ok, i’m running a ubuntu based server, running samba with a number of shares.
i’m using webmin to admin that server & shares.
Opensuse is the client machine connecting to those shares.
i’m a bit confused about permissions, as how i see it, is it should be working fine.
ls -l (not working)
drwxrwxr-x 2 tim sambashare 4096 2011-11-19 11:49 1
ls -l (working)
drwxrwxrwx 2 tim sambashare 4096 2011-11-19 11:49 1
i’m logging as as ‘tim’ under opensuse, and creating the ‘1’ dir, which creates it as the non-working config. this is done via the mounted smb share on the opensuse client, not via ssh.
if i then go into the ‘1’ dir, and try to create a new file/folder, im unable to as i do not have permissions.
if i chmod ‘1’ to 777, then it works fine.
based off webmin, the ‘tim’ user has primary group of ‘sambashare’, so surely i should have RWX access to the content i create (based on ‘7’ permissions).
based off whats happening, the ‘tim’ user and/or smb share is not under the ‘sambashare’ group, else it would work under 775. 777 implies to me, that the user/group is not setup correctly to work as 775.
i am stuck has to how to figure this out - everything seems fine, but i do have fairly limited linux knowledge so i’m not sure how to test further…
Have a look at smb.conf in Ubuntu and paste here the [stanza] for the share in smb.conf. You see the file with “cat /etc/samba/smb.conf”, maybe you need a sudo in there, maybe not.
The “ls -l” readings are taken on Ubuntu, is that right?
What does “ls -l” in openSUSE look like for the mounted share (so we can see “1”)?
Also, I don’t get this: “i’m logging as as ‘tim’ under opensuse” and “mounted share”. Do you mean a cifs mount where the line in fstab controlling the mount contains the username “tim” and the password?
When clients connect to a share level security server
It seems that you ended up logging onto the share as user 1002 on the Ubuntu server (see the ls -l quote you gave). Now user 1002 does not exist on openSUSE. So you have user 1001 (tim?) on openSUSE trying to write to something owned by user 1002 on Ubuntu – kablam! (or something like that – it’s just a big mixup).
There is a big logical inconsistency here: you have “security = share” which is designed for guest access shares i.e. no authentication required and you have “valid users = @sambashare” which demands that non-guests must authenticate (send suername/password). If you tell me which level of security you want (authenticated access or guest access), I will give you a fix.
‘security’ would be the way i want togo.
it’s not so much dont trust users, but it’s the ability to lock down certain machines to have RO access, rather than RW
i thought that the UID of 1002 might be an issue, but being somewhat unfamiliar with linux permissions (majority of my experience is windows) then i’m still low on the learning curve.
im not sure if it may change things, but i do have FTP access to certain folders within the /data/ share. I’m also looking at ownCloud aswell, but from initial searches i cant point it to an existing data location and will have to import it into ownCloud.
i’ll take a read of the smb manual over the weekend - i’ll be interested to learn how i should of set things up, and how it compares to what i currently have.
it’s not so much dont trust users, but it’s the ability to lock down certain machines to have RO access, rather than RW
this makes RO access: read only = yes
this makes RW access: read only = no
That works with shares that guests access without passwords and also for shares that require passwords for access, doesn’t matter.
I still don’t know if you prefer passwords or no passwords, so I’ll make a suggestion that will allow for both options.
On Ubuntu change “security = share” to “security = user”.
and also change this:
[Data]
path = /data/data
force user = tim
writeable = yes
guest ok = yes
In Ubuntu keep the owner of the shared directory as tim. Chmod the directory and its contents to 755 or 750, doesn’t matter.
Reboot both machines twice one after the other. Then do it again.
That setup will allow guests (no passwords) to access the share – try it that way and report back whether it works.
Also answer this: do you want to change the share so that access is only for users with passwords?
Also, can I see the line in fstab that causes the share to be mounted?
done, no change in anything - it appears to have the same issues as before - uid/gid as numeric values, and when i create a folder, i am unable to create sub-folders.
the preference is to have control over who has RO or RW access to the share. if this can be done without passwords, then so be it.
the only reason i am using authentication is its the only way i know to control RO/RW access to a file share.
i guess i could mount certain clients with readonly defined in fstab., and have anonymous guest RW(X) access to the shares.
ok, i must be missing something here…
i’ve recreated the SMB shares via webmin, smb config as follows:
[global]
dns proxy = no
log file = /var/log/samba/log.%m
netbios name = server
server string = %h server (Samba, Mythbuntu)
hide unreadable = yes
workgroup = WORKGROUP
os level = 20
syslog = 0
security = user
create mode = 777
panic action = /usr/share/samba/panic-action %d
max log size = 1000
directory mode = 777
[data]
valid users = tim
writeable = yes
path = /data/data/
i’ve restarted samba server, remounted the share on client, tried with and without umask,fmask,dmask=000 in the client fstab and i’m still getting the original issue; both 775 permissions, and the user ‘tim’ which should be using the user permission bit, is using the other permission bit.
current state of play:
smb.conf is as per this post.
fstab is as per my previous post.
Tim is perhaps getting in as tim and perhaps not with group sambashare. Too many changes at once, there is confusion. Try this experiment:
Make the Ubu share 755 again.
Temporarily comment out these lines (use a # to comment them out):
dns proxy = no
create mode = 777
directory mode = 777
Make the share to be this:
[Data]
path = /data/data
force user = tim
force group = sambashare
writeable = yes
guest ok = no
After the edit, restart samba on Ubuntu (reboot will do it)
Temporarily unmount the cifs mount on openSUSE (sudo umount /mnt/server/data)
Now browse (not mount, browse in your network browser, e.g. Nautilus/Dolphin) to the share from openSUSE, log in with user = tim and password = tim’s samba password on Ubuntu. Can you read, write and create in the Ubuntu share that way.
If we can get the Ubu share correct, we can then look at the mount in fstab, about which I have some thoughts, but not too many changes at once or there will be confusion.
Good – some progress. Now try altering the cifs mount. Still for the experiment, use this line in fstab, changing “password” to the real password for tim in Samba on Ubu:
I’ve reverted the changes given in your latest post, Swerdna; one at a time with ubuntu reboots between changes.
everything works as expected until i access the share via fstab mount.
when all things are equal, accessing the share via Dolphin (network > samba shares > …) works.
fstab fails on write access.
I’ve double checked (again!) the smb_cred.txt file referenced in fstab, and I’ve also put the login directly into fstab as a test. obviously credentials aren’t an issue, as without them i wouldn’t even have read access.
What I’m trying to do here is eliminate one by one (in my head) the many possible issues, and the structures I gave you to test will help me to do that. It’s important to use the [global] and [Data] stanzas I gave you with the fstab line/s I gave you. So let me know what happens with those all in place – otherwise I get confused and can’t get to the root of the problem.
