How to create a Samba share that is writable from Windows without 777 permissions?

  • I have a path on a Linux machine (Debian 8) which I want to share with Samba 4 to Windows computers (Win7 and 8 in a domain). In my smb.conf I did the following:

    [myshare]
    path = /path/to/share
    writeable = yes
    browseable = yes
    guest ok = yes
    public = yes
    

    I have perfect read access from Windows. But in order to have write access, I need to do chmod -R 777 /path/to/share in order to be able to write to it from Windows.

    What I want is write access from Windows after I provide the Linux credentials of the Linux owner of /path/to/share.

    I already tried:

    [myshare]
    path = /path/to/share
    writeable = yes
    browseable = yes
    

    Then Windows asks for credentials, but no matter what I enter, it's always denied.

    What is the correct way to gain write access to Samba shares from a Windows domain computer without granting 777?

  • yaegashi

    yaegashi Correct answer

    5 years ago

    I recommend to create a dedicated user for that share and specify it in force user(see docs).

    Create a user (shareuser for example) and set the owner of everything in the share folder to that user:

    adduser --system shareuser
    chown -R shareuser /path/to/share
    

    Then add force user and permission mask settings in smb.conf:

    [myshare]
    path = /path/to/share
    writeable = yes
    browseable = yes
    public = yes
    create mask = 0644
    directory mask = 0755
    force user = shareuser
    

    Note that guest ok is a synonym for public.

    I had a similar problem and all google searches showed the dirty way to simply use 777. I wanted 775 for my shared folder and I wanted files to be created using my linux "defaultUser", I used also public = yes. Folder was 775, create and dir mask was 775 but in Windows it was not writable and I could not get why. Adding `force user = defaultUser` did the job for me.

    I can't get this to work, any time I try to share the directory, I just get a window telling me I need to give "others" write permission in order to share the directory.

    I got it, the problem was the location of `smb.conf`. Google and even sambas documentation said the file should be at `/usr/local/samba/lib` but actually it is in `/etc/samba`

    @MarkKramer It's a good idea to follow the documents included in your specific Linux distribution because many distros re-organize the files to fit the Linux Foundation's FHS (Filesystem Hierarchy Standard). I recommend reading and searching the docs delivered with your distro because google's not always the best answer, for example you may get info for a different version of the software. Best Regards.

    Why is a dedicated share user recommended exactly?

License under CC-BY-SA with attribution


Content dated before 6/26/2020 9:53 AM