How can I set up Samba shares to only be accessed by certain users?

  • I have a RAID10 array mounted on Ubuntu Server 12.04. I have created a few folders within the mount point and want the following functionality.

    There will be 4 users, 3 of them are windows users: 'one' 'two' & 'three'. 'four' is a media streamer that only needs to access the MEDIA share. One Two and Three need to have full access to the media share and their own personal shares (for documents) which no other users but them can access.

    Currently, User Four works perfectly (Has full access to the MEDIA folder and can't access folders owned by other users). The problem is, when logged in as the other user, I can't access either share; (tried using valid users = and using chmod to add permissions to no avail).

    TL;DR: I need to know how to configure Samba properly to restrict access to certain shares for certain users and allow all of them to access one communal folder (all files on a RAID10 mount).

  • phoibos

    phoibos Correct answer

    8 years ago

    Each samba user must have a normal linux account as well.

    1. Make sure that every user can access the common media folder on the unix side (without samba); alternatively, you can set force user in smb.conf
    2. Make sure each user has a samba password set. You can set it with sudo smbpasswd -a your_user
    3. Look at /etc/samba/smb.conf: check if the line security = user is set in the [GLOBAL] section
    4. Set your shares in /etc/samba/smb.conf, see example

    Example shares:

    [allaccess]
        path = /media/common
        read only = no
        writeable = yes
        browseable = yes
        valid users = one, two, three, four
        create mask = 0644
        directory mask = 0755
        ; if you set this, all files get written as this user
        force user = one
    

    This will be accessible via \\yourserver\allaccess

    A single user share:

    [special]
        path = /home/two/onlytwo
        read only = no
        writeable = yes
        browseable = yes
        valid users = one
        create mask = 0640
        directory mask = 0750
    

    Restart the samba server after the changes with:

    sudo service smbd restart
    

    You sir are a god, the masks and force user was what I needed all along but didn't understand.

    I think "read only" and "writable" are so-called "inverted synonyms" for one another. No need to set them both.

    Awesome! I had done every thing except step #2. I've never seen that mentioned anywhere else in setting up samba shares. Thanks!!

    Don't specify share name as _temp_ if you want it writable.

License under CC-BY-SA with attribution


Content dated before 6/26/2020 9:53 AM