Samba logoWhen I was setting up my Debian microserver with Samba to backup/share files with my Windows 7 and Windows XP machines, I have had a bit of a fight with a few options. Here is a list of issues I encountered setting up Samba and how I solved them. I could not find a single post/site addressing all my problems, therefore this post is also a way for me to remember for next time!
setgid, chmod, smb.conf and force create mode are a few keywords defining this post.

If you see any error or think I should be clearer, do let me know and I will be thankful to correct accordingly.


Q1: I cannot login from my Windows machine, the login box keeps appearing back

Answer 1: folder access rights in Linux

The common error is that the user group doesn’t have access on the Linux folder. I couldn’t see any error in the Samba log file.
In your /etc/samba/smb.conf, do you have the security done by the user? (following line present?)

security = user

If that is the case, make sure the user group has access to the folder in which your Samba shares are.
In the following example, I declare all my shares in the folder /sambashares and samba users belong to the smbusers group.

drwxrwx--- 6  alban smbusers 4096 Jun 11 21:29 .
drwxrwx--- 22 alban smbusers 1024 Jun 8 23:22 ..
drwxrwsr-x 4  alban smbusers 4096 May 17 15:42 media
drwxrws--- 4  alban smbusers 4096 May 17 15:42 docs

Q2: When I create a file, only me can access it

Answer 2: force create Mode

We take as an example a Debian Linux server accessed by Microsoft Windows 7 and XP clients put/get files. If you use the default Samba configuration, only the creating user will be able to read his/her content. In order to solve that, you can force that, when a file or a folder is created, it should have “at least” the group access.
In your Samba folder configuration, add the force create 0777 to give everyone access or force create 0770 for group access.

In my Samba configuration, I also use create mask. This would set the maximum permission allowed (= no more than). The resulting permission would be the bit-wise operation:

Result_Permission = (Default _Permission + Force_Create).Create_Mask

[media]
comment = Media folder
read only = no
writable = yes
locking = no
path = /sambashares/media
guest ok = yes
browseable = yes
force create mode = 0777
create mask = 0777
directory mask = 0777

Q3: How can I have other users modify my folders?

Answer 3a: force directory mode

Setting the file access is not enough and if you create folders instead of files, the default access would be enforced. If, for a specific share, you want every user to have access to every folders whoever created that folder, you need to adapt the share configuration to include the force directory mode

[docs]
comment = Documents folder
read only = no
locking = no
path = /sambashares/docs
guest ok = no
browseable = yes
force create mode = 0770
create mask = 0770
force directory mode = 0770
directory mask = 0770

Answer 3b: set group permission – setgid

If you also access the files through SSH or directly on the machine, I would advise to use the sticky file/directory property.
Looking at my ls -al output at the top, you can see:
drwxrwsr-x 4 alban smbusers 4096 May 17 15:42 media
On the group, the “s” will ensure that the group permissions are inherited when you create files or sub-folders. In order to add this, simply execute the following command. I added -R to include all sub-folders:
sudo chmod -R +g+s media

Conclusion

As with any change on smb.conf, execute testparm to make sure the configuration is not broken.
Then, restart the demon with sudo service restart samba.
Next step, encrypt the disk area with my receipts!

 

Reference:

1. Samba smb.conf man page

2. Setgid bit on Wikipedia