You are not logged in.

#1 2019-10-27 05:06:28

everwisher
Member
Registered: 2019-09-11
Posts: 33

Samba service only available to one user who created the share. Why?

I set up a samba service on my arch-linux desktop and want it to run as a home file server on the samba protocol. After a writing a whole new smb.conf files, however, my account (me) is the only account able to access the server from every device in my house. The other accounts (e.g. user2) supposed to be working can see the directory strucuture but get refused on trying to open any shared folder.

Here's my smb.conf files (statements between the #s are actually not in the smb.conf file, only intent to be descriptive here):

[global]
        workgroup = WORKGROUP
        netbios name = mysambaServer
        interfaces = 192.168.254.0/24 192.168.1.0/24    # the first interface is for VMs to use macvtap to connect the host, and the second one is on my router where all my home devices connect to #
        logfile = %S.log
        security = user
        passdb backend = smbpasswd
        usershare allow guests = yes
        usershare max shares = 20
        deadtime = 0

[Movies]
        comment = Movies shared across home
        path = /media/gData/Movies   # I divided each of my hard drives into 2 partitions at the sizes of 6TB and 2TB respectively, grouping all the 2tb partitions into a raid 5 LV for data of more importance while 6tb partitions into a jbod LV for less crucial data,  and mount them to desired destinations#
        browseable = yes
        public = yes
        guest ok = yes
        valid users = @sambashare
        write list = me user2  # me belongs to groups: wheel, libvirt, storage and sambashare; user2 belongs to the group sambashare only #
        writable = yes
        force group = sambashare
        create mask = 0760
        directory mask = 0760

[Videos]
        comment = Videos shared
        path = /media/gData/Videos
        browseable = yes
        public = no
        valid users = me
        writable = yes
        force group = sambashare
        create mask = 0740
        directory mask = 0740

[Documents]
        comment = My documents
        path = /media/rData/Documents
        browseable = yes
        public = no
        valid users = me
        write list = me
        writable = yes
        force group = sambashare
        create mask = 0740
        directory mask = 0740

[mnt]   # This is for external drives temporarily shared, and is the only expection which can be accessed by users other than me, can't figure out why #
        comment = temporary share on USB portable hard drives
        path = /mnt
        browseable = on
        public = yes
        valid users = @sambashare
        writable = yes
        create mask = 0777
        directory mask = 0777

Here's my samba user list shown by pdbedit -Lv:

Unix username:        user2
NT username:          
Account Flags:        [U          ]
User SID:             S-1-5-21-2891377438-1959246354-1840679702-3002
Primary Group SID:    S-1-5-21-2891377438-1959246354-1840679702-513
Full Name:            user2 on sambashare
Home Directory:       \\myserver\user2
HomeDir Drive:        
Logon Script:         
Profile Path:         \\myserver\user2\profile
Domain:               MYSERVER
Account desc:         
Workstations:         
Munged dial:          
Logon time:           0
Logoff time:          never
Kickoff time:         never
Password last set:    Sat, 19 Oct 2019 14:06:02 HKT
Password can change:  Sat, 19 Oct 2019 14:06:02 HKT
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
---------------
Unix username:        me
NT username:          
Account Flags:        [U          ]
User SID:             S-1-5-21-2891377438-1959246354-1840679702-3000
Primary Group SID:    S-1-5-21-2891377438-1959246354-1840679702-513
Full Name:            the admin
Home Directory:       \\myserver\me
HomeDir Drive:        
Logon Script:         
Profile Path:         \\myserver\me\profile
Domain:               MYSERVER
Account desc:         
Workstations:         
Munged dial:          
Logon time:           0
Logoff time:          never
Kickoff time:         never
Password last set:    Fri, 18 Oct 2019 21:01:54 HKT
Password can change:  Fri, 18 Oct 2019 21:01:54 HKT
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

Last edited by everwisher (2019-10-27 07:34:30)

Offline

#2 2019-10-27 05:40:21

jasonwryan
Anarchist
From: .nz
Registered: 2009-05-09
Posts: 30,424
Website

Re: Samba service only available to one user who created the share. Why?

Please remove the redundamt plea for help from your title https://wiki.archlinux.org/index.php/Co … ow_to_post and use code, not quote, tags
https://wiki.archlinux.org/index.php/Co … s_and_code


Arch + dwm   •   Mercurial repos  •   Surfraw

Registered Linux User #482438

Offline

#3 2019-10-27 07:35:12

everwisher
Member
Registered: 2019-09-11
Posts: 33

Re: Samba service only available to one user who created the share. Why?

jasonwryan wrote:

Please remove the redundamt plea for help from your title https://wiki.archlinux.org/index.php/Co … ow_to_post and use code, not quote, tags
https://wiki.archlinux.org/index.php/Co … s_and_code

That's done. Thanks for reminding.

Offline

#4 2019-10-29 13:30:19

WorMzy
Forum Moderator
From: Scotland
Registered: 2010-06-16
Posts: 11,784
Website

Re: Samba service only available to one user who created the share. Why?

Mod note: Moving to Networking/Server on request.


Sakura:-
Mobo: MSI MAG X570S TORPEDO MAX // Processor: AMD Ryzen 9 5950X @4.9GHz // GFX: AMD Radeon RX 5700 XT // RAM: 32GB (4x 8GB) Corsair DDR4 (@ 3000MHz) // Storage: 1x 3TB HDD, 6x 1TB SSD, 2x 120GB SSD, 1x 275GB M2 SSD

Making lemonade from lemons since 2015.

Offline

#5 2019-11-17 20:08:20

eomanis
Member
Registered: 2013-04-17
Posts: 50

Re: Samba service only available to one user who created the share. Why?

everwisher wrote:

The other accounts (e.g. user2) supposed to be working can see the directory strucuture but get refused on trying to open any shared folder.

That sounds suspiciously as if user2 is not allowed to enter the shared directories.
You do use "force group" on your shares; this looks like you put at least some thought into permissions, but you might still go the empirical way and test it:

  1. Open a shell as user "user2" and with primary group "sambashare" with e.g. "sudo -ig sambashare -u user2"

  2. In the shell, "cd" to /, and then try to "cd" all the way to an affected shared directory, step by step

Might very well be that the user is not allowed to enter one of the parent directories.

Last edited by eomanis (2019-11-17 20:09:12)

Offline

Board footer

Powered by FluxBB