Help: need to make authenticated, multi-user shared folder in samba!

[mzraptor]

Hello friends,

I am trying to setup a samba on CentOS 5.6 properly,
in order to offer fileserver access to my LAN network users,
and my current setup has the HDD that will host the files
mounted as /home/disk1, under which I have created 3 users
with home path on this disk.

Code:

# cat /etc/passwd :

user2:x:501:501::/home/disk1/user2:/bin/bash
user1:x:502:502::/home/disk1/user1:/bin/bash
user3:x:503:503::/home/disk1/user3:/bin/bash

In addition, I need to make one folder at which all 3 users
will have full write/read access, so I have added the users
on a group, named "lusers"

Code:

# cat /etc/group :

user2:x:501:
user1:x:502:
user3:x:503:
lusers:x:504:user1,user3,user2

So, I have set permissions for each user to own his folder,
and the 4th folder "shared" to be owned by one of the users
and the group (chown user1:lusers shared)

Code:

# cd /home/disk1 && ls -la :

drwxr-xr-x 7 root     root      4096  Sep 15 20:48 .
drwxr-xr-x 5 root     root      4096  Sep 15 20:27 ..
drwx------ 2 user1    user1     4096  Sep 15 20:47 user1
drwx------ 5 user2    user2     4096  Sep 15 21:33 user2
drwx------ 2 root     root      16384 Sep 14 01:42 lost+found
drwx------ 2 user3    user3     4096  Sep 15 21:02 user3
drwxr-xr-x 2 user1    lusers    4096  Sep 15 20:51 shared

Finally, here is my config file of Samba:

Code:

# cat /etc/samba/smb.conf :

[global]
workgroup = WORKGROUP
server string = File Server

[user1]
comment = user1
path = /home/disk1/user1
valid users = user1
public = no
writable = yes
printable = no
create mask = 0765

[user2]
comment = user2
path = /home/disk1/user2
valid users = user2
public = no
writable = yes
printable = no
create mask = 0765

[user3]
comment = user3
path = /home/disk1/user3
valid users = user3
public = no
writable = yes
printable = no
create mask = 0765

[shared]
comment = shared
path = /home/disk1/shared
valid users = user1 user3 user2
public = no
writable = yes
printable = no
create mask = 0777

Notice I have set "create mask" 777 permissions and valid users
all the 3 users for the [shared] folder on this samba share.


---------


It works perfect for the 3 users and they can each one manage
properly their own folder and read/write to it, without having
access to other users (as intented) and they all have also
access to read/view the shared folder (/home/disk1/shared),
but only user1 can write on it, while the folder is also owned by
the group the rest users belong to and they also are on valid users...


What do I do wrong ?

How can I make "shared" folder to be also writable for all 3 users ?



Thanks on advance for any advice!

[atreyu]

set the permissions of the shared dir such that it is group-writable, e.g.:

Code:

chmod 0775 /home/disk1/shared

[mzraptor]

set the permissions of the shared dir such that it is group-writable, e.g.:

Code:

chmod 0775 /home/disk1/shared

Still the same, I changed to 0775 and still says I need permission...

[mzraptor]

Found a solution to this by replacing:

valid users = user1 user3 user2

line under [shared] config in samba config file, with:

write list = user1 user2 user3

and it works great.


Let me know if this is the best solution or if I need to fix any permissions if this might have security issues

[atreyu]

Good find on the samba fix, but i'm curious - would that samba fix have worked if the file permissions were not also 0775 on the shared dir? I would think not, but...

[mzraptor]

I tested and it works fine with ANY permissions...

It seems samba totally disregards FS permissions with this "write list" directive...

Not sure how secure this sounds, but that's a fact...


Anyone can share his input if my setup is secure or there's a better way to do these all ?