Join Log in
Score:0
user1636349 avatar Ubuntu

How do I get write-access to Samba share from guest account without setting permissions to `g+w`?

cn flag
user1636349

I am using Samba (4.15.13-Ubuntu) running on Ubuntu 20.04 to make my home directory shareable so I can access it from my Windows laptop. I have the same username on Windows, but it only seems to connect if guest access is enabled.

I have the following smb.conf (comments stripped):

[global]
   guest account = myuser
   workgroup = WORKGROUP
   server string = %h server
   dns proxy = no
   hosts deny = ALL
   hosts allow = 10.0.0. 10.100.102. 127.
   log file = /var/log/samba/log.%m
   max log size = 1000
   syslog = 0
   panic action = /usr/share/samba/panic-action %d
   security = user
   map to guest = Bad User
   encrypt passwords = true
   obey pam restrictions = yes
   unix password sync = yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
   pam password change = yes
   map to guest = bad user
   usershare allow guests = yes
[myuser]
   path = /home/myuser
   read only = no
   guest ok = yes
   force user = myuser

I can connect and read, but if I want write access, it only works if I have group write access. I can write to files which have g+w; I can also create files in directories which have g+w, but my umask gives rw-r--r-- as the default permission, so I cannot then modify the file.

This smb.conf is copied from another system I ran using an earlier version of Ubuntu, and I didn't have this problem. I could of course change my umask, but I'd prefer samba to allow access as myuser to avoid giving write access where it should not be needed.

Is this a problem due to an "improvement" in recent Samba versions? Can anyone tell me how to get write access without changing umask and giving group write access to everything?

[Note: I have resolved this problem by requiring non-guest access, as per the answer below, but would still like to know how to allow write access as a guest without g+w on everything.]

274
1 + 0
Score:1
mpboden avatar Ubuntu
do flag
mpboden

I think what's going on is that you forgot to add myuser as a Samba user. So as a result, you're only able to connect as a guest.

Regarding the requirement of changing permissions on the share to g+w, I can't explain it at the moment. In my testing, I'm able to successfully connect as a guest without changing the permissions on the share. But the difference is I'm connecting from an Ubuntu client and not a Windows client. So perhaps there's something with a Windows client that is requiring the g+w.

The fact that you have force user = myuser as a setting should have allowed the Guest user to have write permissions, or at least take on the credentials of myuser. But perhaps you would also need to add the following to the share in smb.conf:

create mask = 0644
directory mask = 0755

Here's a link on Stack Exchange where it looks like someone was having the same issue: How to create a Samba share that is writable from Windows without 777 permissions?

Anyway, to access a Samba share as a valid user and not a Guest, you also have to add that regular user to the list of valid Samba users.

To see a list of current Samba users, enter the following:

sudo pdbedit -L -v

Next, if you already have a regular user on your Ubuntu system such as myuser, then skip the next step. If not, create a new user:

sudo adduser myuser

Then add mysuser as a Samba user:

sudo smbpasswd -a myuser

If you run sudo pdbedit -L -v again, you will see that myuser has been added.

Within your smb.conf, delete guest ok = yes or change it to guest ok = no.

Restart smbd:

sudo systemctl restart smbd

At this point, you should be able to login to your Samba share as myuser with write permissions.

+ 3
user1636349 avatar
cn flag
user1636349
Thanks, that worked. Still don't understand the guest access requiring g+w, though.
1
Reply
user1636349 avatar
cn flag
user1636349
I have got this working, as I said, but I still want someone to tell me how to allow write access as a guest without giving group write to everything. I used to be able to do this, but can't get it to work any more no matter what I try.
0
Reply
mpboden avatar
do flag
mpboden
I see that you’ve edited the question title to reflect how to solve the Guest account `g+w` issue. But you’ve already marked this question as answered. So I suggest you edit the question title back to how to get write access for a user account and then create a new question for this other issue. Otherwise you might not get people seeing this question and offering an answer to this specific issue.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.