Find the answer to your Linux question:
Results 1 to 7 of 7
I think I have done everything right, but I still cant get this to work. I have a Windows XP box with a USB disck drive formatted and full of ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Feb 2010
    Posts
    16

    Cant get permissions working windows to Ubuntu using Samba


    I think I have done everything right, but I still cant get this to work.

    I have a Windows XP box with a USB disck drive formatted and full of data. I have taken this drive and plugged it into my Ubuntu server.

    I want to be able to access the drive from XP. As XP prompts me for a logon and password when I try to access the drive I do not want the credentials to be those of the usual user on my Ubuntu box. I therefore would like to set up a second user on my Ubuntu box with limited priviledges and to issue only this password for users accessing the share.

    Upon accessing the share I can enter the username and password of the currently logged on Ubuntu user (slates) and it works fine. But I cannot get the alternate username and password I have set up (samba) to allow access. The samba log tells me "permission denied".

    Here is what I have done :

    Installed and started samba.
    set up a share in smb.conf :
    [TEST]
    path = /media/USBDRIVE/test
    comment = Test share
    browseable = yes
    writeable = yes
    create mask = 0775
    force group = slates
    directory mode = 0775

    I have addedd Linix (ubuntu) user samba.
    I have added a user and password for user samba samba server.
    I have restarted samba server

    But no joy : permssion denied when accessing from windows using the samba user (I have the correct password) according to the samba logs.

    I do notice that my /media/USBDRIVE has permissions drwx------ slates

    This setting would imply that user samba would not have access. However Im expecting samba to override this.

    I also note that I cannot change these settings, a sudo chmod 0777 command executes without errors but does nopt change the security settings.

    Can anyone enlighten me as to what Im missing here please ? Would I expect to be able to do what Im trying to do, and if so what have I overlooked that it stopping it from working as expected ?

  2. #2
    Linux Enthusiast scathefire's Avatar
    Join Date
    Jan 2010
    Location
    Western Kentucky
    Posts
    626
    samba does not override UNIX permissions. UNIX permissions come before ACLs.
    linux user # 503963

  3. #3
    Just Joined!
    Join Date
    Feb 2010
    Posts
    16
    That makes sense. I figured as much but as I mentioned in my post I cannot change the linix settings :

    a sudo chmod 0777 command executes without errors but does not change the security settings.

    The directory security remains owner only rwx.

    How do I change them to allow group members access ? Surely sudo chmod 0777 would do it ?

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Enthusiast scathefire's Avatar
    Join Date
    Jan 2010
    Location
    Western Kentucky
    Posts
    626
    i had the same problem with a external hard drive being mapped through samba, i made the following entry in my fstab file:

    Code:
    /dev/sdc1 /path/to/mount/my/drive vfat    defaults,uid=10040,gid=10040,umask=0000 0 0
    That UID and GID can be whatever you want it to be, in my case its a user called backup and group called backup. The dev/sdc1 will be different depending on what you got plugged in.
    linux user # 503963

  6. #5
    Just Joined!
    Join Date
    Feb 2010
    Posts
    16
    Thanks for your reply, sorry for my delay Ive been away.

    OK so I have edited fstab and made the following entry :

    /dev/sdc1 /media/650GBACKUP , fuseblk,defaults,uid=1001,gid=120,umask=0000 0 0

    uid 1001 is a user "samba" that I added.

    However a listing of /media/650GBACKUP shows :

    drwx------ 1 cps cps 4096 2010-02-14 14:27 650GBACKUP

    cps is the user I am usually logged into (Ive changed them from my first post to try and track the problem down.

    id cps shows :

    uid=1000(cps) gid=1000(cps) groups=1000(cps),4(adm),20(dialout),24(cdrom),29(a udio),46(plugdev),
    103(fuse),104(lpadmin),112(netdev),115(admin),120( sambashare)

    and id samba shows
    uid=1001(samba) gid=1001(samba) groups=1001(samba),46(plugdev),103(fuse),112(netde v),120(sambashare)

    So according to my entry in fstab the mount should be owned by samba and accessible to group sambashare (120).

    yet dfrom windows (XP) I am 'unauthorised' if I provide the samba user credentials. I get full access if I provide cps credentials.

    Clearly, as per the first reply, linux security is taking precedence. And that says it is accessible only by cps - as indeed the case. However neither the fstab entry nor a chmod have any apparent effect changing this.

    There is clearly something I dont understand about shares and samba.

    ????

  7. #6
    Linux Guru
    Join Date
    Nov 2007
    Posts
    1,763
    *Just like on Windows shares* the share has permissions that let users in/out of the share and provide a higher-level permission. Unless you have a setting that says "this share is read only" or "this user is read only," then you don't have a problem with the share permissions. Looking at your smb.conf, none of these settings are there. The share permissions are "if a user can get in, he can read or write - depending on filesystem permissions." Replace "filesystem permissions" with NTFS permissions and you have the same considerations as a Windows machine.

    The fstab entry says "umask = 0", if this were being *used*, the permissions would be 777. They're not. Ergo, the fstab entry is NOT being used. Why not is outside the scope here. By the same token, the owner/group is not being set to "samba."

    Solution:

    Stop Samba.

    Unmount the USB drive:

    Code:
    umount /media/650GBACKUP
    Confirm the partition that needs to be mounted:

    Code:
    fdisk -l
    Make a directory to mount it:

    Code:
    mkdir /media/usb_backup_drive
    Mount it with the permissions desired:

    Code:
    mount -t ntfs-3g -o umask=0 /dev/sdXX /media/usb_backup_drive
    And then start Samba.

    * Because you're mounting with umask=0, any user will have write access. So there is no need to worry about the owner/group.

    ** Some/all of these commands may need to be used with sudo.

  8. #7
    Just Joined!
    Join Date
    Feb 2010
    Posts
    16
    Thankyou very much for a concise, logical and informative explanation ! I now think I actually understand what is going on (at least a lot better than I clearly didnt before).

    With a little time spent reading around the info you gave me, I have now successfully mounted the device with the permissions I want and will experiment around that. (I used this : sudo mount -t ntfs-3g -o umask=027,uid=1000,gid=120 /dev/sdb1 /media/650GBACKUP)

    To check I have understood better, would I be right in saying when I mount the device, access permissions are not controlled by CHMOD, which is why chmod appears to make no difference when I try it, but rather with the mount permissions/masks against what the accessing process is trying to do ? This leaves me wondering how I would control access if I want different access for different directories in the mount, so maybe Im still missing something here. Ive failed to find a good write up on this yet, maybe Im searching incorrectly.

    Am I also right in saying that I should put the equivalent entry into fstab so that when I unplug and reconnect my usb drive (which I will), presumably the OS will see the entry in fstab and automatically mount it with the correct permissions - rather than those it was defaulting to in my example.

    I do note you saying why fstab was not being used as being out of scope here ... but it doesnt stop me still wondering (Im inquisitive !), especially since when I did the umount first off I got a warning telling me fstab didnt match the actual mount - confirming what you said I guess. But Im presuming here the change to ntfs is the key, and the main error in my ways.

    Thanks again for your explanation - you've got me over the hurdle where I didnt get what was going on !

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •