[Samba] Optimal File Permissions for Shared Access Between Windows and Linux

Jonathan Szalavecz john_johnk at hotmail.com
Wed Oct 16 12:45:50 UTC 2024


Hi Rowland,

Thank you for your feedback. I apologize for not including the global 
section in my previous message. Here it is:

[global]
    min protocol = SMB3
    workgroup = WORKGROUP


As you can see, there isn’t much in the global section.

To answer your question about the permissions on |/mnt/shared|, here are 
the settings:

drwxrwxr-x 30 john_johnk sharedaccess 4096 Oct 15 23:42 shared


The directory is mounted from an external disk (|/dev/sdb1|), and it is 
not part of the local filesystem

john_johnk at raspberrypi:~ $ lsblk
NAME        MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
sda           8:0    0  1.8T  0 disk
├─sda1        8:1    0  1.4T  0 part /mnt/mirror
└─sda2        8:2    0  466G  0 part /mnt/restic
sdb           8:16   0  1.8T  0 disk
└─sdb1        8:17   0  1.8T  0 part /mnt/shared
mmcblk0     179:0    0 59.7G  0 disk
├─mmcblk0p1 179:1    0  256M  0 part /boot
└─mmcblk0p2 179:2    0 59.4G  0 part /

I also wanted to mention that I'm not familiar with the Apple environment, so I'm unsure if the following settings are necessary for my wife to read and write in|/mnt/shared/partage_de_fichiers|:

easupport =yes
vfsobjects = catia fruit streams_xattr
fruit:delete_empty_adfiles =yes
fruit:metadata = stream
fruit:model = MacSamba
fruit:nfs_aces =no
fruit:posix_rename =yes
fruit:veto_appledouble =no
fruit:wipe_intentionally_left_blank_rfork =yes

I appreciate your help in resolving this issue!

Best regards,

Jonathan


Le 10/16/2024 à 12:51 PM, Rowland Penny via samba a écrit :
> On Tue, 15 Oct 2024 21:58:40 +0200
> Jonathan Szalavecz via samba<samba at lists.samba.org> wrote:
>
>> I am experiencing challenges configuring optimal file permissions for
>> a Samba share on my Raspberry Pi. My goal is to enable shared access
>> for my wife, who uses an iPhone 13, to the directory
>> |/mnt/shared/partage_de_fichiers| while preventing access to the main
>> directory |/mnt/shared|.
>>
>> Here is my Samba configuration:
> No it isn't, there is a whole upper 'global' section missing that will
> tell us how you are running Samba
>
>>
>> ```[NAS]
>>      comment = RaspberryPi
>>      public = no
>>      writable = yes
>>      browsable = yes
>>      path = /mnt/shared
>>      create mask = 0600
>>      directory mask = 0700
>>      read only = no
>>      guest ok = no
>>
>> [DatabaseShare]
>>      comment = Database File Share
>>      path = /mnt/shared/partage_de_fichiers
>>      public = no
>>      writable = yes
>>      browsable = yes
>>      read only = no
>>      guest ok = no
>>      create mask = 0660
>>      directory mask = 0770
>>      force group = sharedaccess
>>      force create mode = 0660
>>      min protocol = SMB2
>>      ea support = yes
>>      vfs objects = catia fruit streams_xattr
>>      fruit:delete_empty_adfiles = yes
>>      fruit:metadata = stream
>>      fruit:model = MacSamba
>>      fruit:nfs_aces = no
>>      fruit:posix_rename = yes
>>      fruit:veto_appledouble = no
>>      fruit:wipe_intentionally_left_blank_rfork = yes
>>
>> ```
> Quite a lot of those parameters are set to the defaults and others
> should be in 'global'.
>
>>
>> Despite these settings, files copied from Windows are created with
>> permissions |rw-------|, which restricts access to only the file
>> owner. I have a |umask| set to |0002| in my shell, but I am
>> struggling to find the right settings to achieve optimal
>> compatibility between Windows, Linux, and Samba.
>>
>> For comparison, here are the permission settings for two directories:
>>
>>    *
>>
>>      |/mnt/shared/Office 2013|:|drwx------ 2 john_johnk john_johnk
>> 4096 Apr 8 2022|
>>
>>    *
>>
>>      |/mnt/shared/partage_de_fichiers|:|drwxrws--- 4 john_johnk
>> sharedaccess 4096 Oct 15 18:56|
> What are the permissions set on /mnt/shared ?
> Also, why is the share there, is it mounted from somewhere else ?
> If so, where and what is the filesystem.
>
> Rowland
>
>


More information about the samba mailing list