Samba Share Permission problems

I’m trying to set up a samba share between my desktop and my laptop computer, both running linux OSes. The desktop server runs openSUSE, the laptop client runs Ubuntu. I went with samba so far because I could actually get it to work; NFS is being problematic still and SSH won’t work because I can’t get SSHFS to install correctly on the laptop. Anyway, the problem I’m having with Samba is I can mount any directory on the server (desktop compy) through the client (laptop compy), but I can’t get write permissions. I have set the write permissions on the server (I think). I found an option on the YAST samba manager to add “write ok” to directories, so I even did that, as well as setting everything that said “read only” to NO. However, I still don’t have permissions on the laptop. It seems almost like the laptop itself is keeping me from writing. I checked the permissions of the shared folders on the laptop, and they’re all owned by root. I have tried specifying fmask=666,dmask=777 while mounting, but it still doesn’t work. It’s like I need to change the folder ownership in Ubuntu, but I’m not sure where/how.

One thing of note here: I created the local mount folders directly from the filesystem. The directory is /remote/blackdiamond, which I created with root privileges in the terminal. Do I perhaps need to change my mount directories to somewhere user-writable?

Thanks,
Dan

If you are not concerned about security, you could try to chmod 777 /remote/blackdiamond, if this not work and you can’t get write access from your client then the problem may be in your samba configuration.

Actually, I just tried putting the local share in a user-level directory (/home/dan/remote/blackdiamond/files), and while all the lower directories are user read-write, the files directory, which is the mounted target, is still owned by root. I even tried doing chmod 777 /home/dan/remote/blackdiamond/files/, and it still didn’t work. I would assume this means a server configuration problem. What, then are the steps I need to go through to make directories writeable from the YAST Samba setup GUI (or otherwise)?

-Dan

Could you please open a console and post the output of this command?

$ sudo cat /etc/samba/smb.conf

On Tue December 9 2008 07:36 pm, dbsoundman wrote:

>
> I’m trying to set up a samba share between my desktop and my laptop
> computer, both running linux OSes. The desktop server runs openSUSE, the
> laptop client runs Ubuntu. I went with samba so far because I could
> actually get it to work; NFS is being problematic still and SSH won’t
> work because I can’t get SSHFS to install correctly on the laptop.
> Anyway, the problem I’m having with Samba is I can mount any directory
> on the server (desktop compy) through the client (laptop compy), but I
> can’t get write permissions. I have set the write permissions on the
> server (I think). I found an option on the YAST samba manager to add
> “write ok” to directories, so I even did that, as well as setting
> everything that said “read only” to NO. However, I still don’t have
> permissions on the laptop. It seems almost like the laptop itself is
> keeping me from writing. I checked the permissions of the shared folders
> on the laptop, and they’re all owned by root. I have tried specifying
> fmask=666,dmask=777 while mounting, but it still doesn’t work. It’s like
> I need to change the folder ownership in Ubuntu, but I’m not sure
> where/how.
>
> One thing of note here: I created the local mount folders directly from
> the filesystem. The directory is /remote/blackdiamond, which I created
> with root privileges in the terminal. Do I perhaps need to change my
> mount directories to somewhere user-writable?
>
> Thanks,
> Dan
>
>
Dan;

To have access to samba shares, the nix permissions must allow it for the
authenticating user. The simplest way to do this is to add the force user
parameter to the share definition. Add to the share definition
in /etc/samba/smb.conf the parameter:


force user = <username>

Where <username> is the own of the share. Be sure the owner has write
permission (mode 07XX or 06XX). Everyone who accesses the share will be
mapped to user <username>. There are other ways to do this, If this is not
what you want post back.


P. V.
Is this on the test?

Here is the smb.conf output:

dan@linux-8amt:~> sudo cat /etc/samba/smb.conf
# smb.conf is the main Samba configuration file. You find a full commented
# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
# samba-doc package is installed.
# Date: 2008-11-21
[global]
        workgroup = BLACKDIAMOND
        printing = cups
        printcap name = cups
        printcap cache time = 750
        cups options = raw
        map to guest = Bad User
        include = /etc/samba/dhcp.conf
        logon path = \\%L\profiles\.msprofile
        logon home = \\%L\%U\.9xprofile
        logon drive = P:
        usershare allow guests = Yes
        add machine script = /usr/sbin/useradd  -c Machine -d /var/lib/nobody -s /bin/false %m$
        domain logons = Yes
        domain master = Yes
        local master = Yes
        os level = 65
        passdb backend = smbpasswd
        preferred master = Yes
        security = user
        wins support = Yes
        usershare max shares = 100

[homes]
        comment = Home Directories
        valid users = %S, %D%w%S
        browseable = No
        read only = No
        inherit acls = Yes

[profiles]
        comment = Network Profiles Service
        path = %H/
        read only = yes
        store dos attributes = Yes
        create mask = 0600
        directory mask = 0700

[users]
        comment = All users
        path = /home/
        read only = No
        inherit acls = Yes
        veto files = /aquota.user/groups/shares/
        guest ok = Yes

[groups]
        comment = All groups
        path = /home/groups/
        read only = yes
        inherit acls = Yes

[printers]
        comment = All Printers
        path = /var/tmp
        printable = Yes
        create mask = 0600
        browseable = No

[print$]
        comment = Printer Drivers
        path = /var/lib/samba/drivers
        write list = @ntadmin root
        force group = ntadmin
        create mask = 0664
        directory mask = 0775

[netlogon]
        comment = Network Logon Service
        path = /var/lib/samba/netlogon
        write list = root

[brandesky20]
        path = /media/BRANDESKY20/
        guest ok = yes
        read only = No

[dan]
        path = /home/dan/
        guest ok = yes
        admin users = dan
        write ok = yes

I’m a little unclear on the “force user” thing. What exactly would that achieve, versus the other ways of fixing it? Right now, as far as I know, I shouldn’t need any username/password to access my samba share. Actually, I’m not even quite sure how to set up the username/password authentication anyway, although it seems to want it anyway.

-Dan

On Wed December 10 2008 03:16 pm, dbsoundman wrote:

>
> Here is the smb.conf output:
>
> Code:
> --------------------
> dan@linux-8amt:~> sudo cat /etc/samba/smb.conf
> # smb.conf is the main Samba configuration file. You find a full commented
> # version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
> # samba-doc package is installed.
> # Date: 2008-11-21
> [global]
> workgroup = BLACKDIAMOND
> printing = cups
> printcap name = cups
> printcap cache time = 750
> cups options = raw
> map to guest = Bad User
> include = /etc/samba/dhcp.conf
> logon path = \%L\profiles.msprofile
> logon home = \%L%U.9xprofile
> logon drive = P:
> usershare allow guests = Yes
> add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s
> /bin/false %m$ domain logons = Yes
> domain master = Yes
> local master = Yes
> os level = 65
> passdb backend = smbpasswd
> preferred master = Yes
> security = user
> wins support = Yes
> usershare max shares = 100
>
> [homes]
> comment = Home Directories
> valid users = %S, %D%w%S
> browseable = No
> read only = No
> inherit acls = Yes
>
> [profiles]
> comment = Network Profiles Service
> path = %H/
> read only = yes
> store dos attributes = Yes
> create mask = 0600
> directory mask = 0700
>
> [users]
> comment = All users
> path = /home/
> read only = No
> inherit acls = Yes
> veto files = /aquota.user/groups/shares/
> guest ok = Yes
>
> [groups]
> comment = All groups
> path = /home/groups/
> read only = yes
> inherit acls = Yes
>
> [printers]
> comment = All Printers
> path = /var/tmp
> printable = Yes
> create mask = 0600
> browseable = No
>
> [print$]
> comment = Printer Drivers
> path = /var/lib/samba/drivers
> write list = @ntadmin root
> force group = ntadmin
> create mask = 0664
> directory mask = 0775
>
> [netlogon]
> comment = Network Logon Service
> path = /var/lib/samba/netlogon
> write list = root
>
> [brandesky20]
> path = /media/BRANDESKY20/
> guest ok = yes
> read only = No
>
> [dan]
> path = /home/dan/
> guest ok = yes
> admin users = dan
> write ok = yes
PV: Make the above, “read only = no”

> --------------------
>
>
> I’m a little unclear on the “force user” thing. What exactly would that
> achieve, versus the other ways of fixing it? Right now, as far as I
> know, I shouldn’t need any username/password to access my samba share.
> Actually, I’m not even quite sure how to set up the username/password
> authentication anyway, although it seems to want it anyway.
>
> -Dan
>
>
Dan;
The default security for samba is “user”. All samba users need a user name
and password in, at least in your case, the smbpasswd file. Add these users
with

smbpasswd -a <username>

where is a valid nix user, this will prompt you for a password.
For example if dan is a valid user on your system, then enter: “smbpasswd -a
dan”. This is done in a terminal window as root. Thus you might have
something like:


su
smbpasswd -a dan

The directory /home/dan is owned by dan and most likely has permissions 0755.
When a file is created via samba in this directory it will have permissions
0700(or 0600) and a directory 0755. So no one but “dan” will have write
permissions. I’m guessing that you are now winding up as guest when you are
accessing this share (i.e. BAD USER). This is actually the nix
account “nobody” and as such you fall in the other category and have no write
access.

If you add to the share [dan],


force user = dan

then anyone who accesses that share will have the same rwx access as “dan” (
it is almost like “su dan”. Any files/directories they create will be owned
by “dan”

Alternatively, you could add:


force create mode = 0777
force directory mode = 0777

This will mean that all the files/directories created via samba will have
rwxrwxrwx permission. In particular, nobody will have write access. The owner
of these files will be the user who created them. Of course for files that
already exist, you will need to go in and change their permissions to
allow “other” access.

You might consider not sharing all of “/home/dan” but rather just a directory
e.g. /home/dan/myshares


P. V.
Is this on the test?

I added “force user=dan” to all my shared directories, but I’m still getting guest access. What exactly do I need to type into a terminal to mount my samba share as user dan such that I will have to enter my password and such, to get full read/write access? I have a feeling I’m missing an option or something…

EDIT: I just confirmed my suspicions of bad coding on my part now. I tried using the GUI “connect to server” in Ubuntu connect to my samba share, and it prompted me for my password as soon as I tried to connect. Entered the password, and I have full read/write access. Now I just need to know how to manually mount these to local directories. Then I can figure out how to add it to fstab, etc…

-Dan

Look at this, it may be a good start point, for more info, just do man smbmount.
smbmount - Wikipedia, the free encyclopedia

On Wed December 10 2008 04:36 pm, dbsoundman wrote:

>
> I added “force user=dan” to all my shared directories, but I’m still
> getting guest access. What exactly do I need to type into a terminal to
> mount my samba share as user dan such that I will have to enter my
> password and such, to get full read/write access? I have a feeling I’m
> missing an option or something…
>
> -Dan
>
>
Did you add “dan” to the SambaUsers with smbpasswd -a ?

You have Samba set up as a PDC (Primary Domain Controler). Do you really want
this? You might want to look at this HowTo by Swerdna. It’s quite good.
http://www.swerdna.net.au/linux.html
It deals with simple WorkGroup type sharing, which I suspect may be all you
need.

If you really need a PDC look at this HowTo:
http://www.pcc-services.com/sles/samba.html
It is written for SLES but applies to OpenSuSE.

P. V.
Is this on the test?

On Wed December 10 2008 05:19 pm, PV wrote:

> On Wed December 10 2008 04:36 pm, dbsoundman wrote:
>
>>
>> I added “force user=dan” to all my shared directories, but I’m still
>> getting guest access. What exactly do I need to type into a terminal to
>> mount my samba share as user dan such that I will have to enter my
>> password and such, to get full read/write access? I have a feeling I’m
>> missing an option or something…
>>
>> -Dan
>>
>>
> Did you add “dan” to the SambaUsers with smbpasswd -a ?
>
> You have Samba set up as a PDC (Primary Domain Controler). Do you really
> want
> this? You might want to look at this HowTo by Swerdna. It’s quite good.
> http://www.swerdna.net.au/linux.html
> It deals with simple WorkGroup type sharing, which I suspect may be all you
> need.
>
> If you really need a PDC look at this HowTo:
> http://www.pcc-services.com/sles/samba.html
> It is written for SLES but applies to OpenSuSE.
Dan;

Your edit never made it to the news reader, so I missed that part. I believe
you will need “mount.cifs” (It is my understanding that smbfs is no longer
supported by the kernel which is used by smbmount, never tested that though.)
Can you post the command you are using to mount the share?

P. V.
Is this on the test?

What I have been doing so far is

sudo mount -t smbfs -o username=dan,password=xxxxxx,rw //192.168.2.2/dan /remote/blackdiamond/files

With this, I get read-only access. When I use the Ubuntu GUI to call up the server, I get prompted for a password, and then I have full read-write access.

-Dan

I just tried the same command with

cifs

, and it seems that it works now. I’m puzzled, but satisfied.

I added my network shares to my /etc/fstab, but I’m wondering if someone could point me to a resource for safely storing the share passwords? Right now they’re just directly written into the /etc/fstab, but it would probably be safer to deal with them a better way. Any tips?

Thanks!

-Dan

On Wed December 10 2008 08:36 pm, dbsoundman wrote:

>
> What I have been doing so far is
>
> Code:
> --------------------
> sudo mount -t smbfs -o username=dan,password=xxxxxx,rw //192.168.2.2/dan
> /remote/blackdiamond/files
> --------------------
>
>
> With this, I get read-only access. When I use the Ubuntu GUI to call up
> the server, I get prompted for a password, and then I have full
> read-write access.
>
> -Dan
>
>

Look at the discussion on Swerdna’s site:

http://www.swerdna.net.au/linhowtosambacifs.html

for more details. Since smbfs is obsolete use something like:


su
mount -t cifs -o username=dan,
password=bigsecret  //192.168.2.2/dan  /remote/blackdiamond/files

In the above “bigsecret” should be the password you assigned to dan
with “smbpasswd -a dan” on the server. Make sure that your Ubuntu user is
the owner of /remote/blackdiamond/files and has write permission. See “man
chown” and “man chmode” if you do not know how to do this.

As an aside, if Samba is correctly configured on both machines you can replace
the IP by the server netbios name, not important but worth knowing
also “mount.cifs” is short for “mount -t cifs”


P. V.
Is this on the test?

On Wed December 10 2008 08:56 pm, dbsoundman wrote:

>
> I just tried the same command with
> Code:
> --------------------
> cifs
> --------------------
> , and it seems that it works now. I’m puzzled, but satisfied.
>
> I added my network shares to my /etc/fstab, but I’m wondering if
> someone could point me to a resource for safely storing the share
> passwords? Right now they’re just directly written into the /etc/fstab,
> but it would probably be safer to deal with them a better way. Any
> tips?
>
> Thanks!
>
> -Dan
>
>
Dan;

See the link I gave you in my previous post for the details on using a
credential file. And big OOPS it is chmod not chmode; must be a senior
moment.

P. V.
Is this on the test?