Jump to content

Linux samba permissions beyond my understanding

Hello,

i try to configure samba shares in debian.

i have:

  • /home/homeuser with homeuser:homegroup 710
  • /home/homeuser with homeuser:homegroup 755
  • /home/homeuser/2nd_drive_mount/sambafolder1 sambauser1:sambagroup 2775
  • /home/homeuser/2nd_drive_mount/sambafolder2 sambauser2:sambagroup 2775

so i connect with

//192.168.1.2/homeuser

//192.168.1.2/sambauser1

//192.168.1.2/sambauser2

But that thing just wo'nt work as intended, as commented below in config file

and smb config:
 

[global]
min protocol = SMB2
client min protocol = SMB2
max protocol = SMB3
client max protocol = SMB3
follow symlinks = yes
unix extensions = yes  


[sambashare] <=== This one acess well everything from /home/homeuser, not rly as intended, but ok
    comment = Sambashare
    path = /home/homeuser/2nd_drive_mount
    read only = no
    browsable = yes
   writable = yes
   guest ok = no
   valid users = @admin @lpadmin homeuser
   force create mode = 770
   force directory mode = 770
   inherit permissions = yes

[sambauser1] <====== This one see nothing and get "NT_STATUS_ACCESS_DENIED listing \*"if i try ls after connecting with smbclient
    path = /home/homeuser/2nd_drive_mount/sambafolder1
    valid users = sambauser1,homeuser,@sambashare,@admin,@lpadmin
    force create mode = 0775
    available = yes
    writeable = yes
    comment = sambauser1
    force directory mode = 2775
    browsable = yes



[sambauser2] <====== This one also see nothing and get "NT_STATUS_ACCESS_DENIED listing \*"if i try ls after connecting with smbclient
 path = /home/homeuser/2nd_drive_mount/sambafolder2
    valid users = sambauser2,homeuser,@sambashare,@admin,@lpadmin
    force create mode = 0775
    available = yes
    writeable = yes
    comment = sambauser2
    force directory mode = 2775
    browsable = yes     

 

P.S.: Personally, i find Linux permissions is not intuitive mess...

PC Specs - AMD Ryzen 7 3700X - Asrock AB350 ITX - 64GB DDR4-3600MHz - Geforce GTX 1080 - Samsung 960Pro - Monsterlabo's "The First" - Corsair SF450

Link to post
Share on other sites

See the permissions of the folder.

Check user IDs and if you want give acces to multiple folders then use group but don't forget to change write permission for user - group and other.

 

Checklist.

- Is userid is correct?

- is groupid is correct?

- checked the write/read/execute permissions?

 

Normally standard user has id of 1000 and group id 1000 as well as first user.

 

About those write permissions I've needed chatgpt everytime to remind myself which number is for what like write read and execute for what user or group or other.

 

But I'd usually avoid those methods and use docker or container application to share with samba.

Also I'd use nixos for easier configuration.

Or opensource project like yunohost I'm currently experimenting.

I'm jank tinkerer if it works then it works.

Regardless of compatibility 🐧🖖

Link to post
Share on other sites

the permissions system on linux is very 'simple' - as in, there is no complex relationships.. but that doesnt make it easy.

 

essentially, on the linux filesystem everything is either a file or a folder, and each is assigned to exactly one user and one group.

the permissions are assigned based on the user, the group, and "everyone else", described as a 3-digit number: the first is for the user, the second is for the group, and the third is for everyone else.

the number is made from the permissions granted to that user or group:

- the permission to execute a file is +1

- the permission to write a file is +2

- the permission to read a file is +4

for folders read means you can read the contents of the folder, write means you can modify the contents (add files, remove files), and "execute" means you can read more data about the directory (see the rights and metadata of the files within) and can browse trough it to underlying files.

 

essentially the rights for samba are based directly on the file and folder rights, with two exceptions, presumably one of those is your problem here:

- with samba you can override the user and group that the filesystem is accessed "as", without the end user having to log into the share with that username.

- samba doesnt necessarily have to overlap with system users, and there's some oddities there depending on how exactly the system is set up.. but generally once you can log in, things should work (assuming your system doesnt see a wrong login as logging in as anonymous.. which is a thing.)

Link to post
Share on other sites

As I understand, rights, owner, user on samba folder is correct, but placing that folder in home directory screw up everything.
I tested to place the same samba directory under root: /2nd_drive_mount/sambafolder1 with exactly the same permissions, u:g and it work fine there 😕

PC Specs - AMD Ryzen 7 3700X - Asrock AB350 ITX - 64GB DDR4-3600MHz - Geforce GTX 1080 - Samsung 960Pro - Monsterlabo's "The First" - Corsair SF450

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×