[Samba] Read-only permissions - incorrect user mapping?

Thu Dec 26 20:43:37 UTC 2019

> I think you are misunderstanding Samba and users. You are running Samba as a standalone server and you need to create users on each Samba machine with 'smbpasswd', this user must already exist as a Unix user. At the moment, any user known to Samba can connect to the share, but only 'Steven' has the write permission. It looks like you are connecting as a different user (yes, this different user can also be called 'Steven'), are you passing the workgroup as well ?

I created a samba user using "smbpasswd -a steven" with password “pass1” (the unix user steven has a different password)
You are telling me that when I now log on to the samba server via “steven” and “pass1” I am actually _not_ logging in with the user “steven”?
When login succeeds I am assuming that login information is correct and I am connecting as the user I used as username.

> On 26.12.2019, at 21:31, Rowland penny via samba <samba at lists.samba.org> wrote:
> 
> On 26/12/2019 19:28, Steven Foucault wrote:
>> CentOS 8
>> Samba 4.9.1
>> Client: macOS 10.14
>> 
>> [global]
>>     workgroup = LOCAL
>>     log file = /var/log/samba/log.smb
>>     max log size = 1000
>>     syslog = 0
>>     server role = standalone server
>>     #unix password sync = no
>>     min protocol = SMB2
>>     vfs objects = catia fruit streams_xattr
>>     fruit:aapl = yes
>>     fruit:copyfile = yes
>>     spotlight = yes
>>     use sendfile = yes
>>     delete veto files = true
>>     fruit:wipe_intentionally_left_blank_rfork = yes
>>     fruit:delete_empty_adfiles = yes
>>     disable netbios = yes
>>     dns proxy = no
>>     smb ports = 445
>> 
>> 
>>>> —
>>>> [share]
>>>>     path = /tank
>>>>     read only = no
>>>>     create mask = 0600
>>>>     directory mask = 0700
>>>>     public = no
>>>>     force user = steven
> 
> I have removed all the default settings and commented out one line, more on this later.
> 
> I think you are misunderstanding Samba and users. You are running Samba as a standalone server and you need to create users on each Samba machine with 'smbpasswd', this user must already exist as a Unix user. At the moment, any user known to Samba can connect to the share, but only 'Steven' has the write permission. It looks like you are connecting as a different user (yes, this different user can also be called 'Steven'), are you passing the workgroup as well ?
> 
> When you add 'force user', this is only used after authentication and ensures that all files will end up belonging to the 'force user' (Steven in this case), this can lead to problems. If user 'fred' can connect to a share that has 'force user = steven' set and can write to the share, with your settings, 'fred' would not be able to read the file he just created.
> 
> Can I suggest you read 'man smbconf' for more info.
> 
> Coming back to the line I commented, as you set it, it a default, but it will mean that the Samba users password will not be synced with the Unix users password, this can lead to problems if the users actually log into the Unix machine Samba is running on.
> 
> Rowland
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba