Samba shares only work with "force user"

I seem to have trouble understanding the configurations of samba on Ubuntu. Let’s say I have 4 folders in /srv, these are media, share, bob-personal, and joe-personal. I also have 3 users: bob, joe, and nas. Users bob and joe are standard users (one of them is disabled in Ubuntu, since I didn’t assign it a password, for both users, their file in AccountsService has an entry “SystemAccount=true”, so they don’t show up on the login screen). nas is the administrator of the system. I used this user for setting up the NAS (for everything that doesn’t have to be done as root) and I’m currently logged in as this user. There are also the following user groups: all-share (includes bob, joe, nas), media-share (includes bob, nas), joe (includes joe, nas) and bob (includes bob, nas).

Initially, I set chown nas:media-share media and chown nas:all-share share. I also set chown joe:joe joe-personal and chown bob:bob bob-personal and set chmod 660 <foldername> for all these folders. The shares were then configured like this:

[media] path = /srv/media comment = Media Share writeable = yes valid users = @media-share
[share] path = /srv/share comment = Common Share writeable = yes valid users = @all-share
[joe-personal] path = /srv/joe-personal comment = Personal Folder Joe writeable = yes valid users = @joe
[bob-personal] path = /srv/bob-personal comment = Personal Folder Bob writeable = yes valid users = @bob

Of course, I also added all these users to the Samba users DB. However, I wasn’t able to access any of these folders from any machine using any possible user account (Windows always says “You don’t have the permission to access …”).

I then added a line force user = nas to each share declaration, changed the ownership of each folder to nas:nas and changed the user permissions to 700. Now everything works like a charm!

The only problem is that obviously, all new files created in any of these folders are owned by nas, as opposed to the logged-in remote user that actually created them. This isn’t a massive problem for me, but it would still be really convenient to see who created what (for statistics, blaming, etc.). Does anyone have an idea why it wasn’t possible to access anything with the old configuration?

Here is a dump of my global configurations:

[global] server string = %h Samba NAS server role = standalone server security = USER map to guest = Bad User obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . username map = /etc/samba/smbusers syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 dns proxy = No usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d idmap config * : backend = tdb invalid users = root

System info: Ubuntu 16.04.02, up-to-date, Samba installed yesterday

1 Answer

I wonder why you used the specification in the form: valid users = @media-share. This is to specify group access: all users in the group media-shareare valid users. In your case, I would have used:valid users = joe or valid users = joe bob if access is to be granted to both. write list can also be used. See the manual for more details.

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

You Might Also Like