2

Use case: I'm trying to set up a single Samba share in a system (A) that should be freely accessible from another system (B) in the same network.

  • A is running CentOS 7 with Samba 4 daemons.
  • B runs Windows 7 Professional.

I set up the share in A with these parameters:

path = /home/MYUSER/dir
force user = MYUSER
force group = MYUSER
read only = No
create mask = 0644
force creater mode = 0644
force directory mode = 0755
guest ok = Yes

And map to guest = bad user. I added the correct SELinux context (or disabled SELinux, it doesn't matter).

Now, in the share path, only MYUSER has write permissions, and that is also the desired permission mask for all subdirectories, as configured. But since I'm forcing files to be written as MYUSER:MYUSER by samba (even though we will be accessing as guest), that shouldn't be a problem, right?

Wrong. When I mount the share on B I have no trouble seeing it, browsing it or reading the files in it. However, all write operations are refused as not allowed.

If I chmod o+w the path of the share, then suddenly samba can write to it... And all the files/directories I create in it are correctly owned by MYUSER:MYUSER! (Though directories, being created with permissions 0755, will in turn not be writable).

Why does this happen? Is samba first creating the files and directories as nobody (or some other user) before chowning them to MYUSER?

Can I set up samba in a way that works around this issue without requiring my share and all subdirectories to be writable by "other"?

Protected
  • 21
  • 2
  • I worked around the issue using the apparently "recommended" method of setgid on directories + group can do everything, but I'll still await a real answer, such as "it's a bug no one can be bothered to fix"! – Protected Aug 03 '16 at 16:27
  • Are you trying to have a share with guest access, so anyone can connect and read and write files? But on the Linux side you would like that files to be owned by a specific user and on Linux side you would like to restrict access to those files? The question is, if any user is allowed to connect, read and write, why do you need the restriction on Linux side? For a guest share, you can specify guest user in the samba configuration. Or is it a problem only when a known user accesses the guest share. You can use Linux (and optionally also NTFS) ACLs there. – Zrin Jan 17 '17 at 10:36
  • 1
    See also: `guest only = yes` and `map to guest = Bad Password`, but it depends on `security = ` setting. – Zrin Jan 17 '17 at 10:45

0 Answers0