Link to home
Start Free TrialLog in
Avatar of Mark
Mark

asked on

Samba4 - users cannot modify files in samba mount

More samba 4 woes. I've ugraded to Slackware-64 14.1 and samba 4.1.0. I had to make some changes to the smb.conf file to get mounts without userID or password. Now, users can create files on the share, but can't modify existing files having a different user. For example, on Linux:

> ls -l EventsCalendar.jsp OpenWith.reg
-rw-rw---- 1 mfoley ohprs 4638 2015-05-28 14:24 EventsCalendar.jsp
-rw-rw---- 1 ohprso ohprs  144 2015-06-08 10:48 OpenWith.reg

The Windows user dragged the OpenWith.reg file to the mapped drive, no problem. But the user cannot edit the EventsCalendar.jsp, even though it is group writable. If I change the owner to ohprso, the Windows user can then edit EventsCalendar.jsp - on Linux, users with ohprso group membership can edit the file.

Need to figure out how to get Samba to pay attention to the group permissions.

Smb.conf:
[global]
netbios name = WEBSERVER
   workgroup = WORKGROUP

   security = user
   map to guest = Bad User
   hosts allow = 192.168.0. 127.
guest account = guest
   passdb backend = tdbsam

[website]
comment = OHPRS Website download files
path = /srv/tomcat/webapps/ohprs
public = yes
guest ok = yes
guest only = yes
writeable = yes
browseable= yes
printable = no
create mask = 0660
directory mask = 0771

Open in new window

User guest is mapped to user ohprso, /etc/passwd:

ohprso:x:1001:301:OHPRS Web User:/srv/tomcat/webapps/ohprs/downloads:/bin/bash
guest:x:1001:301:Samba guest account:/dev/null:/bin/false

Any ideas?
SOLUTION
Avatar of Daniel McAllister
Daniel McAllister
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Mark
Mark

ASKER

At the top of the share, ensure that the "forced" user has full permissions by changing ownership of all files in that tree to that user.
Dan: thanks for your detailed response. The problem is, I did what you suggested, at least the first part. I dragged the file OpenWith.reg (which simply happened to be laying around on the Windows workstation desktop) to the mapped share and it created it there with user/group: ohprso.ohprs. This is correct as you can see from my /etc/passwd entries for ohprso and guest in my initial posting. user ID 1001 is that same ID I had with the previous system. Group 301 is 'ohprs' /etc/group:

ohprs:x:301:mfoley

Yes, I could solve this problem by doing as you suggested and changing all the files in that directory hierarchy to be owned by ohprso, but I really don't want to do that. Linux users access that directory for making jsp program updates (which the Windows users don't really do) and for creating new jsp programs. These files get created using the Linux user's ID -- which is what I want. As you can see from the /etc/group entry for ohprs, linux user mfoley is a member of that group and can update any file as long as it has group rw permission.

As you can see from the `ls -l` in my initial posting, these files do have group rw. So, no issues at all when accessing from Linux.

The problem is that Samba should also let the Windows user update files that are g+rw and are in group ohprs -- which the Samba user[s] are. So it appears that Samba is not honoring the group permissions.

This is only true since I a) changed to Samba 4.1.0 and b) modified the smb.conf file to add:

security = user
map to guest = Bad User

I did that because the Samba 3.5.8 worked with the following, which didn't work under Samaber 4.1.0

security share

So, there must be a way to get Samba 4.0.1 to honor the Linux group permission?
ASKER CERTIFIED SOLUTION
Avatar of Mark
Mark
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Mark
Mark

ASKER

Thanks to it4soho for the detailed response