[Samba] FreeBSD / Samba / usr/local/apache24

bret_stern bret_stern at machinemanagement.com
Sat Jan 4 22:13:11 UTC 2020

On 1/4/2020 12:28 PM, Rowland penny via samba wrote:
> On 04/01/2020 19:51, bret_stern via samba wrote:
>> Good day,
>> I have hosted several domain websites under my apache24 web server on 
>> FreeBSD 10.1 for several years. I had Samba configured to allow 
>> updating files from my window 7/XP machines.
>> My freeBSD 10.1 server still allows me to copy files into the freebsd 
>> apache24 folders: /usr/local/www/apache24..and below.
>> Notes: I can ssh into both servers with FreeBSD user accounts
>> using my username/password. But cannot copy files into the
>>  /usr/local/www/apache24...or below folders (read only during ssh
>> session)
>> So it appears Samba is overriding the file system permissions.
>> Trying to move to FreeBSD 12.1
>> Changes
>> On FreeBSD 10.1, my smb.conf file has the following share used:
>> security = share
>> On FreeBSD 12.1, my smb4.conf file has the following change
>> security = user
>> The following share directive is in both original smb.conf and new
>> smb4.conf
>> [ww]
>>  path=/usr/local/www/apache24
>>  browseable = yes
>>  read only = no
>>  public = yes
>>  writable = yes
>> On the new FreeBSD server with samba48 installed, I can view the folders
>> in /usr/local/www/apache24..and below. But cannot write to them.
>> Even though this may be an unorthodox manner to update my websites, I 
>> run a pretty tight ship here, so, if I can do what was previously able 
>> to do under freeBSD 10.1 and Samba 3.625...it would be preferred.
>> Would like any ideas to determine what is allowing me to write files 
>> to the old server web site files, or preventing me from writing files on
>> the new server.
>> Sorry for the long story,
>> Regards,
>> Bret
> Sorry, but it isn't long enough ;-)
> Can you post your entire smb.conf.
> There have been quite a lot of changes between 3.6.x and 4.8.x
> Rowland

Never posted here before, hope bottom posting ok. Been getting along 
without really investigating the samba setup, so now I'm learning.

FYI.. created user: smbpasswd -a bret   and .. smbpasswd -e bret

# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
# For a step to step guide on installing, configuring and using samba,
# read the Samba-HOWTO-Collection. This may be obtained from:
#  http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
# Many working examples of smb.conf files can be found in the
# Samba-Guide which is generated daily and can be downloaded from:
#  http://www.samba.org/samba/docs/Samba-Guide.pdf
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not made any basic syntactic errors.
#======================= Global Settings 

# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
    workgroup = workgroup

# server string is the equivalent of the NT Description field
    server string = Samba Server

# Sharing Model
    security = user

# Server role. Defines in which mode Samba will operate. Possible
# values are "standalone server", "member server", "classic primary
# domain controller", "classic backup domain controller", "active
# directory domain controller".
# Most people will want "standalone sever" or "member server".
# Running as "active directory domain controller" will require first
# running "samba-tool domain provision" to wipe databases and create a
# new domain.
    server role = standalone server

# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
;   hosts allow = 192.168.1. 192.168.2. 127.

# Uncomment this if you want a guest account, you must add this to 
# otherwise the user "nobody" is used
;  guest account = pcguest

# this tells Samba to use a separate log file for each machine
# that connects
    log file = /usr/local/samba/var/log.%m

# Put a capping on the size of the log files (in Kb).
    max log size = 50

# Specifies the Kerberos or Active Directory realm the host is part of
;   realm = MY_REALM

# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
    passdb backend = tdbsam

# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting.
# Note: Consider carefully the location in the configuration file of
#       this line.  The included file is read at that point.
;   include = /usr/local/samba/lib/smb.conf.%m

# Configure Samba to use multiple interfaces
# If you have multiple network interfaces then you must list them
# here. See the man page for details.
;   interfaces =

# Where to store roving profiles (only for Win95 and WinNT)
#        %L substitutes for this servers netbios name, %U is username
#        You must uncomment the [Profiles] share below
;   logon path = \\%L\Profiles\%U

# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable it's WINS 
;   wins support = yes

# WINS Server - Tells the NMBD components of Samba to be a WINS Client
#	Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
;   wins server = w.x.y.z

# WINS Proxy - Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one	WINS Server on the network. The default is NO.
;   wins proxy = yes

# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The default is NO.
    dns proxy = no

# These scripts are used on a domain controller or stand-alone
# machine to add or delete corresponding unix accounts
;  add user script = /usr/sbin/useradd %u
;  add group script = /usr/sbin/groupadd %g
;  add machine script = /usr/sbin/adduser -n -g machines -c Machine -d 
/dev/null -s /bin/false %u
;  delete user script = /usr/sbin/userdel %u
;  delete user from group script = /usr/sbin/deluser %u %g
;  delete group script = /usr/sbin/groupdel %g

#============================ Share Definitions 
    comment = Home Directories
    browseable = no
    writable = yes

#Added for web server content Bret 2020
  browseable = yes
  read only = no
  public = yes
  writable = yes

More information about the samba mailing list