How to get group write permission with Samba 4?
I have a Samba share server running Ubuntu. After upgrading to 14.04, I had Samba upgraded from 3 to 4. Since then, I can't get group write permission on my newly created directory or files.
What was previously working in Samba3 was using these settings:
security mask = 000
force security mode = 660
directory security mask = 000
force directory security mode = 770
force user = nobody
force group = Domain Users
These settings were removed in Samba 4 (see https://wiki.samba.org/index.php/Samba_4.0_Features_added/changed#smb.conf_changes).
But now, my directories are created "drwxr-x--- 2 nobody Domain Users" and my new files "-rwxr-x--- 1 nobody Domain Users".
So what is the way in Samba 4 to allow my users to create and share with write permissions new directories and files ?
Here is my full samba config:
[global]
workgroup = WORKGROUP
server string = %h server (Samba, Ubuntu)
interfaces = 127.0.0.0/8, eth0
map to guest = Bad User
obey pam restrictions = Yes
passdb backend = ldapsam:ldap://ldap
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Entersnews*spassword:* %nn *Retypesnews*spassword:* %nn *passwordsupdatedssuccessfully* .
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
load printers = No
domain master = Yes
dns proxy = No
ldap admin dn = cn=root,dc=example,dc=com
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
ldap passwd sync = yes
ldap suffix = dc=example,dc=com
ldap ssl = no
ldap user suffix = ou=People
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d
idmap config * : backend = tdb
[CommonShare]
comment = Common share
path = /srv/samba/common
valid users = @myusers
read only = No
create mask = 0660
force create mode = 0770
directory mask = 0770
force directory mode = 0770
inherit permissions = Yes
inherit owner = Yes
permissions samba file-sharing
add a comment |
I have a Samba share server running Ubuntu. After upgrading to 14.04, I had Samba upgraded from 3 to 4. Since then, I can't get group write permission on my newly created directory or files.
What was previously working in Samba3 was using these settings:
security mask = 000
force security mode = 660
directory security mask = 000
force directory security mode = 770
force user = nobody
force group = Domain Users
These settings were removed in Samba 4 (see https://wiki.samba.org/index.php/Samba_4.0_Features_added/changed#smb.conf_changes).
But now, my directories are created "drwxr-x--- 2 nobody Domain Users" and my new files "-rwxr-x--- 1 nobody Domain Users".
So what is the way in Samba 4 to allow my users to create and share with write permissions new directories and files ?
Here is my full samba config:
[global]
workgroup = WORKGROUP
server string = %h server (Samba, Ubuntu)
interfaces = 127.0.0.0/8, eth0
map to guest = Bad User
obey pam restrictions = Yes
passdb backend = ldapsam:ldap://ldap
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Entersnews*spassword:* %nn *Retypesnews*spassword:* %nn *passwordsupdatedssuccessfully* .
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
load printers = No
domain master = Yes
dns proxy = No
ldap admin dn = cn=root,dc=example,dc=com
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
ldap passwd sync = yes
ldap suffix = dc=example,dc=com
ldap ssl = no
ldap user suffix = ou=People
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d
idmap config * : backend = tdb
[CommonShare]
comment = Common share
path = /srv/samba/common
valid users = @myusers
read only = No
create mask = 0660
force create mode = 0770
directory mask = 0770
force directory mode = 0770
inherit permissions = Yes
inherit owner = Yes
permissions samba file-sharing
add a comment |
I have a Samba share server running Ubuntu. After upgrading to 14.04, I had Samba upgraded from 3 to 4. Since then, I can't get group write permission on my newly created directory or files.
What was previously working in Samba3 was using these settings:
security mask = 000
force security mode = 660
directory security mask = 000
force directory security mode = 770
force user = nobody
force group = Domain Users
These settings were removed in Samba 4 (see https://wiki.samba.org/index.php/Samba_4.0_Features_added/changed#smb.conf_changes).
But now, my directories are created "drwxr-x--- 2 nobody Domain Users" and my new files "-rwxr-x--- 1 nobody Domain Users".
So what is the way in Samba 4 to allow my users to create and share with write permissions new directories and files ?
Here is my full samba config:
[global]
workgroup = WORKGROUP
server string = %h server (Samba, Ubuntu)
interfaces = 127.0.0.0/8, eth0
map to guest = Bad User
obey pam restrictions = Yes
passdb backend = ldapsam:ldap://ldap
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Entersnews*spassword:* %nn *Retypesnews*spassword:* %nn *passwordsupdatedssuccessfully* .
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
load printers = No
domain master = Yes
dns proxy = No
ldap admin dn = cn=root,dc=example,dc=com
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
ldap passwd sync = yes
ldap suffix = dc=example,dc=com
ldap ssl = no
ldap user suffix = ou=People
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d
idmap config * : backend = tdb
[CommonShare]
comment = Common share
path = /srv/samba/common
valid users = @myusers
read only = No
create mask = 0660
force create mode = 0770
directory mask = 0770
force directory mode = 0770
inherit permissions = Yes
inherit owner = Yes
permissions samba file-sharing
I have a Samba share server running Ubuntu. After upgrading to 14.04, I had Samba upgraded from 3 to 4. Since then, I can't get group write permission on my newly created directory or files.
What was previously working in Samba3 was using these settings:
security mask = 000
force security mode = 660
directory security mask = 000
force directory security mode = 770
force user = nobody
force group = Domain Users
These settings were removed in Samba 4 (see https://wiki.samba.org/index.php/Samba_4.0_Features_added/changed#smb.conf_changes).
But now, my directories are created "drwxr-x--- 2 nobody Domain Users" and my new files "-rwxr-x--- 1 nobody Domain Users".
So what is the way in Samba 4 to allow my users to create and share with write permissions new directories and files ?
Here is my full samba config:
[global]
workgroup = WORKGROUP
server string = %h server (Samba, Ubuntu)
interfaces = 127.0.0.0/8, eth0
map to guest = Bad User
obey pam restrictions = Yes
passdb backend = ldapsam:ldap://ldap
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Entersnews*spassword:* %nn *Retypesnews*spassword:* %nn *passwordsupdatedssuccessfully* .
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
load printers = No
domain master = Yes
dns proxy = No
ldap admin dn = cn=root,dc=example,dc=com
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
ldap passwd sync = yes
ldap suffix = dc=example,dc=com
ldap ssl = no
ldap user suffix = ou=People
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d
idmap config * : backend = tdb
[CommonShare]
comment = Common share
path = /srv/samba/common
valid users = @myusers
read only = No
create mask = 0660
force create mode = 0770
directory mask = 0770
force directory mode = 0770
inherit permissions = Yes
inherit owner = Yes
permissions samba file-sharing
permissions samba file-sharing
asked Nov 14 '14 at 8:28
alcialci
3,07043256
3,07043256
add a comment |
add a comment |
4 Answers
4
active
oldest
votes
To fix the problem you may add the force user
username to the list of valid users
for the share.
In your case:
[Myshare]
...
valid users = @bureau
...
should be:
[Myshare]
...
valid users = nobody @bureau
...
Great, this works !
– alci
Nov 18 '14 at 11:30
add a comment |
This same problem happened to me.
I had to update the access control lists of all directories with the default group permissions:
sudo setfacl -R -m d:g:family:rwx /mnt/backup
-R = recursive
-m = modify
d: = defaults
g: = group name ("family" in my case) or gid number
rwx = default permissions read write execute for all in group
/mnt/backup
is the directory (and subdirectories) to modify.
add a comment |
I know this is an old thread, but this might help someone. I solved this by setting the setgid
bit to 2 (instead of 0) so the directories / files are created with group write permissions, e.g.
force create mode = 2777
force directory mode = 2777
From : https://linuxconfig.org/how-to-use-special-permissions-the-setuid-setgid-and-sticky-bits#h7-the-setgid-bit
add a comment |
The first four parameters have been removed, not the last two (see: https://www.samba.org/samba/docs/man/manpages/smb.conf.5.html#FORCEUSER).
So, just put them back in the config file and that should solve the problem. If you want write permissions to users in a particular group, add the write list
parameter. It provides ability to grant write permissions to specific users or groups.
Here is an example of a config I use to allow creation/modification of files to all users belonging to a specific group (and only these users):
[Myshare]
writeable = yes
path = /shares/office
force directory mode = 770
force create mode = 770
force group = bureau
valid users = @bureau
write list = @bureau
.
force user and force group are indeed still valid parameters, but it does not change anything. Files and directories are created as Nobody / Domain Users anyway (don't know why, maybe inherit owner ?, but are NOT group writable...
– alci
Nov 17 '14 at 8:13
See edited version of my answer. Basically, usewrite list
parameter.
– Marc Vanhoomissen
Nov 17 '14 at 12:43
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f549513%2fhow-to-get-group-write-permission-with-samba-4%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
To fix the problem you may add the force user
username to the list of valid users
for the share.
In your case:
[Myshare]
...
valid users = @bureau
...
should be:
[Myshare]
...
valid users = nobody @bureau
...
Great, this works !
– alci
Nov 18 '14 at 11:30
add a comment |
To fix the problem you may add the force user
username to the list of valid users
for the share.
In your case:
[Myshare]
...
valid users = @bureau
...
should be:
[Myshare]
...
valid users = nobody @bureau
...
Great, this works !
– alci
Nov 18 '14 at 11:30
add a comment |
To fix the problem you may add the force user
username to the list of valid users
for the share.
In your case:
[Myshare]
...
valid users = @bureau
...
should be:
[Myshare]
...
valid users = nobody @bureau
...
To fix the problem you may add the force user
username to the list of valid users
for the share.
In your case:
[Myshare]
...
valid users = @bureau
...
should be:
[Myshare]
...
valid users = nobody @bureau
...
answered Nov 18 '14 at 11:28
MatgMatg
361
361
Great, this works !
– alci
Nov 18 '14 at 11:30
add a comment |
Great, this works !
– alci
Nov 18 '14 at 11:30
Great, this works !
– alci
Nov 18 '14 at 11:30
Great, this works !
– alci
Nov 18 '14 at 11:30
add a comment |
This same problem happened to me.
I had to update the access control lists of all directories with the default group permissions:
sudo setfacl -R -m d:g:family:rwx /mnt/backup
-R = recursive
-m = modify
d: = defaults
g: = group name ("family" in my case) or gid number
rwx = default permissions read write execute for all in group
/mnt/backup
is the directory (and subdirectories) to modify.
add a comment |
This same problem happened to me.
I had to update the access control lists of all directories with the default group permissions:
sudo setfacl -R -m d:g:family:rwx /mnt/backup
-R = recursive
-m = modify
d: = defaults
g: = group name ("family" in my case) or gid number
rwx = default permissions read write execute for all in group
/mnt/backup
is the directory (and subdirectories) to modify.
add a comment |
This same problem happened to me.
I had to update the access control lists of all directories with the default group permissions:
sudo setfacl -R -m d:g:family:rwx /mnt/backup
-R = recursive
-m = modify
d: = defaults
g: = group name ("family" in my case) or gid number
rwx = default permissions read write execute for all in group
/mnt/backup
is the directory (and subdirectories) to modify.
This same problem happened to me.
I had to update the access control lists of all directories with the default group permissions:
sudo setfacl -R -m d:g:family:rwx /mnt/backup
-R = recursive
-m = modify
d: = defaults
g: = group name ("family" in my case) or gid number
rwx = default permissions read write execute for all in group
/mnt/backup
is the directory (and subdirectories) to modify.
edited Jul 7 '17 at 21:01
guntbert
9,331133170
9,331133170
answered Jul 7 '17 at 20:35
Scott LentzScott Lentz
111
111
add a comment |
add a comment |
I know this is an old thread, but this might help someone. I solved this by setting the setgid
bit to 2 (instead of 0) so the directories / files are created with group write permissions, e.g.
force create mode = 2777
force directory mode = 2777
From : https://linuxconfig.org/how-to-use-special-permissions-the-setuid-setgid-and-sticky-bits#h7-the-setgid-bit
add a comment |
I know this is an old thread, but this might help someone. I solved this by setting the setgid
bit to 2 (instead of 0) so the directories / files are created with group write permissions, e.g.
force create mode = 2777
force directory mode = 2777
From : https://linuxconfig.org/how-to-use-special-permissions-the-setuid-setgid-and-sticky-bits#h7-the-setgid-bit
add a comment |
I know this is an old thread, but this might help someone. I solved this by setting the setgid
bit to 2 (instead of 0) so the directories / files are created with group write permissions, e.g.
force create mode = 2777
force directory mode = 2777
From : https://linuxconfig.org/how-to-use-special-permissions-the-setuid-setgid-and-sticky-bits#h7-the-setgid-bit
I know this is an old thread, but this might help someone. I solved this by setting the setgid
bit to 2 (instead of 0) so the directories / files are created with group write permissions, e.g.
force create mode = 2777
force directory mode = 2777
From : https://linuxconfig.org/how-to-use-special-permissions-the-setuid-setgid-and-sticky-bits#h7-the-setgid-bit
edited 2 days ago
answered May 16 '18 at 9:23
edededededed
112
112
add a comment |
add a comment |
The first four parameters have been removed, not the last two (see: https://www.samba.org/samba/docs/man/manpages/smb.conf.5.html#FORCEUSER).
So, just put them back in the config file and that should solve the problem. If you want write permissions to users in a particular group, add the write list
parameter. It provides ability to grant write permissions to specific users or groups.
Here is an example of a config I use to allow creation/modification of files to all users belonging to a specific group (and only these users):
[Myshare]
writeable = yes
path = /shares/office
force directory mode = 770
force create mode = 770
force group = bureau
valid users = @bureau
write list = @bureau
.
force user and force group are indeed still valid parameters, but it does not change anything. Files and directories are created as Nobody / Domain Users anyway (don't know why, maybe inherit owner ?, but are NOT group writable...
– alci
Nov 17 '14 at 8:13
See edited version of my answer. Basically, usewrite list
parameter.
– Marc Vanhoomissen
Nov 17 '14 at 12:43
add a comment |
The first four parameters have been removed, not the last two (see: https://www.samba.org/samba/docs/man/manpages/smb.conf.5.html#FORCEUSER).
So, just put them back in the config file and that should solve the problem. If you want write permissions to users in a particular group, add the write list
parameter. It provides ability to grant write permissions to specific users or groups.
Here is an example of a config I use to allow creation/modification of files to all users belonging to a specific group (and only these users):
[Myshare]
writeable = yes
path = /shares/office
force directory mode = 770
force create mode = 770
force group = bureau
valid users = @bureau
write list = @bureau
.
force user and force group are indeed still valid parameters, but it does not change anything. Files and directories are created as Nobody / Domain Users anyway (don't know why, maybe inherit owner ?, but are NOT group writable...
– alci
Nov 17 '14 at 8:13
See edited version of my answer. Basically, usewrite list
parameter.
– Marc Vanhoomissen
Nov 17 '14 at 12:43
add a comment |
The first four parameters have been removed, not the last two (see: https://www.samba.org/samba/docs/man/manpages/smb.conf.5.html#FORCEUSER).
So, just put them back in the config file and that should solve the problem. If you want write permissions to users in a particular group, add the write list
parameter. It provides ability to grant write permissions to specific users or groups.
Here is an example of a config I use to allow creation/modification of files to all users belonging to a specific group (and only these users):
[Myshare]
writeable = yes
path = /shares/office
force directory mode = 770
force create mode = 770
force group = bureau
valid users = @bureau
write list = @bureau
.
The first four parameters have been removed, not the last two (see: https://www.samba.org/samba/docs/man/manpages/smb.conf.5.html#FORCEUSER).
So, just put them back in the config file and that should solve the problem. If you want write permissions to users in a particular group, add the write list
parameter. It provides ability to grant write permissions to specific users or groups.
Here is an example of a config I use to allow creation/modification of files to all users belonging to a specific group (and only these users):
[Myshare]
writeable = yes
path = /shares/office
force directory mode = 770
force create mode = 770
force group = bureau
valid users = @bureau
write list = @bureau
.
edited Nov 17 '14 at 12:53
answered Nov 14 '14 at 12:45
Marc VanhoomissenMarc Vanhoomissen
89811119
89811119
force user and force group are indeed still valid parameters, but it does not change anything. Files and directories are created as Nobody / Domain Users anyway (don't know why, maybe inherit owner ?, but are NOT group writable...
– alci
Nov 17 '14 at 8:13
See edited version of my answer. Basically, usewrite list
parameter.
– Marc Vanhoomissen
Nov 17 '14 at 12:43
add a comment |
force user and force group are indeed still valid parameters, but it does not change anything. Files and directories are created as Nobody / Domain Users anyway (don't know why, maybe inherit owner ?, but are NOT group writable...
– alci
Nov 17 '14 at 8:13
See edited version of my answer. Basically, usewrite list
parameter.
– Marc Vanhoomissen
Nov 17 '14 at 12:43
force user and force group are indeed still valid parameters, but it does not change anything. Files and directories are created as Nobody / Domain Users anyway (don't know why, maybe inherit owner ?, but are NOT group writable...
– alci
Nov 17 '14 at 8:13
force user and force group are indeed still valid parameters, but it does not change anything. Files and directories are created as Nobody / Domain Users anyway (don't know why, maybe inherit owner ?, but are NOT group writable...
– alci
Nov 17 '14 at 8:13
See edited version of my answer. Basically, use
write list
parameter.– Marc Vanhoomissen
Nov 17 '14 at 12:43
See edited version of my answer. Basically, use
write list
parameter.– Marc Vanhoomissen
Nov 17 '14 at 12:43
add a comment |
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f549513%2fhow-to-get-group-write-permission-with-samba-4%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown