Cant get permissions working windows to Ubuntu using Samba

[Slates]

I think I have done everything right, but I still cant get this to work.

I have a Windows XP box with a USB disck drive formatted and full of data. I have taken this drive and plugged it into my Ubuntu server.

I want to be able to access the drive from XP. As XP prompts me for a logon and password when I try to access the drive I do not want the credentials to be those of the usual user on my Ubuntu box. I therefore would like to set up a second user on my Ubuntu box with limited priviledges and to issue only this password for users accessing the share.

Upon accessing the share I can enter the username and password of the currently logged on Ubuntu user (slates) and it works fine. But I cannot get the alternate username and password I have set up (samba) to allow access. The samba log tells me "permission denied".

Here is what I have done :

Installed and started samba.
set up a share in smb.conf :
[TEST]
path = /media/USBDRIVE/test
comment = Test share
browseable = yes
writeable = yes
create mask = 0775
force group = slates
directory mode = 0775

I have addedd Linix (ubuntu) user samba.
I have added a user and password for user samba samba server.
I have restarted samba server

But no joy : permssion denied when accessing from windows using the samba user (I have the correct password) according to the samba logs.

I do notice that my /media/USBDRIVE has permissions drwx------ slates

This setting would imply that user samba would not have access. However Im expecting samba to override this.

I also note that I cannot change these settings, a sudo chmod 0777 command executes without errors but does nopt change the security settings.

Can anyone enlighten me as to what Im missing here please ? Would I expect to be able to do what Im trying to do, and if so what have I overlooked that it stopping it from working as expected ?

[scathefire]

samba does not override UNIX permissions. UNIX permissions come before ACLs.

[Slates]

That makes sense. I figured as much but as I mentioned in my post I cannot change the linix settings :

a sudo chmod 0777 command executes without errors but does not change the security settings.

The directory security remains owner only rwx.

How do I change them to allow group members access ? Surely sudo chmod 0777 would do it ?

[scathefire]

i had the same problem with a external hard drive being mapped through samba, i made the following entry in my fstab file:

Code:

/dev/sdc1 /path/to/mount/my/drive vfat    defaults,uid=10040,gid=10040,umask=0000 0 0

That UID and GID can be whatever you want it to be, in my case its a user called backup and group called backup. The dev/sdc1 will be different depending on what you got plugged in.

[Slates]

Thanks for your reply, sorry for my delay Ive been away.

OK so I have edited fstab and made the following entry :

/dev/sdc1 /media/650GBACKUP , fuseblk,defaults,uid=1001,gid=120,umask=0000 0 0

uid 1001 is a user "samba" that I added.

However a listing of /media/650GBACKUP shows :

drwx------ 1 cps cps 4096 2010-02-14 14:27 650GBACKUP

cps is the user I am usually logged into (Ive changed them from my first post to try and track the problem down.

id cps shows :

uid=1000(cps) gid=1000(cps) groups=1000(cps),4(adm),20(dialout),24(cdrom),29(a udio),46(plugdev),
103(fuse),104(lpadmin),112(netdev),115(admin),120( sambashare)

and id samba shows
uid=1001(samba) gid=1001(samba) groups=1001(samba),46(plugdev),103(fuse),112(netde v),120(sambashare)

So according to my entry in fstab the mount should be owned by samba and accessible to group sambashare (120).

yet dfrom windows (XP) I am 'unauthorised' if I provide the samba user credentials. I get full access if I provide cps credentials.

Clearly, as per the first reply, linux security is taking precedence. And that says it is accessible only by cps - as indeed the case. However neither the fstab entry nor a chmod have any apparent effect changing this.

There is clearly something I dont understand about shares and samba.

????

[HROAdmin26]

*Just like on Windows shares* the share has permissions that let users in/out of the share and provide a higher-level permission. Unless you have a setting that says "this share is read only" or "this user is read only," then you don't have a problem with the share permissions. Looking at your smb.conf, none of these settings are there. The share permissions are "if a user can get in, he can read or write - depending on filesystem permissions." Replace "filesystem permissions" with NTFS permissions and you have the same considerations as a Windows machine.

The fstab entry says "umask = 0", if this were being *used*, the permissions would be 777. They're not. Ergo, the fstab entry is NOT being used. Why not is outside the scope here. By the same token, the owner/group is not being set to "samba."

Solution:

Stop Samba.

Unmount the USB drive:

Code:

umount /media/650GBACKUP

Confirm the partition that needs to be mounted:

Code:

fdisk -l

Make a directory to mount it:

Code:

mkdir /media/usb_backup_drive

Mount it with the permissions desired:

Code:

mount -t ntfs-3g -o umask=0 /dev/sdXX /media/usb_backup_drive

And then start Samba.

* Because you're mounting with umask=0, any user will have write access. So there is no need to worry about the owner/group.

** Some/all of these commands may need to be used with sudo.

[Slates]

Thankyou very much for a concise, logical and informative explanation ! I now think I actually understand what is going on (at least a lot better than I clearly didnt before).

With a little time spent reading around the info you gave me, I have now successfully mounted the device with the permissions I want and will experiment around that. (I used this : sudo mount -t ntfs-3g -o umask=027,uid=1000,gid=120 /dev/sdb1 /media/650GBACKUP)

To check I have understood better, would I be right in saying when I mount the device, access permissions are not controlled by CHMOD, which is why chmod appears to make no difference when I try it, but rather with the mount permissions/masks against what the accessing process is trying to do ? This leaves me wondering how I would control access if I want different access for different directories in the mount, so maybe Im still missing something here. Ive failed to find a good write up on this yet, maybe Im searching incorrectly.

Am I also right in saying that I should put the equivalent entry into fstab so that when I unplug and reconnect my usb drive (which I will), presumably the OS will see the entry in fstab and automatically mount it with the correct permissions - rather than those it was defaulting to in my example.

I do note you saying why fstab was not being used as being out of scope here ... but it doesnt stop me still wondering (Im inquisitive !), especially since when I did the umount first off I got a warning telling me fstab didnt match the actual mount - confirming what you said I guess. But Im presuming here the change to ntfs is the key, and the main error in my ways.

Thanks again for your explanation - you've got me over the hurdle where I didnt get what was going on !