Samba - Create Subdirectory Shares with their own permissions

linux permissions mount network-shares samba
19,256

Try this config (for share sections):

[Share]
path        = /var/samba
valid users = @everybody
force group = +everybody
writeable   = yes
create mask = 0660
force create mode = 0110
directory mask = 0770

[folderA]
path        = /var/samba/folderA
valid users = @users_folderA
force group = +users_folderA
browseable = no

[folderB]
path        = /var/samba/folderB
valid users = @users_folderB
force group = +users_folderB
browseable = no

[folderC]
path        = /var/samba/folderC
valid users = @users_folderC
force group = +users_folderC
browseable = no

[folderD]
path        = /var/samba/folderD
valid users = @users_folderD
force group = +users_folderD
browseable = no

Do not forget to check the config and restart samba:

# testparm
# service smbd restart
# service nmbd restart

Set permissions:

chown root:everybody /var/samba
chmod 770 /var/samba
chown root:users_folderA /var/samba/folderA
chmod 2770 /var/samba/folderA
chown root:users_folderB /var/samba/folderB
chmod 2770 /var/samba/folderB
chown root:users_folderC /var/samba/folderC
chmod 2770 /var/samba/folderC
chown root:users_folderD /var/samba/folderD
chmod 2770 /var/samba/folderD

This way direct access to internal folders is not allowed. Moreover, they are not visible at all and can only be accessed through the parent folder.

Share:
19,256

Related videos on Youtube

soner
Author by

soner

Currently studying Computer Sciences in Germany.

Updated on September 18, 2022

Comments

  • soner
    soner over 1 year

    I have a Samba share containing many folders like this:

    share
  - folderA
  - folderB
  - folderC
  - folderD

    There are around 20 users accessing those shares. Every user can have their individual access to some of the directories, for example Ben can access folderA and folderC, but not folderB and folderD. Jenny can access folderB and folderC, and so on.

    I don't want the users to mount each folder they need. I want them to mount the folder "share" which contains all the subfolders. The access is then limited by setting the linux permissions.

    I created a group for every subdirectory and added the users to those groups. The access control works perfectly for existing files. But whenever a user creates a file in a subdirectory, it is denied for every other user having the permission for read/write access in that directory. To solve this, I played around with the samba masking but can't get it to work.

    My Samba conf looks like this:

    guest ok = no

[global]
workgroup = WORKGROUP
security  = user
encrypt passwords = yes

[Share]
path        = /var/samba
valid users = @everybody
read only   = no
writeable   = yes

[folderA]
path        = /var/samba/folderA
valid users = @users_folderA
read only   = no
writeable   = yes

create mask          = 770
directory mask       = 770
force directory mode = 770

force group = users_folderA

[folderB]
path        = /var/samba/folderB
valid users = @users_folderB
read only   = no
writeable   = yes

create mask          = 770
directory mask       = 770
force directory mode = 770

force group = users_folderB

[folderC]
path        = /var/samba/folderC
valid users = @users_folderC
read only   = no
writeable   = yes

create mask          = 770
directory mask       = 770
force directory mode = 770

force group = users_folderC

[folderD]
path        = /var/samba/folderD
valid users = @users_folderD
read only   = no
writeable   = yes

create mask          = 770
directory mask       = 770
force directory mode = 770

force group = users_folderD

    So obviously every user is in the group everybody, so they can mount the share with the subdirectories. The access for each subdirectory is working perfectly fine. But whenever Ben creates a file in folderC, the file gets the file permissions -rwxr--r-- but it should be -rwxrwx---

    I think the shares for the individual folders don't work at all because I tried to set writeable = no and read only = yes to test it. Restarted smbd and nmbd and remounted the network share (in Windows 10). The users were able to create files and modify their own.

    This runs on a raspberry pi with raspbian. The hard drive with the files is formatted as ext4 and mounted via fstab.

  • soner
    soner about 8 years
    Thanks, this worked. Now we have another issue that Excel 2016 is not able to save files bigger than 13 KB to Samba. But that's another topic. Thank you very much for helping!

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Samba: configuring a share with write permissions for everyone, mapped as a specific user
What's the difference between "file_mode,dir_mode" and "gid" when mounting a CIFS share?
allow all users to read/write any files/folders on 2nd drive regardless of who created it
Cannot write to Samba shared folder
How to mount smb share on Ubuntu 18.04 with read-write from the terminal
Unable to write to Samba NTFS share from Windows7
mount error(13): Permission denied
Permissions of mounted cifs share (Shared from FreeNAS)
Problem with cifs-util. Mount: only root can mount
How to change permissions on mounted windows share?