On Mon, 16 Jun 2025 12:53:19 +0200 Gilles via samba <samba at lists.samba.org> wrote:> Hello > > I set up a new Debian 12 host with Samba 4.17.12-Debian and the > settings that work on another host? and I can't figure out why I get > an "Access denied" when copying a file from Windows to Samba, > although smbd.log says "www-data closed file backup.tar.gz > (numopen=1) NT_STATUS_OK". > > I found no obvious difference in smb.conf, the filesystem ownership, > and fstab. > > Any idea? > > Thank you. > > ================ root at debian-lenovo:~# cat /etc/samba/smb.conf > [global] > netbios name = DEBIAN-LENOVO > server role = standalone > disable netbios = yes > smb ports = 445 > > map to guest = Bad User > guest account = www-data > > interfaces = 192.168.0.17/255.255.255.0 127.0.0.1/255.255.255.255 > bind interfaces only = yes > > log level = 2 > > printcap name = /dev/null > load printers = no > printing = bsd > > [my_data] > path = /my_data > ;comment = No need for Unix/Samba passwords > guest ok = yes > writeable=yes > browseable=yes > > create mode = 0644 ; still -rw-r-xr-x > ;doesn't work with vfat fs > force user = www-data > force group = www-data > force create mode = 0644 ; makes no difference > > ================ root at debian-lenovo:~# ll //my_data > drwxr-xr-x? 2 www-data www-data 4096 Jun 15 22:10 ./ > drwxr-xr-x 20 root? ? ?root? ? ?4096 Jun 13 16:21 ../ > -rw-r--r--? 1 www-data www-data 4250 Jun 15 22:10 backup.tar.gz >It appears that anyone can enter /my_data , but only www-data can write to the directory. As you are using Guest access and have set the guest user to 'www-data', then you should be able to write to the share. What could be happening is that Apparmor could be getting in the way, or guest access could be turned off on your Windows client, or there could be a bug in Samba. Could I suggest you upgrade Samba to the version available from bookworm-backports, this may fix your problem, but if it doesn't, you will then have a chance to get any potential bug fixed, 4.17.12 is EOL from the Samba point of view. Rowland
On 16/06/2025 14:01, Rowland Penny via samba wrote:> It appears that anyone can enter /my_data , but only www-data can write > to the directory. As you are using Guest access and have set the guest > user to 'www-data', then you should be able to write to the share. > > What could be happening is that Apparmor could be getting in the way, or > guest access could be turned off on your Windows client, or there could > be a bug in Samba. > > Could I suggest you upgrade Samba to the version available from > bookworm-backports, this may fix your problem, but if it doesn't, you > will then have a chance to get any potential bug fixed, 4.17.12 is EOL > from the Samba point of view.I didn't know what AppArmor was. Turning it off, restarting Samba, and trying to write a file still says Access Denied: root at debian-lenovo:~# systemctl stop apparmor root at debian-lenovo:~# systemctl restart samba "journalctl -f" shows nothing when I try to copy a file to that new Debian host. Neither does /var/log/samba/log.smbd. From the same Win11 computer, I can write to another Debian12 host using the same smb.conf, where I didn't have to do anything more to write-access. It is also running Samba 4.17.12 so it doesn't look like it's a bug in Samba. Since it 's neither smb.conf, the filesystem, fstab nor Samba, it looks like the problem lies elsewhere.