[Staff]
 path = /media/see-admin/Daten/Staff
 available = yes
 browseable = yes
 guest ok = yes
 writeable = no
 
[sambashare]
    comment = Samba on Ubuntu
    path = /home/see-admin/sambashare
    read only = no
    browsable = yes

Your problem on both of these shares is the Linux permissions on the path to the shared folders. THe only user that can access these shares is "see-admin". If you want to force the client user to use the see-admin user name you have to add that user to the samba password database:

sudo smbpasswd -a see-admin

If you want guest user access or any other registered ( meaning a user added to smbpasswd ) you can change your share definition to these:

[Staff]
 path = /media/see-admin/Daten/Staff
 available = yes
 browseable = yes
 guest ok = yes
 writeable = no
 force user = see-admin
 
[sambashare]
    comment = Samba on Ubuntu
    path = /home/see-admin/sambashare
    read only = no
    browsable = yes
    force user = see-admin

Then restart smbd:

sudo service smbd restart
Answer from Morbius1 on askubuntu.com
🌐
TrueNAS Community
truenas.com › forums › archives › general help › general
chdir_current_service: vfs_ChDir(/mnt/.....) failed: Permission denied | TrueNAS Community
September 21, 2021 - truenas% id uid=1004(backup-checkmk) gid=1004(backup-checkmk) groups=1004(backup-checkmk),545(builtin_users) truenas% ls -lah /mnt/pool1-HDD/backup/backupserver/monitor ls: /mnt/pool1-HDD/backup/backupserver/monitor: Permission denied ... Because /mnt/pool1-HDD/backup/backupserver/monitor is the root path of the samba share, I tought to put the ACL there is enought. Click to expand... No, that's not how permissions work on Unix-like OSes (Linux, FreeBSD, MacOS, etc). Even if you have no ACLs at all, the lack of execute would prevent chdir().
🌐
Samba
lists.samba.org › archive › samba › 2021-January › 234209.html
[Samba] vfs_ChDir failed: Permission denied
January 31, 2021 - Trying to access the drive shares ... surrounding it (paths etc) The full line in the log is as follows: chdir_current_service: vfs_ChDir(/path/to/domain-member-server/share) failed: Permission denied....
Discussions

chdir_current_service: vfs_ChDir(/data) failed: Permission denied
Hi! I am having an error I cannot understand. I try to connect from a PC on Windows to a container on Rpi4/Ubuntu-20.04 64 bits. I am having the error on the title and I am clueless as to why. here is my docker-compose file: services: sa... More on github.com
🌐 github.com
1
February 22, 2022
Apple Time Machine issues (smbd: chdir_current_service: vfs_ChDir(/mnt/user/TimeMachine2) failed: Permission denied) - General Support - Unraid
Just wanted to make a forum post about this, as it's been an issue for me for over a year (since 2022-01-23 seemingly), and every time I looked into it, following all the relevant advice/posts here for TimeMachine issues, I could never get it solved. Today I was looking at my Unraid logs when try... More on forums.unraid.net
🌐 forums.unraid.net
December 31, 2023
rhel - samba bug? smbd chdir_current_service: vfs_ChDir Permission denied in /var/log/messages - Unix & Linux Stack Exchange
May 5 11:26:23 smbd[1525863]: chdir_current_service: vfs_ChDir(/data/BB) failed: Permission denied. More on unix.stackexchange.com
🌐 unix.stackexchange.com
yet another SMB share permissions question
I just upgraded to TrueNAS 12 from freenas. I was using root as a SMB user. I added a new user "chris" to replace the root usage. Some of my shares are working as expected, but there is a troublesome one I can't seem to figure out. I pasted some log.smdb and getfacl info below: [2021/03/26... More on truenas.com
🌐 truenas.com
4
March 26, 2021
🌐
FreeBSD
forums.freebsd.org › server and networking › web and network services
Solved - Samba413/Samba416: chdir_current_service: vfs_ChDir() failed: Permission denied. Current token: uid=1003, gid=1003, 2 groups: 1003 1005 | The FreeBSD Forums
March 30, 2023 - Current token: uid=1003, gid=1003, 2 groups: 1003 1005 [2023/04/02 00:34:22.255929, 0] ../../source3/smbd/service.c:171(chdir_current_service) chdir_current_service: vfs_ChDir(/media/main) failed: Permission denied.
🌐
GitHub
github.com › dperson › samba › issues › 409
chdir_current_service: vfs_ChDir(/data) failed: Permission denied · Issue #409 · dperson/samba
February 22, 2022 - chdir_current_service: vfs_ChDir(/data) failed: Permission denied#409 · Copy link · AntoineGlacet · opened · on Feb 22, 2022 · Issue body actions · Hi! I am having an error I cannot understand. I try to connect from a PC on Windows to a container on Rpi4/Ubuntu-20.04 64 bits.
Author   dperson
🌐
Spinics.net
spinics.net › lists › samba › msg172722.html
SAMBA — chdir_current_service: vfs_ChDir(/srv/samba/users) failed: Permission denied.
November 27, 2021 - The permissions are set from Windows and initially were as follows: //lxd-m1/users (path on server is /srv/samba/users): Share Tab: Everyone: Full Control Security Tab (NTFS Permissions): Domain Users Read & execute This folder only CREATOR OWNER Full control Subfolders and files only Domain Admins Full control This folder, subfolders and files The full log message is: Nov 26 21:14:51 lxd-m1 smbd[200894]: chdir_current_service: vfs_ChDir(/srv/samba/users) failed: Permission denied.
🌐
Samba
lists.samba.org › archive › samba › 2021-November › 238753.html
[Samba] chdir_current_service: vfs_ChDir(/srv/samba/users) failed: Permission denied.
November 27, 2021 - Next message (by thread): [Samba] chdir_current_service: vfs_ChDir(/srv/samba/users) failed: Permission denied.
Find elsewhere
🌐
TrueNAS Community
truenas.com › forums › archives › general help › general
yet another SMB share permissions question | TrueNAS Community
March 26, 2021 - That's `chdir` change directory. `chdir_current_service` means that during the SMB tree connect your smbd process is trying to chdir into the share's root path and failing. "Permission denied" means that permissions failed.
🌐
Stack Overflow
stackoverflow.com › questions › 76728609 › why-is-permission-denied-always-in-samba-share
ubuntu 22.04 - Why is "permission denied" always in samba share? - Stack Overflow
On Ubuntu 22.04 created a share, but it not working, Permission denied. ... [2023/07/20 11:31:53.762349, 0] ../../source3/smbd/service.c:168(chdir_current_service) chdir_current_service: vfs_ChDir(/home/nlrp/fivem) failed: Permission denied.
🌐
Oracle
support.oracle.com › knowledge › Oracle Linux and Virtualization › 3110137_1.html
Oracle Linux: Accessing Samba Share Shows Error “chdir_current_service: vfs_ChDir(/interface/inbound/can/tc/eco) failed: Permission denied.”
November 9, 2025 - Linux OS - Version Oracle Linux 7.0 and later: Oracle Linux: Accessing Samba Share Shows Error “chdir_current_service: vfs_ChDir(/interface/inbound/can/tc/eco) faile
🌐
Unraid
forums.unraid.net › bug reports › prereleases
[6.10-rc4] SMB errors - spamming /var/log/syslog with chdir_current_service: vfs_ChDir(/mnt/user/sharname) failed - Prereleases - Unraid
March 16, 2023 - I have observed that while using an Active Directory domain, there is an issue with permissions by default. My syslog overflowed during a file transfer with messages like the one below: Mar 30 17:41:08 server smbd[10832]: chdir_current_service: vfs_ChDir(/mnt/user/dirname) failed: Permission deni...
🌐
Arch Linux Forums
bbs.archlinux.org › viewtopic.php
[SOLVED] Can't see contents of smb shares / Networking, Server, and Protection / Arch Linux Forums
The problem is likely solved by the wiki passage you referenced; the home directories must be readable by samba (or it won't be able to share them) and the users that should be allowed to access them - and the way to fix that is to make the files and directories world readable.
Top answer
1 of 1
1

"The hosts allow or allow hosts parameter is one of the key advantages of Samba. It allows access control of shares on the ip-address level. To allow only specific hosts to access a share, list the hosts, separated by comma's. Allowing entire subnets is done by ending the range with a dot."

Samba doesn't allow access control with this option on layer 2, only layer 3.

If you want to white list mac addresses you'll have to find another option to prevent network traffic from reaching the service.

Or if you reallllllly want to take some time doing this, you might see if its possible to modify the code and recompile.

I also would check if samba still has the big security vulnerability advertised years ago.

The additional tagging or qualifying that was added last time will be left out, but while showering it occurred to me that I forgot some things.

I apologize for this.

Before the rest is touched on lets analyze the response I gave and your setup:

  1. If your network setup is not tightly controlling ip leasing and network membership, IP access control will not work.

  2. If your samba server is not on the same network segment as the client machines, MAC white listing will not work.

  3. If your not authenticating to the server as well, neither of these solutions will work.

  4. MAC addresses can be spoofed. Its easier these days. If someone can see what the hardware IDs of your devices, by say sniffing the airways in the case of a wifi lan, once they get the key to connect to your network, or even in the case of a wired one where they can plug in somehow, this will not prevent anyone determined enough from getting into your server.

Now lets consider application.

If you're storing something vital, REALLLLLY heed what I'm saying. If you're just sharing movies or video files, not a big deal.

If you're storing executables and people will be running them, restrict write access or you're gonna have some trouble potentially and make sure these executables come from trusted sources and are not altered.

In general, SMB cannot be hardened if the network setup sucks. If I can just plug my computer into the wall and set a static ip address, or mod my MAC address and the dhcpd assigns a specific IP address, instant access.

Also if the password hashing isn't good, or a challenge isn't being sent and the password is even being even being sent in two-way encrypted form across the network, it is potentially possible to access the server.

Also. Don't trust ANY operating system you have not at the very least built yourself and then do not trust it completely. Don't trust any operating system who's code has not been hardened by people you trust or yourself, and then never completely trust an OS that people you trust have modded, because they may not be trustworthy.

But like I said, consider application and making sure people have to authenticate somehow to some network service to be granted access, and you're probably fine.

About the only way to protect data is to keep it in an isolated physically read only form and keep it in your possession or locked up these days. These are the times we live in where bad people did bad things, and tried to do even worse bad things and create our current mess and now everyone is suffering for their idiocy and the original offenders are laughing in hades, in between their pitchfork enema.

🌐
FreeBSD
forums.freebsd.org › server and networking › web and network services
13.0 samba guest visit from win10,no permission | The FreeBSD Forums
May 18, 2021 - May 17 23:53:13 nasbsd smbd[2675]: [2021/05/17 23:53:13.482263, 0] ../../source3/smbd/service.c:169(chdir_current_service) May 17 23:53:13 nasbsd smbd[2675]: chdir_current_service: vfs_ChDir(/zdiskb) failed: Permission denied. Current token: uid=65534, gid=65534, 1 groups: 65534 the zdiska is new disk ·