Find the answer to your Linux question:
Results 1 to 7 of 7
Help! I'm running CENT 6 with Samba. I can map from windows to my share, but I can't create a directory or file in the share. I can login as ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Sep 2011
    Location
    Tulsa, Oklahoma
    Posts
    5

    Samba security problem


    Help! I'm running CENT 6 with Samba. I can map from windows to my share, but I can't create a directory or file in the share. I can login as the user locally and do everything, but not from an XP box. The message is "access denied". I think this is a rights issue. I just don't know where to start.

    Thanks in advance.
    Clinton

  2. #2
    Just Joined!
    Join Date
    Oct 2011
    Posts
    50
    You can start by posting your samba configs. Are you authenticating when accessing the share from the xp pc?

  3. #3
    Just Joined!
    Join Date
    Sep 2011
    Location
    Tulsa, Oklahoma
    Posts
    5
    Samba will let me authenticate to the server as the smb user. I can then see everything in the share so I have read access, but I can't write to it or create a file or directory there. It's got to be a rights issue. I'm just not familiar enough with Samba to see where. I've changed the SMB.CONF file so many times... The current version is:

    [global]
    workgroup = KEITH
    netbios name = UBUNTU
    guest account = smbuser
    os level = 65
    valid users = smbuser
    admin users = smbuser
    read list = smbuser
    write list = smbuser
    [home]
    path = /home
    username = smbuser
    force group = root
    read only = no
    create mask = 0775
    directory mask = 0775

    As I said, I've changed this so many times that my brain is numb. Any help would be greatly appreciated!
    Clinton

  4. #4
    Just Joined!
    Join Date
    Oct 2011
    Posts
    50
    Change the [home] section to this:
    Code:
    [USERhome]
    path = /home/USER
    force group = root
    read only = no
    create mask = 0775
    directory mask = 0775
    valid users = USER
    Create a separate share for each user home directory and login using the user system account

    If you login to the whole /home dir using smbuser username then you won't have write permissions because the files from /home are owned by other users

  5. #5
    Just Joined!
    Join Date
    Sep 2011
    Location
    Tulsa, Oklahoma
    Posts
    5
    OK, so I tried that and it didn't work. Since the server hasn't gone production yet I decided to 'punt'.
    I rebuilt the server from scratch so that everything would be in the 'known state'. I created all the users at build time. Then I installed Samba, and then set up the users using smbpasswd. Then I setup the server as a PDC and my workstation as a member of the domain. I can login to the domain. I can see the /home directory. I can read all of it , but I cannot create anything even though my ID is a member of the 'root' group. Here is the contents of the smb.conf file. For the record, I'm going to call someone who knows more about this than I do and pay them money to fix this.

    [global]
    workgroup = Keith
    netbios name = UBUNTU
    passdb backend = tdbsam
    os level = 65
    preferred master = auto
    domain master = yes
    local master = yes
    security = user
    domain logons = yes
    guest ok = no
    admin users = @root
    encrypt passwords = yes

    [netlogon]
    path = /var/lib/samba/netlogon
    read only = yes

    [home]
    path = /home/
    read only = no
    create mask = 0775
    directory mask = 0775
    browsable = yes

    Regards
    Clinton

  6. #6
    Linux Enthusiast scathefire's Avatar
    Join Date
    Jan 2010
    Location
    Western Kentucky
    Posts
    626
    i'd suggest adding:
    Code:
    writeable = yes
    to the shares.

    also, you need to make sure your UNIX permissions are set accordingly. Samba permissions do not override UNIX permissions. if you are logging on as user1 and user1 or the group(s) user1 belong to do not have write permission to a file/directory, it won't happen.
    linux user # 503963

  7. #7
    Just Joined!
    Join Date
    Sep 2011
    Location
    Tulsa, Oklahoma
    Posts
    5
    Hi All,

    Just so you know... I had the expensive guys out on Monday and after 2 hours their expert was at the same point that I was at six weeks ago. Then he got frustrated and left with a copy of the .conf file and the CD I used to install the OS. I haven't seen him since. I don't bother people with simple questions. The server is working now and I wanted to have a copy of this online so that I can access it if I should need it later...

    The OS is CENT6 and SAMBA 3.5.9 (I think, whatever is current)

    1) Install OS and updates
    2) Create users ( and home directories)
    3) Install SAMBA
    4) Create users as SAMBA users (smbpasswd -a <userID>)
    5) Make directory structure as needed (in my case create a 'Shared' directory)
    6) Setup SELinux
    A) Setsebool -t samba_share_t /home (there is a -R (recursive) in there somewhere that flags all this.)
    B) Setsebool again to flag all this 'RW' (I think the default is 'read only')
    7) Write the smb.conf file. I tried everything and in the end I wrote the file form scratch using a text editor. The one that came with SAMBA is...

    Requirements:

    A user ID and password must be required for access.
    All workstations must have access. ( OS versions include XP Home, Pro, Media Edition, as well as Vista and 7.)

    No other servers exist so ADS won't work. The machine running 'Home' is the accountant's so the Domain model won't work as well. This leaves 'share' or 'user' security. Share is 'depricated' so that leaves 'user'.

    Here is the smb.conf file:

    [global]

    workgroup = Keith
    netbios name = Ubuntu
    security = user

    [home]

    path = /home/
    writable = yes
    force group = Keith
    browseable = yes

    I created a group on the Linux box called 'Keith' that my users are part of. Each of the users mapped their drives using their own UID. Life is good!

    Best Regards,
    Clinton

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •