[Samba] Problems with my samba share permissions

Rowland Penny rpenny at samba.org
Tue Apr 25 08:25:44 UTC 2023 


On 25/04/2023 03:38, Steven Vishoot via samba wrote:
> I have a situation where my shares all give me permission denied errors
> whenever I try to save a file to it. I have four shares and one of them is
> allowed to save but the others will not save anything. The one that I can
> write to is original to the server and was set up when samba still had swat
> and that let me do a lot of things in the shared files. The other three
> were added later and I didn't try saving anything to these drives because
> originally was the backup server. Now it is the main server since the
> other server crashed. Now I cannot figure out what is wrong even when I use
> webmin it still doesn't show me that anything is wrong. What else can I do?
> I am stumped and annoyed. I have attached my config file for samba. Please
> can someone help me figure this out?
> Regards,
> Steven Vishoot
> 
> 

I wouldn't use webmin, it hasn't really kept up with Samba.

You haven't told us what OS and Samba version you are using, so the 
following is guess work.

This list strips attachments, so this is the OP's smb.conf:

# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.

[global]
	host allow = 192.168.1, 127.
	load printers = yes
	cups options = raw
	printing = cups
	workgroup = SAMBA
	create mask = 0664
	printcap name = cups
	encrypt passwords = yes
	dirctory mask = 0777

Unless that is a copying error, dirctory should be directory

	security = user
	passdb backend = tdbsam

[homes]
	comment = Home Directories
	valid users = %S, %D%w%S
	browseable = No
	read only = No
	inherit acls = Yes

[printers]
	comment = All Printers
	path = /var/tmp
	printable = Yes
	create mask = 0600
	browseable = No

[print$]
	comment = Printer Drivers
	path = /var/lib/samba/drivers
	write list = @printadmin root
	force group = @printadmin
	create mask = 0664
	directory mask = 0775

[image-movies]
	comment = All movies
	writeable = yes
	user = @svishoot

Hmm, 'user' was a synonym for 'username' and 'username' was removed at 
Samba 4.5.0
I would change 'user' to 'valid users'

	path = /images-movies

[shared]
	comment = Shared Directory
	writeable = yes
	valid users = @svishoot,,steven
	user = @svishoot
	path = /shared
	directory mode = 775

[music]
         comment = Music Directory
         path = /music
         user = @svishoot
         writeable = yes
         read only = no

You do know that 'writeable' and 'read only' are inverted synonyms ? 
That is, in the way you have them set, they mean exactly the same.


[picture]
         comment = Picture Directory
         path = /picture
         user = @svishoot
         writeable = yes
         read only = no

[quicken]
         comment = Quicken Directory
         path = /quicken
         user = @svishoot, at steven
         writeable = yes
         read only = no

The other thing to look at, Samba cannot give more permissions than the 
underlying acls allow, so check that the users have the required 
permissions on the share directories.

Rowland

More information about the samba mailing list