Jonathan Szalavecz
2024-Oct-15 19:58 UTC
[Samba] Optimal File Permissions for Shared Access Between Windows and Linux
I am experiencing challenges configuring optimal file permissions for a
Samba share on my Raspberry Pi. My goal is to enable shared access for
my wife, who uses an iPhone 13, to the directory
|/mnt/shared/partage_de_fichiers| while preventing access to the main
directory |/mnt/shared|.
Here is my Samba configuration:
```[NAS]
?? comment = RaspberryPi
?? public = no
?? writable = yes
?? browsable = yes
?? path = /mnt/shared
?? create mask = 0600
?? directory mask = 0700
?? read only = no
?? guest ok = no
[DatabaseShare]
?? comment = Database File Share
?? path = /mnt/shared/partage_de_fichiers
?? public = no
?? writable = yes
?? browsable = yes
?? read only = no
?? guest ok = no
?? create mask = 0660
?? directory mask = 0770
?? force group = sharedaccess
?? force create mode = 0660
?? min protocol = SMB2
?? ea support = yes
?? vfs objects = catia fruit streams_xattr
?? fruit:delete_empty_adfiles = yes
?? fruit:metadata = stream
?? fruit:model = MacSamba
?? fruit:nfs_aces = no
?? fruit:posix_rename = yes
?? fruit:veto_appledouble = no
?? fruit:wipe_intentionally_left_blank_rfork = yes
```
Despite these settings, files copied from Windows are created with
permissions |rw-------|, which restricts access to only the file owner.
I have a |umask| set to |0002| in my shell, but I am struggling to find
the right settings to achieve optimal compatibility between Windows,
Linux, and Samba.
For comparison, here are the permission settings for two directories:
*
|/mnt/shared/Office 2013|:|drwx------ 2 john_johnk john_johnk 4096 Apr 8
2022|
*
|/mnt/shared/partage_de_fichiers|:|drwxrws--- 4 john_johnk sharedaccess 4096
Oct 15 18:56|
I have confirmed that my wife's user account is part of the
|sharedaccess| group and have restarted the Samba service multiple times.
Any guidance or suggestions for resolving this issue would be greatly
appreciated.
Thank you for your assistance!
Best regards,
Jonathan
Rowland Penny
2024-Oct-16 10:51 UTC
[Samba] Optimal File Permissions for Shared Access Between Windows and Linux
On Tue, 15 Oct 2024 21:58:40 +0200 Jonathan Szalavecz via samba <samba at lists.samba.org> wrote:> I am experiencing challenges configuring optimal file permissions for > a Samba share on my Raspberry Pi. My goal is to enable shared access > for my wife, who uses an iPhone 13, to the directory > |/mnt/shared/partage_de_fichiers| while preventing access to the main > directory |/mnt/shared|. > > Here is my Samba configuration:No it isn't, there is a whole upper 'global' section missing that will tell us how you are running Samba> > > ```[NAS] > ?? comment = RaspberryPi > ?? public = no > ?? writable = yes > ?? browsable = yes > ?? path = /mnt/shared > ?? create mask = 0600 > ?? directory mask = 0700 > ?? read only = no > ?? guest ok = no > > [DatabaseShare] > ?? comment = Database File Share > ?? path = /mnt/shared/partage_de_fichiers > ?? public = no > ?? writable = yes > ?? browsable = yes > ?? read only = no > ?? guest ok = no > ?? create mask = 0660 > ?? directory mask = 0770 > ?? force group = sharedaccess > ?? force create mode = 0660 > ?? min protocol = SMB2 > ?? ea support = yes > ?? vfs objects = catia fruit streams_xattr > ?? fruit:delete_empty_adfiles = yes > ?? fruit:metadata = stream > ?? fruit:model = MacSamba > ?? fruit:nfs_aces = no > ?? fruit:posix_rename = yes > ?? fruit:veto_appledouble = no > ?? fruit:wipe_intentionally_left_blank_rfork = yes > > ```Quite a lot of those parameters are set to the defaults and others should be in 'global'.> > > Despite these settings, files copied from Windows are created with > permissions |rw-------|, which restricts access to only the file > owner. I have a |umask| set to |0002| in my shell, but I am > struggling to find the right settings to achieve optimal > compatibility between Windows, Linux, and Samba. > > For comparison, here are the permission settings for two directories: > > * > > |/mnt/shared/Office 2013|:|drwx------ 2 john_johnk john_johnk > 4096 Apr 8 2022| > > * > > |/mnt/shared/partage_de_fichiers|:|drwxrws--- 4 john_johnk > sharedaccess 4096 Oct 15 18:56|What are the permissions set on /mnt/shared ? Also, why is the share there, is it mounted from somewhere else ? If so, where and what is the filesystem. Rowland