[Samba] help with samba share: one write, many read

myron kowalskM at cs.moravian.edu
Tue Nov 25 21:00:53 GMT 2008

On Nov 25, 2008, at 11:22 AM, Mike Gallamore wrote:

> For a space with a similar purpose we have:
> [software]
>        path=/samfs32/share/projects32/software
>        browsable = yes
>        guest ok = yes
>        writeable = yes
>        write list = nickus kressin matt
> In theory writeable = yes should be the same as read only = no, but  
> it might be worth a shot.

This didn't work unless I add the line "valid users =," then I could  
write but no one could see the file.
Without the "valid users =," everyone, including me, can see the file,  
but then I couldn't write to the file.

This is the error that I get back.
The document “test1” could not be saved. You do not have appropriate  
access privileges.
It seems that in your example conf, samba is not checking the  
smbpasswd file and ignoring my login information.
When I add "valid users =" it understands who I am, but then locks  
everyone else out of the share.

> From:
> http://www.cyberciti.biz/tips/how-do-i-set-permissions-to-samba-shares.html
> there examples so that readonly is the default, so all that they do  
> is add a write list to give the people needing access permission.  
> Presumably you'd need to have guest ok = yes too because otherwise  
> the people from the other network wouldn't be able to log in.

I guess I need to play with the options line-by-line, until I  
understand how they work.

> The people not being able to see the files: are they owned by the  
> same user and group as the other files they can see? You might need  
> to add a:
> force user = <whatever they can see>
> force group = <whatever they can see>

The "other people" are on a separate windows network. They don't have  
logins to my unix network. I have a pipe through a firewall that let's  
them see the share. They can see
the share and files as long as I don't use the "valid users =" line.  
But, unless I do then I can't change the file.

> Some things are not intuitive either: for example the host allow and  
> host deny options, on of them takes precedence. Ie if you have both  
> a host allow and a host deny line in the configuration file, only  
> one will be used (I think it is the host deny one, so everyone but  
> the hosts in the deny list get access), so you are best of to only  
> use one or the other. It seems like you might have found some odd  
> precedence issue between, write list and read only.

I suspect something else is going on here, but this is as complicated  
as I've gotten with samba. It seems that this should be an easy thing  
to set up. All the examples I see on samba has the
setups of "everyone can see the share," which I can get to work, or  
"only these users can write to the file," which I can also get to  
work. I don't see an example of everyone can look at the file, but
only these users can change the file. It may be implicitly understood  
in the examples but I don't know enough yet about samba.

> On Nov 25, 2008, at 4:57 PM, myron wrote:
>> On Nov 25, 2008, at 10:46 AM, Mike Gallamore wrote:
>>> What happens if you have:
>>> [test]
>>> path = /export/share/test/file.txt
>>> read only = no
>>> guest ok = yes
>>> write list = me
>>> valid users = <everyone here that should have any sort of access>
>> That last line really wouldn't work for me, because I have users on  
>> a different network whose network
>> logins I don't have in my database. But, they need to be able to  
>> read the file, which they can now, as long
>> as I don't have the last two lines in the share conf.
>>> ? That seems like it should work.
>>> On Nov 25, 2008, at 4:35 PM, myron wrote:
>>>> I have a no-frill samba server that users can access their home  
>>>> directories from. Now,
>>>> I'd like to set up a share that contains a file that only I can  
>>>> write to, but anyone can read it.
>>>> I only seem to be able to do one or the other. If I can write to  
>>>> it, no one can read it. If everyone
>>>> can read it, I can't write to it.
>>>> I must be misunderstanding the settings of the options that I  
>>>> have available.
>>>> Everyone can read the file with these settings, but no one can  
>>>> write to it, including myself
>>>> [test]
>>>> path = /export/share/test/file.txt
>>>> read only = no
>>>> guest ok = yes
>>>> If I add the last two lines, then I can write to the file, but no  
>>>> one else can see the file any longer.
>>>> [test]
>>>> path = /export/share/test/file.txt
>>>> read only = no
>>>> guest ok = yes
>>>> write list = me
>>>> valid users = me
>>>> In both cases, I get a dialog box that requests access either as  
>>>> guest or registered user. Here's
>>>> the relevant global section.
>>>> [global]
>>>>    workgroup = METAR
>>>>    encrypt passwords = Yes
>>>>    smb passwd file =/usr/local/samba/private/smbpasswd
>>>>    map to guest = Bad user
>>>>    security = share
>>>>    preferred master = yes
>>>>    domain master = yes
>>>>    local master = yes
>>>>    os level = 255
>>>>    wins support = yes
>>>>    username level = 2
>>>>    use client driver = yes
>>>> Any help would be appreciated.
>>>> --myron
>>>> =================================
>>>> Myron Kowalski
>>>> MoCoSIN Network/Systems Administrator
>>>> Moravian College
>>>> myron at cs.moravian.edu
>>>> -- 
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions:  https://lists.samba.org/mailman/listinfo/samba
>>> -- 
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list