samba - Mar 2022 - Unable to write to a share that I should have access to

Ok.  What about this one, it's ext4 along with all the others.

testparm -s:
[Photos]
comment = Photo Storage
create mask = 0777
directory mask = 0777
force create mode = 0777
force directory mode = 0777
inherit acls = Yes
path = /multimedia/Photos
read only = No
valid users = @HOME\Photos_Users @HOME\Multimedia_Users

/etc/samba/smb.conf:
[Photos]
comment = Photo Storage
path = /multimedia/Photos
writeable = yes
guest ok = no
browseable = yes
create mask = 0777
force create mode = 777
force directory mode = 777
inherit acls = Yes
read only = no
directory mask = 0777
valid users = @HOME\Photos_Users, at HOME\Multimedia_Users

The user is a member of both Photo_Users and Multimedia_Users.  Just for
now, I just want to be able to write.  In the future, I'd want Photo_Users
to be able to write but Multimedia_Users only be able to read.

Previously I was mounting through /etc/fstab but that gave everyone on that
workstation access and I didn't want that but it allowed me to write
//fs01/seagate /multimedia/Seagate             cifs
 credentials=/root/.smbinfo,uid=1000,gid=1001    0 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In all things, Be Intentional.


On Fri, Mar 4, 2022 at 6:04 PM Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Fri, 2022-03-04 at 17:55 -0500, Rob Campbell wrote:
> > I added 'read only = no'
> > The drive is extfat (usb drive).
> > How do I set samba group permissions on a directory?  'chown
> > smbuser at HOME. . -R' chown: invalid user
>
> You cannot, exfat does not support user or group ACLs
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

On Fri, Mar 04, 2022 at 06:21:56PM -0500, Rob Campbell via samba
wrote:
>Ok.  What about this one, it's ext4 along with all the others.
>
>testparm -s:
>[Photos]
>comment = Photo Storage
>create mask = 0777
>directory mask = 0777
>force create mode = 0777
>force directory mode = 0777
>inherit acls = Yes
>path = /multimedia/Photos
>read only = No
>valid users = @HOME\Photos_Users @HOME\Multimedia_Users
>
>/etc/samba/smb.conf:
>[Photos]
>comment = Photo Storage
>path = /multimedia/Photos
>writeable = yes
>guest ok = no
>browseable = yes
>create mask = 0777
>force create mode = 777
>force directory mode = 777
>inherit acls = Yes
>read only = no
>directory mask = 0777
>valid users = @HOME\Photos_Users, at HOME\Multimedia_Users
>
>The user is a member of both Photo_Users and Multimedia_Users.  Just for
>now, I just want to be able to write.  In the future, I'd want
Photo_Users
>to be able to write but Multimedia_Users only be able to read.
>
I have a similar situation (version 4.13). Suggestion below.
I have local and domain users in sync and use local groups
for this, so maybe this won't work for you. In particular
I've never messed with 'inherit acls', have not needed it.

[Photos]
comment = Photo Storage
path = /multimedia/Photos
read only = No
guest ok = no
valid users = @HOME\Photos_Users @HOME\Multimedia_Users
read list = @HOME\Multimedia_Users
write list = @HOME\Photos_Users
create mask = 0664
directory mask = 0775
force create mode = 2775
force directory mode = 2775
force group @HOME\Photos_Users
inherit acls = Yes

My crib notes on this (corrections appreciated!)

#   'read only'   'yes|no'. default: 'yes'
#   'write list'  <user or group>. OVERRIDES 'read only'
setting.
#   'read list'   <user or group>. OVERRIDES 'write list'
setting for named users.
#                                  OVERRIDES 'read only = no' for named
users.
#   'create mask'          <octal> Bitmask ANDed with process
umask for the file.
#   'directory mask'       <octal> Bitmask ANDed with process
umask for the dir.
#   'force create mode'    <octal> Bitmask ORed with process
umask,
#                                  after the create mask has been applied.
#   'force directory mode' <octal> Bitmask ORed with process
umask, after the
#                                  after the directory mask has been applied.
# These are synonyms, avoid them -
#   'write ok'       inverted synonym for 'read only'
#   'writeable'      inverted synonym for 'read only'
#   'create mode'    synonym for 'create mask'
#   'directory mode' synonym for 'directory mask'
# Deprecated, avoid -
#   'user'        synonym for 'username'
#   'users'       synonym for 'username'
#   'username'