You are not logged in.
- Topics: Active | Unanswered
#1 2019-10-27 05:06:28
- everwisher
- Member
- Registered: 2019-09-11
- Posts: 33
Samba service only available to one user who created the share. Why?
I set up a samba service on my arch-linux desktop and want it to run as a home file server on the samba protocol. After a writing a whole new smb.conf files, however, my account (me) is the only account able to access the server from every device in my house. The other accounts (e.g. user2) supposed to be working can see the directory strucuture but get refused on trying to open any shared folder.
Here's my smb.conf files (statements between the #s are actually not in the smb.conf file, only intent to be descriptive here):
[global]
workgroup = WORKGROUP
netbios name = mysambaServer
interfaces = 192.168.254.0/24 192.168.1.0/24 # the first interface is for VMs to use macvtap to connect the host, and the second one is on my router where all my home devices connect to #
logfile = %S.log
security = user
passdb backend = smbpasswd
usershare allow guests = yes
usershare max shares = 20
deadtime = 0
[Movies]
comment = Movies shared across home
path = /media/gData/Movies # I divided each of my hard drives into 2 partitions at the sizes of 6TB and 2TB respectively, grouping all the 2tb partitions into a raid 5 LV for data of more importance while 6tb partitions into a jbod LV for less crucial data, and mount them to desired destinations#
browseable = yes
public = yes
guest ok = yes
valid users = @sambashare
write list = me user2 # me belongs to groups: wheel, libvirt, storage and sambashare; user2 belongs to the group sambashare only #
writable = yes
force group = sambashare
create mask = 0760
directory mask = 0760
[Videos]
comment = Videos shared
path = /media/gData/Videos
browseable = yes
public = no
valid users = me
writable = yes
force group = sambashare
create mask = 0740
directory mask = 0740
[Documents]
comment = My documents
path = /media/rData/Documents
browseable = yes
public = no
valid users = me
write list = me
writable = yes
force group = sambashare
create mask = 0740
directory mask = 0740
[mnt] # This is for external drives temporarily shared, and is the only expection which can be accessed by users other than me, can't figure out why #
comment = temporary share on USB portable hard drives
path = /mnt
browseable = on
public = yes
valid users = @sambashare
writable = yes
create mask = 0777
directory mask = 0777Here's my samba user list shown by pdbedit -Lv:
Unix username: user2
NT username:
Account Flags: [U ]
User SID: S-1-5-21-2891377438-1959246354-1840679702-3002
Primary Group SID: S-1-5-21-2891377438-1959246354-1840679702-513
Full Name: user2 on sambashare
Home Directory: \\myserver\user2
HomeDir Drive:
Logon Script:
Profile Path: \\myserver\user2\profile
Domain: MYSERVER
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: never
Kickoff time: never
Password last set: Sat, 19 Oct 2019 14:06:02 HKT
Password can change: Sat, 19 Oct 2019 14:06:02 HKT
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
---------------
Unix username: me
NT username:
Account Flags: [U ]
User SID: S-1-5-21-2891377438-1959246354-1840679702-3000
Primary Group SID: S-1-5-21-2891377438-1959246354-1840679702-513
Full Name: the admin
Home Directory: \\myserver\me
HomeDir Drive:
Logon Script:
Profile Path: \\myserver\me\profile
Domain: MYSERVER
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: never
Kickoff time: never
Password last set: Fri, 18 Oct 2019 21:01:54 HKT
Password can change: Fri, 18 Oct 2019 21:01:54 HKT
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFLast edited by everwisher (2019-10-27 07:34:30)
Offline
#2 2019-10-27 05:40:21
- jasonwryan
- Anarchist
- From: .nz
- Registered: 2009-05-09
- Posts: 30,426
- Website
Re: Samba service only available to one user who created the share. Why?
Please remove the redundamt plea for help from your title https://wiki.archlinux.org/index.php/Co … ow_to_post and use code, not quote, tags
https://wiki.archlinux.org/index.php/Co … s_and_code
Offline
#3 2019-10-27 07:35:12
- everwisher
- Member
- Registered: 2019-09-11
- Posts: 33
Re: Samba service only available to one user who created the share. Why?
Please remove the redundamt plea for help from your title https://wiki.archlinux.org/index.php/Co … ow_to_post and use code, not quote, tags
https://wiki.archlinux.org/index.php/Co … s_and_code
That's done. Thanks for reminding.
Offline
#4 2019-10-29 13:30:19
- WorMzy
- Administrator
- From: Scotland
- Registered: 2010-06-16
- Posts: 12,600
- Website
Re: Samba service only available to one user who created the share. Why?
Mod note: Moving to Networking/Server on request.
Sakura:-
Mobo: MSI MAG X570S TORPEDO MAX // Processor: AMD Ryzen 9 5950X @4.9GHz // GFX: AMD Radeon RX 5700 XT // RAM: 32GB (4x 8GB) Corsair DDR4 (@ 3000MHz) // Storage: 1x 3TB HDD, 6x 1TB SSD, 2x 120GB SSD, 1x 275GB M2 SSD
Making lemonade from lemons since 2015.
Offline
#5 2019-11-17 20:08:20
- eomanis
- Member
- Registered: 2013-04-17
- Posts: 55
Re: Samba service only available to one user who created the share. Why?
The other accounts (e.g. user2) supposed to be working can see the directory strucuture but get refused on trying to open any shared folder.
That sounds suspiciously as if user2 is not allowed to enter the shared directories.
You do use "force group" on your shares; this looks like you put at least some thought into permissions, but you might still go the empirical way and test it:
Open a shell as user "user2" and with primary group "sambashare" with e.g. "sudo -ig sambashare -u user2"
In the shell, "cd" to /, and then try to "cd" all the way to an affected shared directory, step by step
Might very well be that the user is not allowed to enter one of the parent directories.
Last edited by eomanis (2019-11-17 20:09:12)
Offline