I think I'm encountering the same problem you have. For some reason force user seems to require group write permissions. It does not appear to require world write permissions though, so as a workaround you should be able to get away with 660/770 permissions rather than 777. This shouldn't reduce security; it's just annoying to move files into it outside of samba since you need to make them group-writeable.
Put this in your smb.conf under [Stuff]:
force user = myuser
create mask = 0660
directory mask = 0770
Then run this on your share folder:
sudo chown -R myuser:myuser /home/myuser/share
sudo chmod -R 0660 /home/myuser/share
sudo chmod -R ug+X /home/myuser/share
Then restart smbd. The above will set all files to 660 and all directories to 770, for currently existing files and for files newly created through samba. Note that you don't need force group; by default it matches the primary group of force user. Also note that I'm denying world permissions entirely here. You could probably use 0664, 0775 and ugw+X instead if you want them world-readable.
Unfortunately I haven't been able to make it work without group write permissions. I suspect it's a bug in samba. The recent samba bug #14617 prevented deleting files via force user. It's possible this is another related bug but I don't know enough about it to report it. If you figure out how to get it working with 0644/0755 please let me know!
I think I'm encountering the same problem you have. For some reason force user seems to require group write permissions. It does not appear to require world write permissions though, so as a workaround you should be able to get away with 660/770 permissions rather than 777. This shouldn't reduce security; it's just annoying to move files into it outside of samba since you need to make them group-writeable.
Put this in your smb.conf under [Stuff]:
force user = myuser
create mask = 0660
directory mask = 0770
Then run this on your share folder:
sudo chown -R myuser:myuser /home/myuser/share
sudo chmod -R 0660 /home/myuser/share
sudo chmod -R ug+X /home/myuser/share
Then restart smbd. The above will set all files to 660 and all directories to 770, for currently existing files and for files newly created through samba. Note that you don't need force group; by default it matches the primary group of force user. Also note that I'm denying world permissions entirely here. You could probably use 0664, 0775 and ugw+X instead if you want them world-readable.
Unfortunately I haven't been able to make it work without group write permissions. I suspect it's a bug in samba. The recent samba bug #14617 prevented deleting files via force user. It's possible this is another related bug but I don't know enough about it to report it. If you figure out how to get it working with 0644/0755 please let me know!
OK, have you created users with 'smbpasswd -a username' (needs to be run as root) ? If you haven't, then your guest account 'myuser' will not work. This means that no one will be able to access your share. Authentication (based on your smb.conf) works like this: A user connects to Samba and if the user is known and supplies the correct password, they are allowed access to your share, but anything they save will be saved as if belonging to 'myuser', but they will be able to read and write files. If they are a known user, but supply a wrong password, then the connection is silently dropped. Because you have 'map to guest = bad user' in global and 'guest ok = yes' in the share, an unknown user that connects to Samba will be mapped to the guest account 'myuser' before it gets anywhere near the share and as they are now a known user, they will be allowed access to the share. As for the smb.conf being too short, well, yours could be even shorter. You do not need the 'force group' line, the 'force user' will do that for you, also as 'myuser' has write permissions by default, you do not need the 'write list' line. Finally, you never need to set 'browseable = yes' anywhere, it is a default setting.
How to create a Samba share that is writable from Windows without 777 permissions? - Unix & Linux Stack Exchange
macos - samba does not allow force user - Stack Overflow
Samba force user?
"force user = smbuser"
Videos
I recommend to create a dedicated user for that share and specify it in force user(see docs).
Create a user (shareuser for example) and set the owner of everything in the share folder to that user:
adduser --system shareuser
chown -R shareuser /path/to/share
Then add force user and permission mask settings in smb.conf:
[myshare]
path = /path/to/share
writeable = yes
browseable = yes
public = yes
create mask = 0644
directory mask = 0755
force user = shareuser
Note that guest ok is a synonym for public.
In the share settings in smb.conf, you'll need to specify the names of users and/or groups that are allowed to write to the share, using a write list = ... line.
Example:
[myshare]
...
write list = my_linux_username
Then you'll need to use the smbpasswd command to set up a password to authenticate my_linux_username for Samba:
sudo smbpasswd -a my_linux_username
This step is necessary because the standard system passwords in /etc/shadow are hashed in algorithms that are incompatible with the password hash algorithms used in the SMB protocol. When a client sends a SMB authentication packet, it includes a hashed password. It can only be compared to another password hash that uses the same algorithm.
(Very, very old instructions from the previous millennium may recommend disabling password encryption in Samba, and using certain registry hacks to allow Windows to emit unencrypted passwords to the network. This advice is obsolete: those registry hacks may no longer work in current versions of Windows, and allow anyone who can monitor your network traffic to trivially capture your password.)
There's one more thing you may have to do client-side. When your Windows client system is joined to an Active Directory domain and you're logged in with an AD account, it automatically prefixes all unqualified usernames with the name of the AD domain of the user, i.e. you will be authenticating as AD_DOMAIN\your_username, not just your_username.
If you are logged in with a local account (or your client system is not joined to an AD domain), Windows may automatically prefix the username with the client hostname unless you specify another domain name.
To successfully log in to a stand-alone Samba server from a stand-alone Windows client, you may have to specify your username as SAMBA_SERVER_HOSTNAME\your_username.
Otherwise Samba will see the username as WINDOWS_CLIENT_HOSTNAME\your_username, conclude that it has no way to verify any users belonging to domain named WINDOWS_CLIENT_HOSTNAME, and will reject the login.
(Newer versions of Samba may have a built-in check for this specific situation, and they might allow you access nevertheless. But this is basically how SMB authentication works "under the hood", and if you need to deal with old versions of Samba, it might be useful still.)
The problem was because of an issue with flow of permissions. Everything worked when I changed the parent directory's (to the directories that were shared) permissions to allow reading for other users.
Your public folder only provides access to users who are either "server" or are in the group "storage_public". If you don't use "force user" and allow anonymous access then the share is probably accessed with the user nobody, which is not in "storage_public".
You probably want to change the permissions of your Public folder to "drwxrwxr-x", which would make it possible for Samba users to read from but not write to the Public folder.
To do this, use "chmod o+rX Public"
With regard to WINS:
It's not your network that has WINS support, but individual servers that can provide it. You can enable wins support in a particular server by setting "wins support = yes".
Literally no idea how to do a samba config. And no matter what guide I follow I keep having troubles. Any help for an extreme noob...