Steven Foucault
2019-Dec-26 19:28 UTC
[Samba] Read-only permissions - incorrect user mapping?
CentOS 8 Samba 4.9.1 Client: macOS 10.14 [global] workgroup = LOCAL log file = /var/log/samba/log.smb max log size = 1000 syslog = 0 server role = standalone server unix password sync = no min protocol = SMB2 ea support = yes vfs objects = catia fruit streams_xattr fruit:aapl = yes readdir_attr:aapl_rsize = yes readdir_attr:aapl_finder_info = yes readdir_attr:aapl_max_access = yes fruit:nfs_aces = yes fruit:copyfile = yes fruit:metadata = netatalk fruit:resource = file fruit:locking = none fruit:encoding = private unix extensions = yes spotlight = yes smb2 max read = 8388608 smb2 max write = 8388608 smb2 max trans = 8388608 smb2 leases = yes aio read size = 1 aio write size = 1 kernel oplocks = no use sendfile = yes strict sync = yes sync always = no delete veto files = true fruit:veto_appledouble = yes fruit:posix_rename = yes fruit:zero_file_id = yes fruit:wipe_intentionally_left_blank_rfork = yes fruit:delete_empty_adfiles = yes disable netbios = yes dns proxy = no smb ports = 445> On 26.12.2019, at 20:19, Rowland penny via samba <samba at lists.samba.org> wrote: > > On 26/12/2019 18:46, Steven Foucault via samba wrote: >> I have a problem regarding permissions of a SMB share. >> I created a share for my user ?steven? which has correct unix permissions (I have read/write access to this folder when I log in to the server via ?steven?) >> >> drwxr-xr-x steven root share >> >> When I export this share with no ?force user? entry in smb.conf I can access the share only read only. >> When I use ?force user = steven? it?s the same. >> When I use ?force user = root? I have read write access to this share. >> >> It looks like the samba user ?steven? (which exists) is not mapped to the correct unix user. I thought this is the default behaviour. >> >> pdbedit -L >> steven:1000:steven >> >> id steven >> uid=1000(steven) gid=1000(steven) groups=1000(steven) >> >> When I add - chmod o+w share - write permissions for ?others? I can access share read/write via samba. >> How can I make samba connect the samba user ?steven? to the system user ?steven?? >> >> BTW: There?s no SELinux enabled. >> >> Thanks! >> Steven >> >> >> ? >> [share] >> path = /tank >> available = yes >> browsable = yes >> read only = no >> writeable = yes >> create mask = 0600 >> directory mask = 0700 >> public = no >> force user = steven > > Sorry, but not enough info ;-) > > What OS ? > > What Samba version ? > > What is in [global] ? > > What are you connecting from ? > > That should be enough to start from. > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Rowland penny
2019-Dec-26 20:31 UTC
[Samba] Read-only permissions - incorrect user mapping?
On 26/12/2019 19:28, Steven Foucault wrote:> CentOS 8 > Samba 4.9.1 > Client: macOS 10.14 > > [global] > workgroup = LOCAL > log file = /var/log/samba/log.smb > max log size = 1000 > syslog = 0 > server role = standalone server > #unix password sync = no > min protocol = SMB2 > vfs objects = catia fruit streams_xattr > fruit:aapl = yes > fruit:copyfile = yes > spotlight = yes > use sendfile = yes > delete veto files = true > fruit:wipe_intentionally_left_blank_rfork = yes > fruit:delete_empty_adfiles = yes > disable netbios = yes > dns proxy = no > smb ports = 445 > > >>> ? >>> [share] >>> path = /tank >>> read only = no >>> create mask = 0600 >>> directory mask = 0700 >>> public = no >>> force user = stevenI have removed all the default settings and commented out one line, more on this later. I think you are misunderstanding Samba and users. You are running Samba as a standalone server and you need to create users on each Samba machine with 'smbpasswd', this user must already exist as a Unix user. At the moment, any user known to Samba can connect to the share, but only 'Steven' has the write permission. It looks like you are connecting as a different user (yes, this different user can also be called 'Steven'), are you passing the workgroup as well ? When you add 'force user', this is only used after authentication and ensures that all files will end up belonging to the 'force user' (Steven in this case), this can lead to problems. If user 'fred' can connect to a share that has 'force user = steven' set and can write to the share, with your settings, 'fred' would not be able to read the file he just created. Can I suggest you read 'man smbconf' for more info. Coming back to the line I commented, as you set it, it a default, but it will mean that the Samba users password will not be synced with the Unix users password, this can lead to problems if the users actually log into the Unix machine Samba is running on. Rowland
Steven Foucault
2019-Dec-26 20:43 UTC
[Samba] Read-only permissions - incorrect user mapping?
> I think you are misunderstanding Samba and users. You are running Samba as a standalone server and you need to create users on each Samba machine with 'smbpasswd', this user must already exist as a Unix user. At the moment, any user known to Samba can connect to the share, but only 'Steven' has the write permission. It looks like you are connecting as a different user (yes, this different user can also be called 'Steven'), are you passing the workgroup as well ?I created a samba user using "smbpasswd -a steven" with password ?pass1? (the unix user steven has a different password) You are telling me that when I now log on to the samba server via ?steven? and ?pass1? I am actually _not_ logging in with the user ?steven?? When login succeeds I am assuming that login information is correct and I am connecting as the user I used as username.> On 26.12.2019, at 21:31, Rowland penny via samba <samba at lists.samba.org> wrote: > > On 26/12/2019 19:28, Steven Foucault wrote: >> CentOS 8 >> Samba 4.9.1 >> Client: macOS 10.14 >> >> [global] >> workgroup = LOCAL >> log file = /var/log/samba/log.smb >> max log size = 1000 >> syslog = 0 >> server role = standalone server >> #unix password sync = no >> min protocol = SMB2 >> vfs objects = catia fruit streams_xattr >> fruit:aapl = yes >> fruit:copyfile = yes >> spotlight = yes >> use sendfile = yes >> delete veto files = true >> fruit:wipe_intentionally_left_blank_rfork = yes >> fruit:delete_empty_adfiles = yes >> disable netbios = yes >> dns proxy = no >> smb ports = 445 >> >> >>>> ? >>>> [share] >>>> path = /tank >>>> read only = no >>>> create mask = 0600 >>>> directory mask = 0700 >>>> public = no >>>> force user = steven > > I have removed all the default settings and commented out one line, more on this later. > > I think you are misunderstanding Samba and users. You are running Samba as a standalone server and you need to create users on each Samba machine with 'smbpasswd', this user must already exist as a Unix user. At the moment, any user known to Samba can connect to the share, but only 'Steven' has the write permission. It looks like you are connecting as a different user (yes, this different user can also be called 'Steven'), are you passing the workgroup as well ? > > When you add 'force user', this is only used after authentication and ensures that all files will end up belonging to the 'force user' (Steven in this case), this can lead to problems. If user 'fred' can connect to a share that has 'force user = steven' set and can write to the share, with your settings, 'fred' would not be able to read the file he just created. > > Can I suggest you read 'man smbconf' for more info. > > Coming back to the line I commented, as you set it, it a default, but it will mean that the Samba users password will not be synced with the Unix users password, this can lead to problems if the users actually log into the Unix machine Samba is running on. > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Apparently Analagous Threads
- Read-only permissions - incorrect user mapping?
- Duplicate entry in macOS "Network" when using Samba 4.9.1 and avahi 0.7
- smbd rejects all and any authentication attempts due to a corrupted "gencache.tdb"
- Optimal File Permissions for Shared Access Between Windows and Linux
- File copy with macOS Finder leaves random files grayed out using vfs_fruit