You are not logged in.
Pages: 1
Dear Community,
I was following the Archwiki page on samba trying to set a group collaboration share in /srv/samba/restricted.
I changed group ownership of this directory to sambashare group.
My user IS a memeber of the sambashare group.
Here is the share stanza from smb.conf:
[restricted]
path = /srv/samba/restricted
valid users = root @sambashare
writable = yes
write list = root @sambashare
create mask = 664
force create mode = 664
directory mask = 2775
force directory mode = 2775
However when I mount the share with this :
mount -t cifs -o user=root,password=.... //localhost/restricted /mnt/samba/restricted
....the mounted share gets :
[root@arch ~]# ls -ld /mnt/samba/restricted
drwxr-xr-x 2 root root 0 Jul 29 14:55 /mnt/samba/restricte
Even if i use :
mount -t cifs -o user=root,password=guru,gid=sambashare //localhost/restricted /mnt/samba/restricted
I get :
[root@arch ~]# ls -ld /mnt/samba/restricted
drwxr-xr-x 2 root sambashare 0 Jul 29 14:55 /mnt/samba/restricted
which although it changes the group ownership to sambashare it used the 755 mask which makes it useless because my user (dharma) who belongs to the sambashare group does NOT have write access to the MOUNTED share and INDEED gets a "permission denied" error when he attempts to write in the samba share.
Here are the original share dir permissions:
[root@arch ~]# ls -ld /srv/samba/restricted
drwxrwsr-x 2 root sambashare 4096 Jul 29 14:55 /srv/samba/restricted
Now either samba is utterly and totally stupidly useless not preserving any permissions etc OR I am doing something wrong...
Kindly point out to me what is going on.....
Thanks a lot
Best Regards
Last edited by dreamycrane (2019-07-29 13:31:20)
Offline
Please use code tags when posting configs or terminal snippits: https://wiki.archlinux.org/index.php/Co … s_and_code
You haven't configured a group in samba, you've just set it on the local filesystem. I'm not sure how samba handles this, but this is what the man page has to say:
force group (S) This specifies a UNIX group name that will be assigned as the default primary group for all users connecting to this service. This is useful for sharing files by ensuring that all access to files on service will use the named group for their permissions checking. Thus, by assigning permissions for this group to the files and directories within this service the Samba administrator can restrict or allow sharing of these files. In Samba 2.0.5 and above this parameter has extended functionality in the following way. If the group name listed here has a '+' character prepended to it then the current user accessing the share only has the primary group default assigned to this group if they are already assigned as a member of that group. This allows an administrator to decide that only users who are already in a particular group will create files with group ownership set to that group. This gives a finer granularity of ownership assignment. For example, the setting force group = +sys means that only users who are already in group sys will have their default primary group assigned to sys when accessing this Samba share. All other users will retain their ordinary primary group. If the force user parameter is also set the group specified in force group will override the primary group set in force user. Default: force group = Example: force group = agroup
However, I think you're using samba for a task better suited to NFS.
Samba is designed for per-user access to shares (one mount per user).
NFS is designed for per-machine access to shares (one mount per machine).
Sakura:-
Mobo: MSI MAG X570S TORPEDO MAX // Processor: AMD Ryzen 9 5950X @4.9GHz // GFX: AMD Radeon RX 5700 XT // RAM: 32GB (4x 8GB) Corsair DDR4 (@ 3000MHz) // Storage: 1x 3TB HDD, 6x 1TB SSD, 2x 120GB SSD, 1x 275GB M2 SSD
Making lemonade from lemons since 2015.
Offline
Thanks a lot
@WorMzy
I rectified my tags mistake by manually entering the tags.
As I didnt see ready made tags in the interface I thought they were unavailable.
On the issue you mentioned:
However, I think you're using samba for a task better suited to NFS.
Samba is designed for per-user access to shares (one mount per user).
NFS is designed for per-machine access to shares (one mount per machine).
This clears EVERYTHING.
Of course NFS is super cool.
The only usage then i see of samba is sharing of home dirs and public shares..
Thanks A lot again
Last edited by dreamycrane (2019-07-29 13:40:33)
Offline
HOWEVER,
I did some more testing and it seems that although Samba WILL NOT modify unix permissions it DOES lay its own permissions on top...But they are not visible by an ls -l or ls -ld /mountpoint.
Samba share on Linux level always acquires the permissions of the root:root with a mask of 755 because you have to either mount it as root or sudo mount it as a user.
So it seems that in order to use a samba share FIRST the user has to have sudo privileges because the mounted ownership will be root:root.
SECONDLY if he has sudo , THEN DO THE SAMBA PERMISSIONS BEGIN TO APPLY.
But they are invisible as I mentioned earlier.
So yes if a user has sudo then samba perms will work on top of it.
If not its sticky.......
BUT it seems that file managers like caja nautilus etc can mount samba shares even if the user is not in the sudoers and apparently they dont use cifs:// but smb://.
Is this a polkit thing or an smb:// thing I wonder.......
Any feedback would be very welcome..
Last edited by dreamycrane (2019-07-29 15:03:06)
Offline
Pages: 1