Samba shares only work with “force user”
I seem to have trouble understanding the configurations of samba on Ubuntu. Let’s say I have 4 folders in /srv, these are media, share, bob-personal, and joe-personal. I also have 3 users: bob, joe, and nas. Users bob and joe are standard users (one of them is disabled in Ubuntu, since I didn’t assign it a password, for both users, their file in AccountsService has an entry “SystemAccount=true”, so they don’t show up on the login screen). nas is the administrator of the system. I used this user for setting up the NAS (for everything that doesn’t have to be done as root) and I’m currently logged in as this user. There are also the following user groups: all-share (includes bob, joe, nas), media-share (includes bob, nas), joe (includes joe, nas) and bob (includes bob, nas).
Initially, I set chown nas:media-share media and chown nas:all-share share. I also set chown joe:joe joe-personal and chown bob:bob bob-personal and set chmod 660 <foldername> for all these folders. The shares were then configured like this:
[media]
path = /srv/media
comment = Media Share
writeable = yes
valid users = @media-share
[share]
path = /srv/share
comment = Common Share
writeable = yes
valid users = @all-share
[joe-personal]
path = /srv/joe-personal
comment = Personal Folder Joe
writeable = yes
valid users = @joe
[bob-personal]
path = /srv/bob-personal
comment = Personal Folder Bob
writeable = yes
valid users = @bob
Of course, I also added all these users to the Samba users DB. However, I wasn’t able to access any of these folders from any machine using any possible user account (Windows always says “You don’t have the permission to access …”).
I then added a line force user = nas to each share declaration, changed the ownership of each folder to nas:nas and changed the user permissions to 700. Now everything works like a charm!
The only problem is that obviously, all new files created in any of these folders are owned by nas, as opposed to the logged-in remote user that actually created them. This isn’t a massive problem for me, but it would still be really convenient to see who created what (for statistics, blaming, etc.). Does anyone have an idea why it wasn’t possible to access anything with the old configuration?
Here is a dump of my global configurations:
[global]
server string = %h Samba NAS
server role = standalone server
security = USER
map to guest = Bad User
obey pam restrictions = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Entersnews*spassword:* %nn *Retypesnews*spassword:* %nn *passwordsupdatedssuccessfully* .
username map = /etc/samba/smbusers
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
dns proxy = No
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d
idmap config * : backend = tdb
invalid users = root
System info: Ubuntu 16.04.02, up-to-date, Samba installed yesterday
permissions samba
asked May 8 '17 at 14:17
sildave94sildave94
111
add a comment |
I seem to have trouble understanding the configurations of samba on Ubuntu. Let’s say I have 4 folders in /srv, these are media, share, bob-personal, and joe-personal. I also have 3 users: bob, joe, and nas. Users bob and joe are standard users (one of them is disabled in Ubuntu, since I didn’t assign it a password, for both users, their file in AccountsService has an entry “SystemAccount=true”, so they don’t show up on the login screen). nas is the administrator of the system. I used this user for setting up the NAS (for everything that doesn’t have to be done as root) and I’m currently logged in as this user. There are also the following user groups: all-share (includes bob, joe, nas), media-share (includes bob, nas), joe (includes joe, nas) and bob (includes bob, nas).
Initially, I set chown nas:media-share media and chown nas:all-share share. I also set chown joe:joe joe-personal and chown bob:bob bob-personal and set chmod 660 <foldername> for all these folders. The shares were then configured like this:
[media]
path = /srv/media
comment = Media Share
writeable = yes
valid users = @media-share
[share]
path = /srv/share
comment = Common Share
writeable = yes
valid users = @all-share
[joe-personal]
path = /srv/joe-personal
comment = Personal Folder Joe
writeable = yes
valid users = @joe
[bob-personal]
path = /srv/bob-personal
comment = Personal Folder Bob
writeable = yes
valid users = @bob
Of course, I also added all these users to the Samba users DB. However, I wasn’t able to access any of these folders from any machine using any possible user account (Windows always says “You don’t have the permission to access …”).
I then added a line force user = nas to each share declaration, changed the ownership of each folder to nas:nas and changed the user permissions to 700. Now everything works like a charm!
The only problem is that obviously, all new files created in any of these folders are owned by nas, as opposed to the logged-in remote user that actually created them. This isn’t a massive problem for me, but it would still be really convenient to see who created what (for statistics, blaming, etc.). Does anyone have an idea why it wasn’t possible to access anything with the old configuration?
Here is a dump of my global configurations:
[global]
server string = %h Samba NAS
server role = standalone server
security = USER
map to guest = Bad User
obey pam restrictions = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Entersnews*spassword:* %nn *Retypesnews*spassword:* %nn *passwordsupdatedssuccessfully* .
username map = /etc/samba/smbusers
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
dns proxy = No
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d
idmap config * : backend = tdb
invalid users = root
System info: Ubuntu 16.04.02, up-to-date, Samba installed yesterday
permissions samba
asked May 8 '17 at 14:17
sildave94sildave94
111
add a comment |
I seem to have trouble understanding the configurations of samba on Ubuntu. Let’s say I have 4 folders in /srv, these are media, share, bob-personal, and joe-personal. I also have 3 users: bob, joe, and nas. Users bob and joe are standard users (one of them is disabled in Ubuntu, since I didn’t assign it a password, for both users, their file in AccountsService has an entry “SystemAccount=true”, so they don’t show up on the login screen). nas is the administrator of the system. I used this user for setting up the NAS (for everything that doesn’t have to be done as root) and I’m currently logged in as this user. There are also the following user groups: all-share (includes bob, joe, nas), media-share (includes bob, nas), joe (includes joe, nas) and bob (includes bob, nas).
Initially, I set chown nas:media-share media and chown nas:all-share share. I also set chown joe:joe joe-personal and chown bob:bob bob-personal and set chmod 660 <foldername> for all these folders. The shares were then configured like this:
[media]
path = /srv/media
comment = Media Share
writeable = yes
valid users = @media-share
[share]
path = /srv/share
comment = Common Share
writeable = yes
valid users = @all-share
[joe-personal]
path = /srv/joe-personal
comment = Personal Folder Joe
writeable = yes
valid users = @joe
[bob-personal]
path = /srv/bob-personal
comment = Personal Folder Bob
writeable = yes
valid users = @bob
Of course, I also added all these users to the Samba users DB. However, I wasn’t able to access any of these folders from any machine using any possible user account (Windows always says “You don’t have the permission to access …”).
I then added a line force user = nas to each share declaration, changed the ownership of each folder to nas:nas and changed the user permissions to 700. Now everything works like a charm!
The only problem is that obviously, all new files created in any of these folders are owned by nas, as opposed to the logged-in remote user that actually created them. This isn’t a massive problem for me, but it would still be really convenient to see who created what (for statistics, blaming, etc.). Does anyone have an idea why it wasn’t possible to access anything with the old configuration?
Here is a dump of my global configurations:
[global]
server string = %h Samba NAS
server role = standalone server
security = USER
map to guest = Bad User
obey pam restrictions = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Entersnews*spassword:* %nn *Retypesnews*spassword:* %nn *passwordsupdatedssuccessfully* .
username map = /etc/samba/smbusers
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
dns proxy = No
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d
idmap config * : backend = tdb
invalid users = root
System info: Ubuntu 16.04.02, up-to-date, Samba installed yesterday
permissions samba
asked May 8 '17 at 14:17
sildave94sildave94
111
I seem to have trouble understanding the configurations of samba on Ubuntu. Let’s say I have 4 folders in /srv, these are media, share, bob-personal, and joe-personal. I also have 3 users: bob, joe, and nas. Users bob and joe are standard users (one of them is disabled in Ubuntu, since I didn’t assign it a password, for both users, their file in AccountsService has an entry “SystemAccount=true”, so they don’t show up on the login screen). nas is the administrator of the system. I used this user for setting up the NAS (for everything that doesn’t have to be done as root) and I’m currently logged in as this user. There are also the following user groups: all-share (includes bob, joe, nas), media-share (includes bob, nas), joe (includes joe, nas) and bob (includes bob, nas).
Initially, I set chown nas:media-share media and chown nas:all-share share. I also set chown joe:joe joe-personal and chown bob:bob bob-personal and set chmod 660 <foldername> for all these folders. The shares were then configured like this:
[media]
path = /srv/media
comment = Media Share
writeable = yes
valid users = @media-share
[share]
path = /srv/share
comment = Common Share
writeable = yes
valid users = @all-share
[joe-personal]
path = /srv/joe-personal
comment = Personal Folder Joe
writeable = yes
valid users = @joe
[bob-personal]
path = /srv/bob-personal
comment = Personal Folder Bob
writeable = yes
valid users = @bob
Of course, I also added all these users to the Samba users DB. However, I wasn’t able to access any of these folders from any machine using any possible user account (Windows always says “You don’t have the permission to access …”).
I then added a line force user = nas to each share declaration, changed the ownership of each folder to nas:nas and changed the user permissions to 700. Now everything works like a charm!
The only problem is that obviously, all new files created in any of these folders are owned by nas, as opposed to the logged-in remote user that actually created them. This isn’t a massive problem for me, but it would still be really convenient to see who created what (for statistics, blaming, etc.). Does anyone have an idea why it wasn’t possible to access anything with the old configuration?
Here is a dump of my global configurations:
[global]
server string = %h Samba NAS
server role = standalone server
security = USER
map to guest = Bad User
obey pam restrictions = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Entersnews*spassword:* %nn *Retypesnews*spassword:* %nn *passwordsupdatedssuccessfully* .
username map = /etc/samba/smbusers
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
dns proxy = No
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d
idmap config * : backend = tdb
invalid users = root
System info: Ubuntu 16.04.02, up-to-date, Samba installed yesterday
permissions samba
permissions samba
asked May 8 '17 at 14:17
sildave94sildave94
111
asked May 8 '17 at 14:17
sildave94sildave94
111
asked May 8 '17 at 14:17
sildave94sildave94
111
asked May 8 '17 at 14:17
sildave94sildave94
111
asked May 8 '17 at 14:17
sildave94sildave94
111
111
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
I wonder why you used the specification in the form: valid users = @media-share. This is to specify group access: all users in the group media-shareare valid users. In your case, I would have used:
valid users = joe or valid users = joe bob if access is to be granted to both. write list can also be used. See the manual for more details.
answered May 9 '17 at 12:10
Marc VanhoomissenMarc Vanhoomissen
89411119
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f913069%2fsamba-shares-only-work-with-force-user%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
I wonder why you used the specification in the form: valid users = @media-share. This is to specify group access: all users in the group media-shareare valid users. In your case, I would have used:
valid users = joe or valid users = joe bob if access is to be granted to both. write list can also be used. See the manual for more details.
answered May 9 '17 at 12:10
Marc VanhoomissenMarc Vanhoomissen
89411119
add a comment |
I wonder why you used the specification in the form: valid users = @media-share. This is to specify group access: all users in the group media-shareare valid users. In your case, I would have used:
valid users = joe or valid users = joe bob if access is to be granted to both. write list can also be used. See the manual for more details.
answered May 9 '17 at 12:10
Marc VanhoomissenMarc Vanhoomissen
89411119
add a comment |
I wonder why you used the specification in the form: valid users = @media-share. This is to specify group access: all users in the group media-shareare valid users. In your case, I would have used:
valid users = joe or valid users = joe bob if access is to be granted to both. write list can also be used. See the manual for more details.
answered May 9 '17 at 12:10
Marc VanhoomissenMarc Vanhoomissen
89411119
I wonder why you used the specification in the form: valid users = @media-share. This is to specify group access: all users in the group media-shareare valid users. In your case, I would have used:
valid users = joe or valid users = joe bob if access is to be granted to both. write list can also be used. See the manual for more details.
answered May 9 '17 at 12:10
Marc VanhoomissenMarc Vanhoomissen
89411119
answered May 9 '17 at 12:10
Marc VanhoomissenMarc Vanhoomissen
89411119
answered May 9 '17 at 12:10
Marc VanhoomissenMarc Vanhoomissen
89411119
answered May 9 '17 at 12:10
Marc VanhoomissenMarc Vanhoomissen
89411119
89411119
add a comment |
add a comment |
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f913069%2fsamba-shares-only-work-with-force-user%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
