samba - Mar 2022 - Unable to write to a share that I should have access to

On Fri, Mar 04, 2022 at 06:21:56PM -0500, Rob Campbell via samba
wrote:
>Ok.  What about this one, it's ext4 along with all the others.
>
>testparm -s:
>[Photos]
>comment = Photo Storage
>create mask = 0777
>directory mask = 0777
>force create mode = 0777
>force directory mode = 0777
>inherit acls = Yes
>path = /multimedia/Photos
>read only = No
>valid users = @HOME\Photos_Users @HOME\Multimedia_Users
>
>/etc/samba/smb.conf:
>[Photos]
>comment = Photo Storage
>path = /multimedia/Photos
>writeable = yes
>guest ok = no
>browseable = yes
>create mask = 0777
>force create mode = 777
>force directory mode = 777
>inherit acls = Yes
>read only = no
>directory mask = 0777
>valid users = @HOME\Photos_Users, at HOME\Multimedia_Users
>
>The user is a member of both Photo_Users and Multimedia_Users.  Just for
>now, I just want to be able to write.  In the future, I'd want
Photo_Users
>to be able to write but Multimedia_Users only be able to read.
>
I have a similar situation (version 4.13). Suggestion below.
I have local and domain users in sync and use local groups
for this, so maybe this won't work for you. In particular
I've never messed with 'inherit acls', have not needed it.

[Photos]
comment = Photo Storage
path = /multimedia/Photos
read only = No
guest ok = no
valid users = @HOME\Photos_Users @HOME\Multimedia_Users
read list = @HOME\Multimedia_Users
write list = @HOME\Photos_Users
create mask = 0664
directory mask = 0775
force create mode = 2775
force directory mode = 2775
force group @HOME\Photos_Users
inherit acls = Yes

My crib notes on this (corrections appreciated!)

#   'read only'   'yes|no'. default: 'yes'
#   'write list'  <user or group>. OVERRIDES 'read only'
setting.
#   'read list'   <user or group>. OVERRIDES 'write list'
setting for named users.
#                                  OVERRIDES 'read only = no' for named
users.
#   'create mask'          <octal> Bitmask ANDed with process
umask for the file.
#   'directory mask'       <octal> Bitmask ANDed with process
umask for the dir.
#   'force create mode'    <octal> Bitmask ORed with process
umask,
#                                  after the create mask has been applied.
#   'force directory mode' <octal> Bitmask ORed with process
umask, after the
#                                  after the directory mask has been applied.
# These are synonyms, avoid them -
#   'write ok'       inverted synonym for 'read only'
#   'writeable'      inverted synonym for 'read only'
#   'create mode'    synonym for 'create mask'
#   'directory mode' synonym for 'directory mask'
# Deprecated, avoid -
#   'user'        synonym for 'username'
#   'users'       synonym for 'username'
#   'username'

Correct.  Creating local users on each device is not an option.

But even my internal drives aren't writable as a share.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In all things, Be Intentional.


On Fri, Mar 4, 2022 at 7:56 PM McIntyre, Vincent (S&A, Marsfield) <
Vincent.Mcintyre at csiro.au> wrote:
> On Fri, Mar 04, 2022 at 06:21:56PM -0500, Rob Campbell via samba wrote:
> >Ok.  What about this one, it's ext4 along with all the others.
> >
> >testparm -s:
> >[Photos]
> >comment = Photo Storage
> >create mask = 0777
> >directory mask = 0777
> >force create mode = 0777
> >force directory mode = 0777
> >inherit acls = Yes
> >path = /multimedia/Photos
> >read only = No
> >valid users = @HOME\Photos_Users @HOME\Multimedia_Users
> >
> >/etc/samba/smb.conf:
> >[Photos]
> >comment = Photo Storage
> >path = /multimedia/Photos
> >writeable = yes
> >guest ok = no
> >browseable = yes
> >create mask = 0777
> >force create mode = 777
> >force directory mode = 777
> >inherit acls = Yes
> >read only = no
> >directory mask = 0777
> >valid users = @HOME\Photos_Users, at HOME\Multimedia_Users
> >
> >The user is a member of both Photo_Users and Multimedia_Users.  Just
for
> >now, I just want to be able to write.  In the future, I'd want
Photo_Users
> >to be able to write but Multimedia_Users only be able to read.
> >
>
> I have a similar situation (version 4.13). Suggestion below.
> I have local and domain users in sync and use local groups
> for this, so maybe this won't work for you. In particular
> I've never messed with 'inherit acls', have not needed it.
>
> [Photos]
> comment = Photo Storage
> path = /multimedia/Photos
> read only = No
> guest ok = no
> valid users = @HOME\Photos_Users @HOME\Multimedia_Users
> read list = @HOME\Multimedia_Users
> write list = @HOME\Photos_Users
> create mask = 0664
> directory mask = 0775
> force create mode = 2775
> force directory mode = 2775
> force group @HOME\Photos_Users
> inherit acls = Yes
>
> My crib notes on this (corrections appreciated!)
>
> #   'read only'   'yes|no'. default: 'yes'
> #   'write list'  <user or group>. OVERRIDES 'read
only' setting.
> #   'read list'   <user or group>. OVERRIDES 'write
list' setting for
> named users.
> #                                  OVERRIDES 'read only = no' for
named
> users.
> #   'create mask'          <octal> Bitmask ANDed with process
umask for
> the file.
> #   'directory mask'       <octal> Bitmask ANDed with process
umask for
> the dir.
> #   'force create mode'    <octal> Bitmask ORed with process
umask,
> #                                  after the create mask has been applied.
> #   'force directory mode' <octal> Bitmask ORed with process
umask, after
> the
> #                                  after the directory mask has been
> applied.
> # These are synonyms, avoid them -
> #   'write ok'       inverted synonym for 'read only'
> #   'writeable'      inverted synonym for 'read only'
> #   'create mode'    synonym for 'create mask'
> #   'directory mode' synonym for 'directory mask'
> # Deprecated, avoid -
> #   'user'        synonym for 'username'
> #   'users'       synonym for 'username'
> #   'username'
>