Cfxtrjtrk

I have a Samba share server running Ubuntu. After upgrading to 14.04, I had Samba upgraded from 3 to 4. Since then, I can't get group write permission on my newly created directory or files.

What was previously working in Samba3 was using these settings:

security mask = 000

force security mode = 660

directory security mask = 000

force directory security mode = 770

force user = nobody

force group = Domain Users

These settings were removed in Samba 4 (see https://wiki.samba.org/index.php/Samba_4.0_Features_added/changed#smb.conf_changes).

But now, my directories are created "drwxr-x--- 2 nobody Domain Users" and my new files "-rwxr-x--- 1 nobody Domain Users".

So what is the way in Samba 4 to allow my users to create and share with write permissions new directories and files ?

Here is my full samba config:

[global]

    workgroup = WORKGROUP

    server string = %h server (Samba, Ubuntu)

    interfaces = 127.0.0.0/8, eth0

    map to guest = Bad User

    obey pam restrictions = Yes

    passdb backend = ldapsam:ldap://ldap

    pam password change = Yes

    passwd program = /usr/bin/passwd %u

    passwd chat = *Entersnews*spassword:* %nn *Retypesnews*spassword:* %nn *passwordsupdatedssuccessfully* .

    syslog = 0

    log file = /var/log/samba/log.%m

    max log size = 1000

    load printers = No

    domain master = Yes

    dns proxy = No

    ldap admin dn = cn=root,dc=example,dc=com

    ldap group suffix = ou=Groups

    ldap idmap suffix = ou=Idmap

    ldap machine suffix = ou=Computers

    ldap passwd sync = yes

    ldap suffix = dc=example,dc=com

    ldap ssl = no

    ldap user suffix = ou=People

    usershare allow guests = Yes

    panic action = /usr/share/samba/panic-action %d

    idmap config * : backend = tdb



[CommonShare]

    comment = Common share

    path = /srv/samba/common

    valid users = @myusers

    read only = No

    create mask = 0660

    force create mode = 0770

    directory mask = 0770

    force directory mode = 0770

    inherit permissions = Yes

    inherit owner = Yes

To fix the problem you may add the force user username to the list of valid users for the share.

In your case:

[Myshare]

...

valid users = @bureau

...

should be:

[Myshare]

...

valid users = nobody @bureau

...

This same problem happened to me.

I had to update the access control lists of all directories with the default group permissions:

sudo setfacl -R -m d:g:family:rwx /mnt/backup



-R = recursive

-m = modify

d: = defaults

g: = group name ("family" in my case) or gid number

rwx = default permissions read write execute for all in group

/mnt/backup is the directory (and subdirectories) to modify.

I know this is an old thread, but this might help someone. I solved this by setting the setgid bit to 2 (instead of 0) so the directories / files are created with group write permissions, e.g.

force create mode = 2777
force directory mode = 2777

From : https://linuxconfig.org/how-to-use-special-permissions-the-setuid-setgid-and-sticky-bits#h7-the-setgid-bit

The first four parameters have been removed, not the last two (see: https://www.samba.org/samba/docs/man/manpages/smb.conf.5.html#FORCEUSER).

So, just put them back in the config file and that should solve the problem. If you want write permissions to users in a particular group, add the write list parameter. It provides ability to grant write permissions to specific users or groups.

Here is an example of a config I use to allow creation/modification of files to all users belonging to a specific group (and only these users):

[Myshare]
writeable = yes
path = /shares/office
force directory mode = 770
force create mode = 770
force group = bureau
valid users = @bureau
write list = @bureau
.