# Samba is fun, but i have some minor quirks

## usingloser

A few Samba issues:

One, my home directories for the users is working fine, but I also wanted to share my web directory for myself so I can easily edit the files using nice windows tools that I am used too.

I added this to my smb.conf

[website]

comment= Web Directory

path =/home/httpd/htdocs

valid user= (user name, and the share shows up so i know that is right)

public=no

writable=yes

printable=no

I log in with the user name, and my home directory shows up for it, and this share does now too, but it wont let me edit the files or add any files to the web directory.

I have tried 

create mask= 777

"                = 0777

"                = 666

None of those let me edit the files either (maybe i dont understand the meaning of create mask)

Any Help?

Also, my printer is shown and will let me print to it and cups web interface reports job as completed, but nothing ever gets printed.

----------

## steveb

can you post the mount command you are using?

cheers

SteveB

----------

## usingloser

what exactly do you mean?

I did not have to do any external mount command issuing for home directories and they work fine.

----------

## steveb

are you trying to mount the httpd root in your windows box or are you trying to mount a samba share on your linux box?

btw: try adding something like this:

```
create mask = 0777

force create mode = 0777

force security mode = 0777

directory mask = 0777

force directory mode = 0777

force directory security mode = 0777

inherit permissions = Yes
```

cheers

SteveB

----------

## usingloser

I am mounting it on my windows box, and it mounts fine (through whatever automatic mounting windows does in XP), its just read only, I will try these.

----------

## usingloser

nope, added the all and still giving me read-only error

----------

## steveb

if you want your samba users to access /home/httpd/htdocs, then you need to add them to the right groups or chmod the complete directory with 777 or chown the directory by nobody.nobody.

cheers

SteveB

----------

## usingloser

Well the user is me, and I am in the wheel group, and chmod'ing is not the best idea.  I will poke around some more.

----------

## splooge

What I think he is saying is that it's possible that the Samba account doesn't have access to write to the directory /home/httpd/htdocs

If my unix filesystem security is right, you can solve this by doing this...

/home/httpd/htdocs is owned by the user root, and is assigned to the group root by default in gentoo IIRC.  The samba user by default only has read access to it via the 'world' (other) group.  If you were to change the group ownership from root to Samba and give the Samba group read/write priveleges that should solve the issue somewhat securely (I think!)

chown -R root:samba /home/httpd/htdocs

chmod -R 661 /home/httpd/htdocs #661=root:rw, samba:rw, world: r

chmod -R g+s /home/httpd/htdocs

Ok this should 1) change the group ownership of the files to Samba, 2) Give root, samba and world read-write, read-write, and read-only, respectively, and 3) sets the GUID bit on the subdirectory so any new files made there belong to the appropriate group (Samba).

I think.  I might be way off, but this would be the first thing I would check.

----------

## usingloser

says samba is an invalid group

----------

## splooge

Darn.  I haven't used samba in forever.  =(  Looking at it on a friends box, I am apparently totally wrong, I don't even see a samba user, so apparently my theory is completely wrong!

Maybe the users (users group) have to own the directory instead of the samba service?

chown -R root:users /home/httpd/htdocs

chmod -R 661 /home/httpd/htdocs

----------

## usingloser

Nope, i thought about it and tried to chown it to me, didnt work.  The only way I can get it to work is to chmod everything to 777.  (By the way 1 is not read only)

----------

## djnauk

when you give samba the username to log onto, it will use your permissions and group permissions when accessing the files.

all the create mask and directory mask deal with the permissions though which files and directories are given when writing/creating. Make sure that you can read and write to the files via the console first - if you can when so should samba.

I tend to chgrp all files and dirs to apache, and chown all the files to myself with the permissions 0660 for the files and 3770 for the dir's (that will mean only I can delete them, and all files will be given the apache permission when created in that directory, not users so apache can read 'em).

You could also use something like

```
force group = apache
```

to make sure that all the files/dirs got the apache group permisson.

----------

## splooge

 *usingloser wrote:*   

> (By the way 1 is not read only)

 

 :Shocked: 

Ok so maybe 1 is execute and 2 is read!  Man that's the last time I try to answer a question off the top of my head.

----------

## ARC2300

 *Quote:*   

> Ok so maybe 1 is execute and 2 is read! Man that's the last time I try to answer a question off the top of my head.

 

1 is execute, 2 is write, 4 is read.

rwx=4+2+1=7

r-x=4+0+1=5

rw-=4+2+0=6

It's read just like any other bitwise number, which is from right to left.

And when you make your Samba shares, the user that started a folder is the user that can read/write/execute that folder by default.  On most systems, the default umask (create mask) is 022, which means anything created with 666 permissions gets bumped to 644 so that only the owner can manipulate the file, hence why you're having problems (probably).  If you didn't create the file, you won't be able to do anything with it.

For whatever it is you want to do (play MP3's across a share, edit apache docs, edit documents), make a group that desribes that activity.  Then, depending on who you want to be part of that group that does something with that share, add the appropriate users.  Then go to your smb.conf file and add these lines under the share this group needs:

force create mode=775

force create mask=775

force directory mode=775

force directory mask=775

Those lines make it so the owner can read/write/execute their file, so the group can read/write/execute the file, and other people can only read/execute the file.  Tweak these to whatever you may need.  Just remember that if there's only one person that needs to change the file, do 755. . .if there's multiple, do 775.  Don't do 777 unless you absolutely need to, because then anyone can change anything (and over Samba shares that could be hacked, that's bad).

----------

## usingloser

I chowned everything to my user name.  It still wouldn't let me edit the files.  How much danger is  there in chmod to 777 for your site.

----------

## usingloser

 *ARC2300 wrote:*   

>  *Quote:*   Ok so maybe 1 is execute and 2 is read! Man that's the last time I try to answer a question off the top of my head. 
> 
> 1 is execute, 2 is write, 4 is read.
> 
> rwx=4+2+1=7
> ...

 

thanks, this i actually pretty helpful, my computer is sitting behind a router on a private network so i am not worried about hackers.  If they do, then manage to hack samba, good for them, that probably took some skill.

----------

## usingloser

So, anyone get printing working sucessfully???

I want my XP box to be able to print to my linux laser printer.  It works fine on the linux box, and is shared correctly from what I can tell.  I can see it on my windows box, send jobs too it.  The web interface reports the jobs were completed, but nothing came out of my printer  :Smile: .

----------

## ARC2300

Glad you found it helpful.   :Smile: 

Okay. . .you have the correct printer drivers installed for the printer, right??

You gave the right permissions for the printer, right??  Set up the access properly??  If I remember right, I think you have to be able to write to the printer.

Also, did you set up cups??  IIRC, that is needed to get printing working either to or from Windows.

----------

## usingloser

yeah cups is working, like I said, printing in linux works fine

In windows, it reports that the printer is okay, and accepting jobs.  When I send it print jobs though, nothing happens.  The cups web interface also reports that the jobs are being completed though.

----------

## usingloser

(accidental bump)

----------

