[Samba] Optimal File Permissions for Shared Access Between Windows and Linux
Jonathan Szalavecz
john_johnk at hotmail.com
Wed Oct 16 12:45:50 UTC 2024
Hi Rowland,
Thank you for your feedback. I apologize for not including the global
section in my previous message. Here it is:
[global]
min protocol = SMB3
workgroup = WORKGROUP
As you can see, there isn’t much in the global section.
To answer your question about the permissions on |/mnt/shared|, here are
the settings:
drwxrwxr-x 30 john_johnk sharedaccess 4096 Oct 15 23:42 shared
The directory is mounted from an external disk (|/dev/sdb1|), and it is
not part of the local filesystem
john_johnk at raspberrypi:~ $ lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 1.8T 0 disk
├─sda1 8:1 0 1.4T 0 part /mnt/mirror
└─sda2 8:2 0 466G 0 part /mnt/restic
sdb 8:16 0 1.8T 0 disk
└─sdb1 8:17 0 1.8T 0 part /mnt/shared
mmcblk0 179:0 0 59.7G 0 disk
├─mmcblk0p1 179:1 0 256M 0 part /boot
└─mmcblk0p2 179:2 0 59.4G 0 part /
I also wanted to mention that I'm not familiar with the Apple environment, so I'm unsure if the following settings are necessary for my wife to read and write in|/mnt/shared/partage_de_fichiers|:
easupport =yes
vfsobjects = catia fruit streams_xattr
fruit:delete_empty_adfiles =yes
fruit:metadata = stream
fruit:model = MacSamba
fruit:nfs_aces =no
fruit:posix_rename =yes
fruit:veto_appledouble =no
fruit:wipe_intentionally_left_blank_rfork =yes
I appreciate your help in resolving this issue!
Best regards,
Jonathan
Le 10/16/2024 à 12:51 PM, Rowland Penny via samba a écrit :
> On Tue, 15 Oct 2024 21:58:40 +0200
> Jonathan Szalavecz via samba<samba at lists.samba.org> wrote:
>
>> I am experiencing challenges configuring optimal file permissions for
>> a Samba share on my Raspberry Pi. My goal is to enable shared access
>> for my wife, who uses an iPhone 13, to the directory
>> |/mnt/shared/partage_de_fichiers| while preventing access to the main
>> directory |/mnt/shared|.
>>
>> Here is my Samba configuration:
> No it isn't, there is a whole upper 'global' section missing that will
> tell us how you are running Samba
>
>>
>> ```[NAS]
>> comment = RaspberryPi
>> public = no
>> writable = yes
>> browsable = yes
>> path = /mnt/shared
>> create mask = 0600
>> directory mask = 0700
>> read only = no
>> guest ok = no
>>
>> [DatabaseShare]
>> comment = Database File Share
>> path = /mnt/shared/partage_de_fichiers
>> public = no
>> writable = yes
>> browsable = yes
>> read only = no
>> guest ok = no
>> create mask = 0660
>> directory mask = 0770
>> force group = sharedaccess
>> force create mode = 0660
>> min protocol = SMB2
>> ea support = yes
>> vfs objects = catia fruit streams_xattr
>> fruit:delete_empty_adfiles = yes
>> fruit:metadata = stream
>> fruit:model = MacSamba
>> fruit:nfs_aces = no
>> fruit:posix_rename = yes
>> fruit:veto_appledouble = no
>> fruit:wipe_intentionally_left_blank_rfork = yes
>>
>> ```
> Quite a lot of those parameters are set to the defaults and others
> should be in 'global'.
>
>>
>> Despite these settings, files copied from Windows are created with
>> permissions |rw-------|, which restricts access to only the file
>> owner. I have a |umask| set to |0002| in my shell, but I am
>> struggling to find the right settings to achieve optimal
>> compatibility between Windows, Linux, and Samba.
>>
>> For comparison, here are the permission settings for two directories:
>>
>> *
>>
>> |/mnt/shared/Office 2013|:|drwx------ 2 john_johnk john_johnk
>> 4096 Apr 8 2022|
>>
>> *
>>
>> |/mnt/shared/partage_de_fichiers|:|drwxrws--- 4 john_johnk
>> sharedaccess 4096 Oct 15 18:56|
> What are the permissions set on /mnt/shared ?
> Also, why is the share there, is it mounted from somewhere else ?
> If so, where and what is the filesystem.
>
> Rowland
>
>
More information about the samba
mailing list