Samba: Can't write if server dir has mode 755, even as same user

hduyudh · 2016-03-13 02:42:00

I'm trying to get Samba to work, for a private writable share. I have tried searching many places, to no avail. Interestingly, the sample smb.conf didn't work for me, either (after changing paths and usernames away from "jaime", of course).
I simply cannot write to directories with 755 permission owned by myself using myself as the samba user. Here's the details (I don't think there can be a much more simple smb.conf):

(server) $ testparm -s
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[test1]"
Loaded services file OK.
Server role: ROLE_STANDALONE

# Global parameters
[global]
        security = USER
        idmap config * : backend = tdb
        hosts allow = 192.168.1. 127. 10.
[test1]
        comment = write
        path = /tmp/test1
        valid users = duy
        read only = No
        browseable = No

(server) $ ls -la /tmp/test1/
total 0
drwxrwxrwt 11 root root 220 Mar 20 12:27 ../
drwxr-xr-x  3 duy  duy   80 Mar 20 12:27 ./
drwxr-xr-x  2 duy  duy   40 Mar 20 12:27 a/
-rw-r--r--  1 duy  duy    0 Mar 20 12:27 b

Client:

(client) $ cd; sudo umount tmp; sudo mount.cifs //192.168.1.205/test1 -o user=duy,pass=xxx tmp; cd tmp
(client) $ ls -la
total 4.0K
drwx------  20 duy duy 4.0K Mar 20 12:05 ../
drwxr-xr-x+  3 duy duy    0 Mar 20 12:27 ./
drwxr-xr-x+  2 duy duy    0 Mar 20 12:27 a/
-rw-r--r--+  1 duy duy    0 Mar 20 12:27 b
(client) $ touch x
touch: cannot touch 'x': Permission denied

Tried with Windows7 client, too; same issue.

Interestingly, if I change the permission of a directory to 775, I can write to it

(server) $ mkdir /tmp/test1/aprime
(server) $ chmod 775 /tmp/test1/aprime

(client) $ touch aprime/x  # <--- this works!

I don't see how the group permission matters; I'm already logging into samba as the same user, so only the "user" bits should matter, right?
Anyone has any lead? The majority of the places I have found all suggested changing all my directories to 775 and files to 664, but I don't want that. I used to have it working before with 755 and 644, but unfortunately I deleted that smb.conf.

Last edited by hduyudh (2016-03-20 19:49:23)

Docbroke · 2016-03-13 03:28:44

755 explained below
read=4, write=2, execute=1
root7 = rwx (read write & execute)
group5 = r_x (read in the directory, can execute/open files, cannot write/create new files)
user5 = r_x (read in the directory, can execute/open files, cannot write/create new files)

7=4+2+1(r+w+x), 6=(4+2)(r+w), 5=4+1(r+x), 4=4(r)

You can write with 775 but not with 755, means that when there is write permission to the group that owns the directory you can write, so your user is in the group that owns the file. But your user is not the owner?

for directory x = create/delete files inside
for files x = execute as program

Last edited by Docbroke (2016-03-13 04:20:16)

hduyudh · 2016-03-13 04:19:19

Well, I know Unix permission. I just don't see how it affects my case: Samba process is running as my user already. And as I mentioned, all the files are owned by "duy:users", and I am user "duy", in primary group "users".

Docbroke wrote:

755 explained below
read=4, write=2, execute=1
root7 = rwx (read write & execute)
group5 = r_x (read in the directory, can execute/open files, cannot write/create new files)
user5 = r_x (read in the directory, can execute/open files, cannot write/create new files)
7=4+2+1(r+w+x), 6=(4+2)(r+w), 5=4+1(r+x), 4=4(r)
You can write with 775 but not with 755, means that when there is write permission to the group that owns the directory you can write, so your user is in the group that owns the file.
for directory x = create/delete files inside
for files x = execute as program

Last edited by hduyudh (2016-03-13 04:20:08)

Docbroke · 2016-03-13 04:28:18

well if with 775 you can write but not with 755, means directory is owned by group users but not by user duy, it is owned by root. Can you recheck permission when connected from client side?

Last edited by Docbroke (2016-03-13 04:29:35)

hduyudh · 2016-03-13 04:33:09

All files and directories in the share (including the share itself) are owned by "duy:users", as indicated in my original post, not "root". Checked this many times already lol.

Docbroke wrote:

well if with 775 you can write but not with 755, means directory is owned by group users but not by user duy, it is owned by root. Can you recheck permission when connected from client side?

Last edited by hduyudh (2016-03-13 04:34:10)

hduyudh · 2016-03-13 07:04:36

Alright, I think I made some progress, but still bizarre:

(server) $ ls -ld /tmp/test2
drwxr-xr-x 3 duy    users  100 Mar 12 22:54 /tmp/test2/

(server) $ testparm -s
Load smb config files from /etc/samba/smb.conf
...
[global]
...
        guest account = duy
...
...the rest is same as before; snipped for brevity...
[test2]
        comment = TEMP
        path = /tmp/test2
        read only = No
        guest ok = Yes

(client) $ sudo mount.cifs //192.168.1.205/test2 tmp/ -o guest,noperm
(client) $ touch tmp/asdf # THIS WORKS!

(client) $ sudo umount tmp/
(client) $ sudo mount.cifs //192.168.1.205/test2 tmp/ -o user=duy,pass=xxx,noperm
(client) $ touch tmp/asdf # THIS DOES NOT WORK!

Apparently if I log into samba as a user, I cannot write to a directory that the same user owns; but if I log in as guest, and have guest account maps to the same user that I tried before, things work as expected.
???

Docbroke · 2016-03-13 07:30:12

can you try removing "valid users = duy" from [private]? just making wild guess

hduyudh · 2016-03-13 07:49:40

Docbroke wrote:

can you try removing "valid users = duy" from [private]? just making wild guess

Yeah, it wasn't there before; I just added it for my test. If I remove that line, then first case (guest login) will not have write access (as expected, because then the guest account defaults to "nobody:nobody", who cannot write to my dir, which is 755 "duy:users"). The second case still fails, though (same as my original post).

Docbroke · 2016-03-13 08:18:03

what about "valid users = users", as duy is in group users, this may work with 755 permissions?

hduyudh · 2016-03-13 18:19:45

Nope, "users" is a group, not a user. Changing it make smb.conf parsing fail.

hduyudh · 2016-03-20 18:58:00

I can't be the only one with this issue There must be something subtle that I'm missing.

Googling reveal other people with the same problem, and all the advices were to change your mountpoint's dmask/fmask to 775/664 (instead of the default 755/644), which is not really a "solution", nor explain why it's a problem in the first place...
(http://stackoverflow.com/questions/2721 … e-with-755)

jaro3 · 2018-09-04 10:08:10

Anyone has figured this issue yet ? Same problem here, no solution after full day of headache, but dirty workaround:

[homes]
create mask = 0750
directory mask = 770

find /home/user/FILES -type d -exec chmod g+w {} \;

Why is USER write permission not sufficient to allow samba write access is beyond my understanding..... Directories with 750 in home directory are not writeable by the owner user :-(

samba 4.8.0-2 (brtfs filesystem moved from old machine)

magnust · 2018-10-02 07:58:02

I'm banging my head on this too.

I have two just about identical machines
smb.conf on the two are 100% identical
Directory and file rights 100% identical
Accessing samba share with a user who is the owner and in correct group:

On one of the computers I have to set 775 to get write access but on the other one 755 works.

But mucking about with the files and folders in ssh all works 100% as it should of course

Last edited by magnust (2018-10-02 08:02:13)

magnust · 2018-10-02 08:02:51

Here's another one with the same problem https://serverfault.com/questions/91722 … permission

Arch Linux

#1 2016-03-13 02:42:00

Samba: Can't write if server dir has mode 755, even as same user

#2 2016-03-13 03:28:44

Re: Samba: Can't write if server dir has mode 755, even as same user

#3 2016-03-13 04:19:19

Re: Samba: Can't write if server dir has mode 755, even as same user

#4 2016-03-13 04:28:18

Re: Samba: Can't write if server dir has mode 755, even as same user

#5 2016-03-13 04:33:09

Re: Samba: Can't write if server dir has mode 755, even as same user

#6 2016-03-13 07:04:36

Re: Samba: Can't write if server dir has mode 755, even as same user

#7 2016-03-13 07:30:12

Re: Samba: Can't write if server dir has mode 755, even as same user

#8 2016-03-13 07:49:40

Re: Samba: Can't write if server dir has mode 755, even as same user

#9 2016-03-13 08:18:03

Re: Samba: Can't write if server dir has mode 755, even as same user

#10 2016-03-13 18:19:45

Re: Samba: Can't write if server dir has mode 755, even as same user

#11 2016-03-20 18:58:00

Re: Samba: Can't write if server dir has mode 755, even as same user

#12 2018-09-04 10:08:10

Re: Samba: Can't write if server dir has mode 755, even as same user

#13 2018-10-02 07:58:02

Re: Samba: Can't write if server dir has mode 755, even as same user

#14 2018-10-02 08:02:51

Re: Samba: Can't write if server dir has mode 755, even as same user

Board footer