[SOLVED] Can't write to Samba share on client without chown

lv426 · 2024-01-14 18:16:22

Greetings!

I have set up a Samba share on my server that only allows users with the name "smbuser" and the group "smbgroup" to access the share. Said user and group exist on the server.

The issue I am having is that on any client machine, the share cannot be written to unless I use `chown myuser -R /mnt/my-share` or sudo privileges. It doesn't matter if the directory is mounted under `/mnt` or the client's home folder, as both end being up being owned by root. I should add that the clients are Linux, not Windows. I followed the ArchWiki and there was nothing about having to `chown` the share on the client.

Here are my settings on the client:

cat /etc/fstab

//192.168.0.131/my-share /mnt/my-share (or /home/user/Public/my-share) cifs _netdev,nofail,users,credentials=/etc/samba/credentials/samba-share 0 0

cat /etc/samba/credentials/samba-share

username=smbuser
password=myPassword

Here are my settings on the server:

cat /etc/samba/smb.conf

[my-share]
path = /mnt/my-share
valid users = smbuser
force user = smbuser
force group = smbgroup
public = no
writable = yes
create mask = 0664
force create mode = 0664
directory mask = 0775
force directory mode = 0775

Last edited by lv426 (2024-01-26 18:03:08)

d.ALT · 2024-01-14 19:20:00

What are the permissions server-side?

lv426 · 2024-01-14 19:58:57

d.ALT wrote:

What are the permissions server-side?

The permissions server side are `rw-rw-r--` smbuser smbgroup.

d.ALT · 2024-01-15 06:08:14

Remove these declarations:

force user = smbuser
force group = smbgroup

seth · 2024-01-15 09:06:36

https://wiki.archlinux.org/title/Samba#Manual_mounting
Check the actual "mount" parameters and see the blue note in the above paragraph.

lv426 · 2024-01-15 20:45:37

d.ALT wrote:

Remove these declarations:
force user = smbuser
force group = smbgroup

Unfortunately, this did not work, even after restarting the service.

Although not relevant to the topic, I have always used these two options, because if you have more than one valid user, you can't write without these options.

seth wrote:

https://wiki.archlinux.org/title/Samba#Manual_mounting
Check the actual "mount" parameters and see the blue note in the above paragraph.

Are you referring to the uid and gid? It did solve my problem, but I don't understand why, because the user and group do not match "smbuser" or "smbgroup" on the server. I am also not using forceuid or forcegid anywhere. Finally, there is that warning below: Warning: Using uid and/or gid as mount options may cause I/O errors, it is recommended to set/check correct File permissions and attributes instead.. This why I avoided using uid and gid and set the permissions instead.

Thanks guys.

seth · 2024-01-15 21:08:32

because the user and group do not match "smbuser" or "smbgroup" on the server

That's the point.

Finally, there is that warning below

https://wiki.archlinux.org/title/Talk:S … l_mounting?

This was added 11 years ago in a basically uncommented change by a non-existing Brando56894 user.
https://wiki.archlinux.org/index.php?ti … did=254430

I'd not worry about that until you see it yourself.

lv426 · 2024-01-25 18:59:35

seth wrote:

because the user and group do not match "smbuser" or "smbgroup" on the server
That's the point.
Finally, there is that warning below
https://wiki.archlinux.org/title/Talk:S … l_mounting?
https://imgs.xkcd.com/comics/wikipedian_protester.png
This was added 11 years ago in a basically uncommented change by a non-existing Brando56894 user.
https://wiki.archlinux.org/index.php?ti … did=254430
I'd not worry about that until you see it yourself.

Sorry for the late reply!

I understand that the uid and gid are giving the local user / client access to the share without having to chown -R it. It's the note in the blue paragraph below that throws me off: "If the uid and gid being used does not match the user of the server, the forceuid and forcegid options may be helpful."

There is no user on the server called, let's say, "lv426", only on the client. The wording to me sounds like I need to use the force options to access it. Just trying to understand here.

As for the warning, maybe it should be removed, since there has been no discussion? It definitely deterred me and maybe others from using the options needed to write to the share.

Last edited by lv426 (2024-01-25 19:01:34)

seth · 2024-01-25 21:19:48

The username doesn't matter, the UID does.
https://man.archlinux.org/man/mount.cifs.8#forceuid
tl;dr if uid,gid works as you'd expect, don't bother w/ the force variants

I added an accuracy disputed notion to the wiki, thanks for bringing this up.

lv426 · 2024-01-25 23:10:50

Thanks again for your help. I appreciate it!

seth · 2024-01-26 09:03:05

Please always remember to mark resolved threads by editing your initial posts subject - so others will know that there's no task left, but maybe a solution to find.
Thanks.

Arch Linux

#1 2024-01-14 18:16:22

[SOLVED] Can't write to Samba share on client without chown

#2 2024-01-14 19:20:00

Re: [SOLVED] Can't write to Samba share on client without chown

#3 2024-01-14 19:58:57

Re: [SOLVED] Can't write to Samba share on client without chown

#4 2024-01-15 06:08:14

Re: [SOLVED] Can't write to Samba share on client without chown

#5 2024-01-15 09:06:36

Re: [SOLVED] Can't write to Samba share on client without chown

#6 2024-01-15 20:45:37

Re: [SOLVED] Can't write to Samba share on client without chown

#7 2024-01-15 21:08:32

Re: [SOLVED] Can't write to Samba share on client without chown

#8 2024-01-25 18:59:35

Re: [SOLVED] Can't write to Samba share on client without chown

#9 2024-01-25 21:19:48

Re: [SOLVED] Can't write to Samba share on client without chown

#10 2024-01-25 23:10:50

Re: [SOLVED] Can't write to Samba share on client without chown

#11 2024-01-26 09:03:05

Re: [SOLVED] Can't write to Samba share on client without chown

Board footer