# Samba lets users browse but not read or write.

## Gruelius

Hi everyone,

I hope im not annoying anyone by asking a simple problem like this, however after asking a few people on the irc channel ive gotten nowhere.

Anyway the problem is as follows. Ive set everything up according to the guide in the docs section of gentoo.org, and network users can browse the files however none of them can read the files or write to the directory.

Here are the set permissions for one example directory and file

Directory = public

tuxserver julius # ls -ld public

drwxrwxr-x 3 root root 4096 May  2 22:45 public

File within public

tuxserver public # ls -ld cups-windows-6.0-source.tar.bz2

-rwxrwxr-x 1 julius users 38284 May  2 22:40 cups-windows-6.0-source.tar.bz2

i ran chmod 0775 to both of them which is what i believe was the right option?

Here is my smb.conf

```

[global]

workgroup = ROSCH

server string = Samba Server %v

printcap name = cups

printing = cups

load printers = yes

log file = /var/log/samba/log.%m

max log size = 50

socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

interfaces = lo eth1

bind interfaces only = yes

hosts allow = 127.0.0.1 192.168.0. 192.168.1. 192.168.0.

hosts deny = 0.0.0.0/0

security = share

#guest account = julius

#guest ok = yes

#guest only = yes

vfs object = vscan-clamav

vscan-clamav: config-file = /etc/samba/vscan-clamav.conf

[print$]

comment = Printer Drivers

path = /etc/samba/printer # this path holds the driver structure

guest ok = yes

browseable = yes

read only = yes

write list = root

[KonicaMinolta2400w]

comment = KonicaMinolta2400w

printable = yes

path = /var/spool/samba

public = yes

guest ok = yes

[printers]

comment = All Printers

browseable = yes

printable = yes

writable = no

public = yes

guest ok = yes

path = /var/spool/samba

[public]

comment = Public Files

browseable = yes

Public = yes

writeable = yes

#create mode = 0755

#read only = no

guest ok = yes

path = /home/julius/public

[Raid]

comment = The raid with the files!

browseable = yes

public = yes

read only = yes

guest ok = yes

path = /mnt/raid

```

Ive tried disabling the firewall aswell however ive had no luck in doing so.

Windows tells me that Everyone has read and read & execute permissions however it still wont work!

Im sure there is something quite ovbious ive missed so feel free to call me a noob  :Razz: 

Julius

----------

## intmain

The line 

```
#guest account = julius
```

 is commented, so the default guest account is nobody. As the permissions are set to 775, and as far as I know, nobody is not member of the users group, this user has no writing permissions. Have you already tried removing the #?

----------

## Gruelius

The commented fields were commented during my mucking around to see if i could get it to work. Does chmod 775 give the group "others" read and execute access?

Ill try it again without the comments, however im not too sure it will work.

Thanks

Julius

*edit*

still didnt work  :Sad: 

----------

## intmain

775 means that others only have read and execute permissions.

 *Quote:*   

> tuxserver julius # ls -ld public
> 
> drwxrwxr-x 3 root root 4096 May 2 22:45 public

 

Try to chown root:users public, your guest user may have no writing permissions to the directory. (And leave the guest account line uncommented)

----------

## Gruelius

That worked, i managed to drop a file there. So if i change everything to root:users, to restrict writing access i should do that in the smb.conf file?

Also after copying files to that directory, i cant copy the files back to my main pc, i get that error again.

----------

## intmain

Use writeable = yes/no in your smb.conf only if you want to apply this for the whole shared directory. If you only want to have only some files in the shared directory read-only, leave the permissions for the directory and restrict the permissions for the single files.

----------

## Gruelius

Argh. I can now drop files however no matter how hard i try i cant read them.

I think i might just redo the permissions section of my smb.conf file and change how i will set the individual permissions of all files.

What i want to do is have one directory say

/mnt/raid/TFER read and write able to all guests

I want /mnt/raid/TV\ Shows/ to not be writable to guests or anyone except for root.

I am also sharing a printer however i dont think that it is relevant for this.

If i set the permissions of the folders so that Root was the owner and users was the group, and set the permissions so root had read write access, users had read write access and others had read access only, would i be able to access the files over the network?

This is really getting me bumbed lol.

Thanks for the help so far!

*edit*

im going to setup SWAT to see if that can make life a bit easier  :Razz: 

----------

## intmain

```
[Raid]

comment = The raid with the files!

browseable = yes

public = yes

read only = yes

guest ok = yes

path = /mnt/raid
```

If you want to have write access to any subdirectories of /mnt/raid/ you will have to change read only = yes to writeable = yes.

Then I would set the following permissions:

chown root:root /mnt/raid

chmod 775 /mnt/raid # Give write permissions only to root

chown root:root /mnt/raid/TV\ shows/

chmod 775 /mnt/raid/TV\ shows/ # Give write permissions only to root

chown root:users /mnt/raid/TFER

chmod 775 /mnt/raid/TFER # Give write permissions to root and members of the users group

 *Quote:*   

> I can now drop files however no matter how hard i try i cant read them.

 

Which permissions are set for the created files?

----------

## Gruelius

After setting those permissions combined with

[Transfer]

	comment = put your shit here

	path = /mnt/raid/tfer

	read only = No

	guest ok = Yes

That i created using swat i still cant drop files or delete files however i can read them this time around.

Am i asking for trouble if i get swat to create a smb.conf file for me?

Actually should i just recreate a smb.conf file from scratch? if you could help me set one up that would be nice.

----------

## intmain

Could you try, if dropping/deleting files works as expected locally when you're logged in as the user who is defined as guest account? Just to make sure that the file permissions are correct.

As I have no experience with swat I can't say anything about troubles with config files created by swat.

----------

## Gruelius

Ok here is my new smb.conf file

Im really getting aggitated! it works for a bit then stops working!!!! grr

```

[global]

        workgroup = ROSCH

        server string = Samba Server %v

        interfaces = lo, eth1

        bind interfaces only = Yes

        security = SHARE

        guest account = julius

        log file = /var/log/samba/log.%m

        max log size = 50

        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

        printcap name = cups

        printing = cups

        load printers = yes

        vscan-clamav:config-file = /etc/samba/vscan-clamav.conf

guest ok = Yes

        hosts allow = 127.0.0.1, 192.168.0., 192.168.1., 192.168.0.

        hosts deny = 0.0.0.0/0

        vfs objects = vscan-clamav

[printers]

        comment = All Printers

        path = /var/spool/samba

        printable = Yes

browseable = Yes

        writeable = no

        public = yes

        guest ok = yes

[Transfer]

        comment = Transferizzle

        read only = No

        browseable = yes

        writeable = yes

        guest ok = yes

        path = /mnt/raid/tfer

[Tv Shows]

        comment = TV fo yo ears

        read only = yes

        browseable = yes

        writeable = no

guest ok = yes

        path = /mnt/raid/TV Shows/

```

Now with that, i can access all the TV shows directories after doing

chown -R root:root * from /mnt/raid/TV\ Shows/ and

chmod -R 775 * from that directory.

I can see the files however im getting the same problem of not being able to access them

And for some reason my transfer folder removed its write permissions after i added tv shows to samba.conf.

Im prob making an ovbious mistake and am going to die when i realise it :p

----------

## Gruelius

And yes it must be on the samba side of things because it all works fine:

```

julius@tuxserver ~ $ cd /mnt/raid

julius@tuxserver /mnt/raid $ dir

TV\ Shows  lost+found  tfer  tfer2

julius@tuxserver /mnt/raid $ cd tfer

julius@tuxserver /mnt/raid/tfer $ mkdir test

julius@tuxserver /mnt/raid/tfer $ dir

DSCF1693.JPG  smb.conf  test

julius@tuxserver /mnt/raid/tfer $ cp smb.conf test/crap

julius@tuxserver /mnt/raid/tfer $

```

Also for printer access do i have to add julius to the printing group? or is that automatic (i cant print from network, get told access is denied)

*update*

Another interesting thing

/usr/bin/testparm gives

```
[global]

        workgroup = ROSCH

        server string = Samba Server %v

        interfaces = lo, eth1

        bind interfaces only = Yes

        security = SHARE

        guest account = julius

        log file = /var/log/samba/log.%m

        max log size = 50

        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

        printcap name = cups

        vscan-clamav:config-file = /etc/samba/vscan-clamav.conf

        guest ok = Yes

        hosts allow = 127.0.0.1, 192.168.0., 192.168.1., 192.168.0.

        hosts deny = 0.0.0.0/0

        vfs objects = vscan-clamav

[printers]

        comment = All Printers

        path = /var/spool/samba

        printable = Yes

        browseable = No

[Transfer]

        comment = Transferizzle

        path = /mnt/raid/tfer

        read only = No

[Tv Shows]

        comment = TV fo yo ears

        path = /mnt/raid/TV Shows/

```

For some reason all the permissions are dropped, not that they are really that nessicary anyway due to the permissions set using chmod and chown.

----------

## intmain

I tried out your smb.conf and could not access the TV Shows directory. I think it has something to do with the whitespaces because after removing them it worked:

```
[TvShows]

        comment = TV fo yo ears

        read only = yes

        browseable = yes

        writeable = no

        guest ok = yes

        path = /mnt/raid/TVshows/
```

----------

## Gruelius

using my current config i can acces the TV shows folder  :Smile:  its because its /mnt/raid/TV\ Shows/ and for some reason samba can just accept it with the space. 

Are there any other white spaces i missed?

----------

## Gruelius

Ive figured it out, it was because i had linked it to the wrong virus scanner conf file, and in the file it said Something like

If i cant communicate to daemon disable read/write.

Well that was that one solved  :Razz: 

And ive got a few more questions.

I used clamAV as suggested in the guide, does that automatically update itself? Should i choose a diff version?

----------

## intmain

If you have configured clamav as described in the documentation, it should update itself because there is freshclam, which updates the virus definition database.

----------

## Gruelius

cool  :Very Happy: 

now moving on to not so cool, for some reason i cant print -.- Says that acces is denied could not connect.

In my smb.conf file adding guest only = yes didnt help one bit. When right clicking on the printer it told me i had all permissions there however i still cant connect. Would this possibly be driver related? i just used the microsoft 2400w drivers.

Cheers

Julius

----------

## intmain

For printing I would recommend against using samba because you also can print directly via cups from windows hosts.

This is a good documentation about configuring cups for remote printer access.

edit: You can easily add your shared printers on windows by specifying http://hostname:631/printers/printername as url of the printer, so you don't need samba.

----------

## Gruelius

Id rather run it via samba, its way too hard to type the printer name in.

What fields are relevant for network printing? i checked the log and was getting NT STATUS ACCESS DENIED

Also if i create another account on the machine for moving or renaming files via samba, how should i do this? or can i create a passworded folder somehow?

*update* Here is your error  :Smile: 

```

[2007/05/07 07:26:50, 1] rpc_client/cli_pipe.c:cli_rpc_pipe_open(2222)

  cli_rpc_pipe_open: cli_nt_create failed on pipe \spoolss to machine Julius-PC.  Error was NT_STATUS_ACCESS_DENIED

```

----------

## salahx

Actually, the use of security = share isn't recommended (it is known NOT to work on Windows Vista). You can get the same functionality in Samba in "user" secuity mode through creative use of "map to guest" and  "force user".

----------

## Gruelius

Ok ive set it to security = user and ive added the line force user = julius (guest user) to global with no avail. Now i cant even connect to the server   :Confused: 

*edit*

Still no go.....

Ive added guest user = julius and force user = julius which allows all users to connect and drop files. I still get the same frigging error tho >.<

```

[2007/05/08 01:33:58, 1] rpc_client/cli_pipe.c:cli_rpc_pipe_open(2222)

  cli_rpc_pipe_open: cli_nt_create failed on pipe \spoolss to machine Julius-PC.  Error was NT_STATUS_ACCESS_DENIED

[2007/05/08 01:33:59, 1] rpc_client/cli_pipe.c:cli_rpc_pipe_open(2222)

  cli_rpc_pipe_open: cli_nt_create failed on pipe \spoolss to machine Julius-PC.  Error was NT_STATUS_ACCESS_DENIED

```

After folllowing THIS guide im still stuck.. https://forums.gentoo.org/viewtopic.php?t=110931

*edit*

Ok im starting a fresh  :Smile: 

using guide http://www.gentoo.org/doc/en/quick-samba-howto.xml#doc_chap4, except using force user = julius

starting to get tired!  :Razz: 

*edit*

Started new thread at https://forums.gentoo.org/viewtopic-p-4044378.html#4044378

----------

## salahx

You don't want "guest user = julius". What you want is "map to guest = bad user" Also, Julius should not be in smbpasswd file, but DOES need to be in /etc/passwd

The idea is: You want all logins to map to guest (by having an empty userfile). The "force user" is to make all the option done on that share (it can done per share or globally) to be done as a particular UNIX user - so all create/delete/change will be done as that user. Thus, all files will be created with the owner "julius", access checks done as "julius" and so forth...

This will fix you printer problem, too.

----------

