because the “write list” defines the
> writeability of the share. Don’t define it a second time with the “read
> only” parameter.
>
> It seems to me to be a contradiction to allow guest access with the
> “guest ok” parameter and to then restrict the service with the “valid
> users” parameter, so leave the “valid users” parameter out.
>
>
> It’s a very complex share, many parameters, I cant get my head around
> it, so try it with this simple form to start with:
> [test]
> comment = test Volume
> path=/data/test
> guest ok = yes
> force user = User1
> force group = users
> write list = User1, User2
>
>
Please look at the writeup in man smb.conf for “force user”. I believe this
setup will give guest write access as well as User1&2
On Tue November 25 2008 05:06 am, Linuxator wrote:
>
> Thank you so far.
>
> If i dont want User “guest” to have any access to a second share, what
> can i do?
>
> On the second share i only want user1 to have access and no one else.
>
> i tried is with this config (added to the old one, with the changes you
> wrote)
>
>
> Code:
> --------------------
>
>
> [user1only]
> path=/data/user1only
> guest ok = no
> browsable = no
> invalid users = guest
> valid user = user1
> write list = user1
> read list = user1
>
>
> --------------------
>
>
> i restarted samba and still can connect as guest, and read (at last no
> write is possible )
>
>
Linuxator;
In Suse, the guest account is the user “nobody”; so you would have needed:
invalid users = nobody
With this said, follow the advice of Swerdna, make sure only user1 has the
linux permissions to read/write i.e. mode 700 or 600. If this still does
not do exactly what you want, try adding the parameter " hide unreadable =
yes " to the [user1only] share.
)