SAMBA permission error. Even the sudoers can't acess the directorys.

lolis4thewin

New Member
Joined
Jul 29, 2021
Messages
19
Reaction score
3
Credits
133
First of all, sorry for bad bad english.

I have problem with acessing samba shared folders trought windows 10. I got permission error (with the root user too).
I created a test director in /media/teszt. I set it for my personal user ch 777. With these rules i can acess the folder. I can write and read it without error.
I created a group called "dolgozok". It contains 3 user. These 3 have their own folder in /home and one "Omichron" folder that everyone can acess.
hujberh and omichronserver are my users and they are sudoers too.
Im trying to set the permissions to all user, but i dont want to use ch 777, what could i use instead of it?
This is my smb.conf:
Code:
[aderg]
 path = /home/aderg
 browseable = yes
 read only = no
 valid users = aderg

[hujberh]
 path = /home/hujberh
 browseable = yes
 read only = no
 public = yes
 force user = hujberh
 force group = hujberh
 valid user = hujberh
 directory mask = 0755
 create mask = 0644

[perczelm]
 path = /home/perczelm
 browseable = yes
 read only = no
 valid users = perczelm

[Root]
 path = /
 browseable = yes
 read only = yes
 valid user = omichronserver


[Omichron]
 comment = Ez a mindenki álltal elérhető mappa.
 path = /home/Omichron
 browseable = yes
 read only = no
 valid users = @dolgozok
 force user = @dolgozok
 create mask = 666
 directory mask = 777


[testshare]
path = /media/teszt
writeable = yes
comment = for testing only
public = yes
create mask = 666
directory mask = 777
 


I'm assuming you want the users in the the group dolgozok to be able to write to the share Omichron? Can you share the output of the following and what error are you getting when those other users are writing to the Omichron share?
Code:
ls -l /home | grep Omichron
 
I have a samba server, but it was setup a long time ago and my memory of Samba's configuration directives is fading.

The first question I'm going to ask is about the configuration you have: "public = yes"

Maybe my memory is shot, but that does not look correct. If my shotty memory serves me, it should be "guest ok = yes".

I hope that helps.
Dave
 
I have a samba server, but it was setup a long time ago and my memory of Samba's configuration directives is fading.

The first question I'm going to ask is about the configuration you have: "public = yes"

Maybe my memory is shot, but that does not look correct. If my shotty memory serves me, it should be "guest ok = yes".

I hope that helps.
Dave
I dont want to allow guests on the server, so i didnt used that command. But thanks, i will try it and see what it does.
 
I'm assuming you want the users in the the group dolgozok to be able to write to the share Omichron? Can you share the output of the following and what error are you getting when those other users are writing to the Omichron share?
Code:
ls -l /home | grep Omichron
1627647263536.png
 
I dont want to allow guests on the server, so i didnt used that command. But thanks, i will try it and see what it does.
Maybe I'm confused with the ask. Are having issues with the [Omichron] share or the [testshare]?
I saw you reference the path /media/teszt which says "public = yes". "public" would suggest you want to allow anyone to access it. (ie, it's public, so guests too)

I would recommend you change the directory owner to the user you want the users to access the directory as. (ie, not root)

On the testshare, you likely need to set the user that the group of users masquerades as while connected. Or at least ensure all the users are a part of the same local Linux group that the filesystem group is set to and then give that group whatever access rights they need to that directory.

Finally, check your samba logs and even messages, security, or other log files for hints at what your problem is.
 
Can you please not post text as a screenshot next time, please use code tags next time. As @dcbrown73 already mentioned if would be helpful if you could answer if you are having problems with the Omichron or testshare? It would in case it is the latter also be useful to the the folder permission of that share,
Code:
ls -l /media grep teszt
 
Maybe I'm confused with the ask. Are having issues with the [Omichron] share or the [testshare]?
I saw you reference the path /media/teszt which says "public = yes". "public" would suggest you want to allow anyone to access it. (ie, it's public, so guests too)

I would recommend you change the directory owner to the user you want the users to access the directory as. (ie, not root)

On the testshare, you likely need to set the user that the group of users masquerades as while connected. Or at least ensure all the users are a part of the same local Linux group that the filesystem group is set to and then give that group whatever access rights they need to that directory.

Finally, check your samba logs and even messages, security, or other log files for hints at what your problem is.
I read that, that you need to put "public=yes" to the config cause thats why you can browse it from windows file explorer.

Sorry, my main problem is: i cant browse any other shared folders exept [testshare]. I dont know why i have to use chmod 777 Thats now really safe to use soi dont really want it.
I want the users to get acess to their own shared /home and all user get acess to [omichron] shared folder.
I hope that will be understandable. Sorry :c
 
Can you please not post text as a screenshot next time, please use code tags next time. As @dcbrown73 already mentioned if would be helpful if you could answer if you are having problems with the Omichron or testshare? It would in case it is the latter also be useful to the the folder permission of that share,
Code:
ls -l /media grep teszt

Sorry. This was my first post on the forum and i havent used forums before. I will do it that way, thanks.

Code:
omichronserver@OmichronServer:~$ ls -l /media | grep teszt
drwxrwxrwx  2 root root 4096 júl   26 16:25 teszt
 
Last edited:
I made an mistake/typo, it should have been.
Code:
ls -l /media | grep teszt
But I see the information I was looking for anyways. Try changing the group ownership of the testz directory and permissions since 777 is not safe and unnecessary.
Code:
chmod 775 /mnt/testzt
chgrp /mnt/testzt
Then try to write to the directory again as one of the users in the dolgozok group.
 
I made an mistake/typo, it should have been.
Code:
ls -l /media | grep teszt
But I see the information I was looking for anyways. Try changing the group ownership of the testz directory and permissions since 777 is not safe and unnecessary.
Code:
chmod 775 /mnt/testzt
chgrp /mnt/testzt
Then try to write to the directory again as one of the users in the dolgozok group.
Sorry, i used the wrong word. I only can read and write the [testshare]. My face is burning, i want to get a shovel and bury myself.
Is "chmod 775" means that the user can read and write, the group of the user can read and write to and the guest can only just read it?

On "chgrp /media/teszt" ive got an error:
Code:
omichronserver@OmichronServer:~$ chgrp /media/teszt
chgrp: missing operand after ‘/media/teszt’
Try 'chgrp --help' for more information.
 
Oops I made another mistake, it should be the following.
Code:
sudo chmod 775 /mnt/testzt
sudo chgrp dolgozok /mnt/testzt
By changing the folder to 775, the owner will have read,write,executed permissions as well as the group. And others will only have read and execute permission. By then changing the group to dolgozok I would expect the members of dolgozok to be able to write to that directory because you have configured the testshare to be writable.
Code:
[testshare]
path = /media/teszt
writeable = yes
comment = for testing only
public = yes
create mask = 666
directory mask = 777
If that doesn't work you could try configuring the group to the testshare, for example like this.
Code:
[testshare]
path = /media/teszt
write list = @dolgozok
comment = for testing only
public = yes
create mask = 666
directory mask = 777
And since you mentioned you don't want world permissions for the files being created I would change "create mask" and "directory mask" as well so that only the owner and group can write.
 
Oops I made another mistake, it should be the following.
Code:
sudo chmod 775 /mnt/testzt
sudo chgrp dolgozok /mnt/testzt
By changing the folder to 775, the owner will have read,write,executed permissions as well as the group. And others will only have read and execute permission. By then changing the group to dolgozok I would expect the members of dolgozok to be able to write to that directory because you have configured the testshare to be writable.
Code:
[testshare]
path = /media/teszt
writeable = yes
comment = for testing only
public = yes
create mask = 666
directory mask = 777
If that doesn't work you could try configuring the group to the testshare, for example like this.
Code:
[testshare]
path = /media/teszt
write list = @dolgozok
comment = for testing only
public = yes
create mask = 666
directory mask = 777
And since you mentioned you don't want world permissions for the files being created I would change "create mask" and "directory mask" as well so that only the owner and group can write.

I tryed editing it, but i stil cant acess it.
If i change the "directory mask=777" and "create mask=777" to i cant reach it. I can reach it, but i cant acess the folder.

What sould i change the "create mask" and what does that even do?
 
Can you create a screenshot what you see when you try to access the folder? I'll try to create a testshare in my lab setup to see if I can get it working.
 
Can you create a screenshot what you see when you try to access the folder?
You would understand it, its not english, but i take it and try to translate:
1627666528482.png

\\ip\\ is not accessible. You might not have permission to use this network resource.
Contact the administrator of this server to find out if you have access permissions.


Not authorized the same user with the same username make more connection with the server. Please cut(?) your earlier connections.

Sorry, this is really bad, i will try to search the exact english error message.
 
What does it show when you run the following from the system where the Linux server where you are doing your samba setup.
Code:
smbclient -L localhost
Then press enter and share the output?
 
What does it show when you run the following from the system where the Linux server where you are doing your samba setup.
Code:
smbclient -L localhost
Then press enter and share the output?
I ran it on the linux server, the output is:
Code:
omichronserver@OmichronServer:~$ smbclient -L localhost
Enter WORKGROUP\omichronserver's password:

        Sharename       Type      Comment
        ---------       ----      -------
        print$          Disk      Printer Drivers
        aderg           Disk
        hujberh         Disk
        perczelm        Disk
        Root            Disk
        Omichron        Disk      Ez a mindenki álltal elérhető mappa.
        testshare       Disk      for testing only
        IPC$            IPC       IPC Service (OmichronServer server (Samba, Ubuntu))
SMB1 disabled -- no workgroup available
 
That looks correct, I setup a test system with the same setup as your test share and a user tux in the group dolgozok.On my test system I used the following to create a samba password for my user.
Code:
smbpasswd -a tux
Code:
ls -l /media/
drwxrwxr-x. 2 root dolgozok 18 Jul 30 20:12 teszt
And my samba configuration for the testshare which is the same as yours.
Code:
[testshare]
path = /media/teszt
write list = @dolgozok
comment = for testing only
public = yes
create mask = 664
directory mask = 775
I have the share mounted on my Linux client system under /mnt/tmp
Code:
//11.22.13.15/testshare                 13G  1.8G   11G  15% /mnt/tmp
I will try to write to it with my user from the client where the share is mounted.
Code:
ls -l                 
total 0
drwxr-xr-x 2 tux tux 0 Jul 30 20:39 testdir
ls -l testdir/testfile                
-rwxr-xr-x 1 tux tux 12 Jul 30 20:39 testdir/testfile
cat testdir/testfile
Hello World
And this is what it looks like on the server.
Code:
ls -l /media/
total 0
drwxrwxr-x. 3 root dolgozok 21 Jul 30 20:39 teszt
[root@rhel8]# ls -l /media/teszt/
total 0
drwxrwxr-x. 2 tux tux 22 Jul 30 20:39 testdir
[root@rhel8 ~]# ls -l /media/teszt/testdir/
total 4
-rw-rw-r--. 1 tux tux 12 Jul 30 20:39 testfile
[root@rhel8 ~]# cat /media/teszt/testdir/testfile 
Hello World
So the configuration for the share is correct. Have you configured the firewall on your server to allow in coming traffic for samba from your local network?
 
Last edited:
That looks correct, I setup a test system with the same setup as your test share and a user tux in the group dolgozok.On my test system I used the following to create a samba password for my user.
Code:
smbpasswd -a tux
Code:
ls -l /media/
drwxrwxr-x. 2 root dolgozok 18 Jul 30 20:12 teszt
And my samba configuration for the testshare which is the same as yours.
Code:
[testshare]
path = /media/teszt
write list = @dolgozok
comment = for testing only
public = yes
create mask = 666
directory mask = 777
I have the share mounted on my Linux client system under /mnt/tmp
Code:
//11.22.13.15/testshare                 13G  1.8G   11G  15% /mnt/tmp
I will try to write to it with my user.
Code:
mkdir testdir
echo "Hello World" >> testdir/testfile
ls -l
total 0
drwxr-xr-x 2 tux tux 0 Jul 30 20:25 testdir
ls -l testdir                           
total 4
-rwxr-xr-x 1 tux tux 17 Jul 30 20:25 testfile
cat testdir/testfile
Hello World
So the configuration for the share is correct. Have you configured the firewall on your server to allow in coming traffic for samba from your local network?
The [testshare] is working, maybe i made a typo. But if i use the "same" parameters on the other shared folders they dont want to work.
For examle:
Code:
[Omichron]
comment = Everyone can reach this folder.
path = /home/Omichron
browseable = yes
read only = no
create mask = 775
directory mask = 775
write list = @dolgozok
This isnt working, i got the same error.

I tought my ufw is inactive, but it active, How could i enable it?
I dont really understand the second code.

And I really want to thanks for this much help.
 
I edited my other reply because I forgot something. Which part don't you understand and the testshare is working now? You are wanting to be able to use the home directories of those other users and that doesn't work?
 

Staff online


Top