[TriLUG] Re: Samba Permissions Question

Lance A. Brown lance at bearcircle.net
Thu Feb 24 11:44:45 EST 2005 

Randall Barlow wrote:
> Hi All,
> 
>    I'm kind of new to the whole Samba thing.  I've got a folder share 
> working.  The problem I'm having is that when I write to my shared 
> folder from another machine via the share, the owner of the written 
> folder becomes root, instead of me.  So whenever I'm using the computer 
> locally I can't access any of the files or folders that have been 
> written to since the last time I used the machine, and I have to chown 
> to get the permissions back.  Any ideas on how to get Samba to give me 
> permission every time it writes anything?  Thanks!

This is how I get around this problem.  We use UNIX groups to control 
access to our Samba shares, so the following is set up to use groups.  If 
it is just you accessing stuff, you can set the ownership of the 
files/directories to you and samba will maintain.

Add the following to your smb.conf stanza for the share:

# Force mode bits of files and directories to be what we need
create mode = 0664
force create mode = 0664
directory mode = 2775
force directory mode = 2775

Create a new group to be the group owner of all the files/directories in 
the share:

groupadd smbusers

chgrp smbusers /where/ever/your/samba/share/is
chmod 02775 /where/ever/your/samba/share/is

If you already have files and directories in the share, you'll need to set 
the group ownership and mode on them properly to make this work.

Add yourself, and anyone else who is accessing the share, to the smbusers 
group in /etc/group

Now, when you log into the share, samba will maintain the permissions 
properly so people can read/write the files without problems.  This also 
assumes you are logging into the share with userid/passwd account available 
on the unix system.

If it is only yourself using the share, you can set the ownership of the 
files/dirs to yourself, log into the samba share with your userid, and be 
done with it.

The key to this trick is the 02775 mode on directories.  The sticky bit on 
the group permissions makes the group ownership of the directory apply to 
everything created within it.

--[Lance]
-- 
  Celebrate The Circle: http://www.celebratethecircle.org/
  Carolina Spirit Quest:  http://www.carolinaspiritquest.org/
  My LiveJournal: http://www.livejournal.com/users/labrown/
  GPG Fingerprint: 409B A409 A38D 92BF 15D9 6EEE 9A82 F2AC 69AC 07B9

-=-=-
    If you care, you just get disappointed all the time. If you don't care
nothing matters so you are never upset.	  -- Calvin

More information about the TriLUG mailing list