Samba and Read Only documents

Joel Goguen jtgoguen at gmail.com
Tue Jan 13 13:58:38 UTC 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Richard Cameron wrote:
> Hi all. I recently installed Ubuntu 8.04 as a file server here on our
> little network. I set up samba to share files with the windows boxes
> here. However, when I got the whole thing up and running, several of the
> windows computers couldn't access the shared folder. I un-commented the
> lines "force user" and "force group". Now everybody can see and open the
> files. Unfortunately, all of our ms office documents come up as read
> only on the windows machines. I'm under the gun to get this fixed as
> quickly as possible, so any advice would be helpful.
> 
> Here's my smb.conf for your consideration:
> 
> [global]
>     ; General server settings
>     netbios name = AEServer
>     server string =
>     workgroup = AE
>     announce version = 5.0
>     socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
> SO_RCVBUF=8192 SO_SNDBUF=8192
> 
>     passdb backend = tdbsam
>     security = user
>     null passwords = true
>     username map = /etc/samba/smbusers
>     name resolve order = hosts wins bcast
> 
>     wins support = yes
> 
>     printing = CUPS
>     printcap name = CUPS
> 
>     syslog = 1
>     syslog only = yes
> 
> ; NOTE: If you need access to the user home directories uncomment the
> ; lines below and adjust the settings to your hearts content.
> ;[homes]
>     ;valid users = %S
>     ;create mode = 0666
>     ;directory mode = 0777
>     ;browseable = yes
>     ;read only = no
>     ;veto files = /*.{*}/.*/mail/bin/
> 
> ; NOTE: Only needed if you run samba as a primary domain controller.
> ; Not needed as this config doesn't cover that matter.
> ;[netlogon]
>     ;path = /var/lib/samba/netlogon
>     ;admin users = Administrator
>     ;valid users = %U
>     ;read only = no
> 
> ; NOTE: Again - only needed if you're running a primary domain
> controller.
> ;[Profiles]
>     ;path = /var/lib/samba/profiles
>     ;valid users = %U
>     ;create mode = 0666
>     ;directory mode = 0777
>     ;writeable = yes
>     ;browseable = yes
> 
> ; NOTE: Inside this place you may build a printer driver repository for
> ; Windows - I'll cover this topic in another HOWTO.
> [print$]
>     path = /var/lib/samba/printers
>     browseable = yes
>     guest ok = yes
>     read only = yes
>     write list = root
>     create mask = 0664
>     directory mask = 0775
> 
> [printers]
>     path = /tmp
>     printable = yes
>     guest ok = yes
>     browseable = no
> 
> ; Uncomment if you need to share your CD-/DVD-ROM Drive
> ;[DVD-ROM Drive]
>     ;path = /media/cdrom
>     ;browseable = yes
>     ;read only = yes
>     ;guest ok = yes
> 
> [SharedFiles]
>     path = /home/administrator/
>     browseable = yes
>     read only = no
>     guest ok = no
>     create mask = 0666
>     directory mask = 0777
>    # force user = administrator
>    # force group = AE
>     force security mode = 0777
> 
> I hope I can get this fixed. Thanks
> 
> Richard Cameron
> 
> 
Linux permissions still apply.  So chances are, that means that write
permissions need to be extended to everyone (and create masks updated to
reflect this).  This is the quick, but not necessarily most secure, fix:

In the share definition, make sure you have these two lines.  This will
make all files/directories created be readable and writable by anyone:
create mask = 0666
directory mask = 0777

Next, set these permissions on the shared folder:
sudo chmod -R +rwX /path/to/shared/folder/

That capital X is important since it won't give execute permissions to
anything that doesn't need (or already have) it.

A more secure solution would be to have the users as part of a Linux
group, set that group as the group for the shared folder, then make the
whole thing group writable but not world writable.  If you would rather
go this route, create a new group (I'll pretend it's called 'sambausers'
for now) and add everyone who should be able to access the share into
that group.  Then, instead of the two lines above, use these two lines
in the share definition:
create mask = 0660
directory mask = 0770

Then apply these permissions to the shared folder:
sudo chmod -R o-rwx /path/to/shared/folder/
sudo chgrp -R sambausers /path/to/shared/folder/
sudo chmod -R ug=rwX /path/to/shared/folder/

Using '-' or '=' and 'x' or 'X' is intended here.

HTH

- --
Joel Goguen
Ubuntu User #15951
When we help, we benefit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAklsng0ACgkQ7B2nva3BBniGwgCg5Tg20OmU2SnPRE1eWS+y7g8v
hugAoLFP0AuZGQeBBVjHJ2Q1w9rzdRz2
=rc40
-----END PGP SIGNATURE-----




More information about the ubuntu-users mailing list