I recommend to create a dedicated user for that share and specify it in force user(see docs).
Create a user (shareuser for example) and set the owner of everything in the share folder to that user:
adduser --system shareuser
chown -R shareuser /path/to/share
Then add force user and permission mask settings in smb.conf:
[myshare]
path = /path/to/share
writeable = yes
browseable = yes
public = yes
create mask = 0644
directory mask = 0755
force user = shareuser
Note that guest ok is a synonym for public.
I have the following share which is on the whole working as expected.
[mediaShareGuest]
comment = MediaShareGuest
path = /home/shareUser/media
writeable = yes
browsable = yes
guest ok = yes
create mask = 0777
directory mask = 0777
force user = shareUserFrom a Windows client I then create a file and folder.
However on the server when I run ls -la, I see that the folder has the right permissions but not the file. The file seems to have a 0766 permission.
drwxrwxrwx 2 shareUser shareUser 4096 Oct 30 21:51 0777_dir -rwxrw-rw- 1 shareUser shareUser 0 Oct 30 21:50 0777_file.txt
Any ideas?
Thanks!
How to create a Samba share that is writable from Windows without 777 permissions? - Unix & Linux Stack Exchange
debian - Always permission 777 on mount shared cifs - Stack Overflow
Mount samba shares with 777 permissions? | The FreeBSD Forums
How to set root ownership and inheritable 0777 permission across share
I recommend to create a dedicated user for that share and specify it in force user(see docs).
Create a user (shareuser for example) and set the owner of everything in the share folder to that user:
adduser --system shareuser
chown -R shareuser /path/to/share
Then add force user and permission mask settings in smb.conf:
[myshare]
path = /path/to/share
writeable = yes
browseable = yes
public = yes
create mask = 0644
directory mask = 0755
force user = shareuser
Note that guest ok is a synonym for public.
In the share settings in smb.conf, you'll need to specify the names of users and/or groups that are allowed to write to the share, using a write list = ... line.
Example:
[myshare]
...
write list = my_linux_username
Then you'll need to use the smbpasswd command to set up a password to authenticate my_linux_username for Samba:
sudo smbpasswd -a my_linux_username
This step is necessary because the standard system passwords in /etc/shadow are hashed in algorithms that are incompatible with the password hash algorithms used in the SMB protocol. When a client sends a SMB authentication packet, it includes a hashed password. It can only be compared to another password hash that uses the same algorithm.
(Very, very old instructions from the previous millennium may recommend disabling password encryption in Samba, and using certain registry hacks to allow Windows to emit unencrypted passwords to the network. This advice is obsolete: those registry hacks may no longer work in current versions of Windows, and allow anyone who can monitor your network traffic to trivially capture your password.)
There's one more thing you may have to do client-side. When your Windows client system is joined to an Active Directory domain and you're logged in with an AD account, it automatically prefixes all unqualified usernames with the name of the AD domain of the user, i.e. you will be authenticating as AD_DOMAIN\your_username, not just your_username.
If you are logged in with a local account (or your client system is not joined to an AD domain), Windows may automatically prefix the username with the client hostname unless you specify another domain name.
To successfully log in to a stand-alone Samba server from a stand-alone Windows client, you may have to specify your username as SAMBA_SERVER_HOSTNAME\your_username.
Otherwise Samba will see the username as WINDOWS_CLIENT_HOSTNAME\your_username, conclude that it has no way to verify any users belonging to domain named WINDOWS_CLIENT_HOSTNAME, and will reject the login.
(Newer versions of Samba may have a built-in check for this specific situation, and they might allow you access nevertheless. But this is basically how SMB authentication works "under the hood", and if you need to deal with old versions of Samba, it might be useful still.)
add create mask = 0777 to the share definition, or to the global configuration, in /etc/samba/smb.conf for example:
[someidentifier]
comment = open directory
browseable = yes
read only = no
create mask = 0777
directory mask = 0755
path = /some/path/on/server
etc.
as for file ownership, there aren't any configuration settings for that, however, it seems who has ownership of the directory the file is created in will be the owner:group of the created file.
so, for the share in question, set the ownership:group to be what you want it to be, i.e.
chown john.users /some/path/on/server
See the Share Definition Access Controls section in the Samba manual. The create mask and related security options should allow you to set the file permissions as you've described.
If the remote machine user ID and the local machine user ID do not match, the permissions will default to 777. Mount.cifs doesn't support umask, so instead "noperm" option can be used. This way even if the permissions of the users on the local and remote machines don't match, the user will still be allowed to read and write to the folder, the equivalent of umask=000.
//address/location /mount/location cifs username=username,password=password,noperm,vers=2.0 0 0
a good start is to check out the manpage for CIFS:
$ man mount.cifs
[...]
file_mode=arg
If the server does not support the CIFS Unix extensions this overrides the default file mode.
dir_mode=arg
If the server does not support the CIFS Unix extensions this overrides the default mode for directories.
[...]
nounix
Disable the CIFS Unix Extensions for this mount.
[...]
So since the file_mode (and dir_mode) seem to only work if the server does not support the CIFS Unix extensions, i would start by disabling them (via the nounix option)
On linux:
Once you copy, you can run chmod again
chmod -R 777 <dir>
If your Windows version allows it, use the standard Windows file permission interface under Properties → Security and grant "Read", "Write" and "Execute" (or simply "Full control") permissions to all items listed. (There should be three; the owner, the group, and "Everyone"). Samba will automatically translate them to Unix permissions or to POSIX ACLs.

A command-line method, one that only works for setting 0777, is cacls myfile /g Everyone:F.
I typically use SAMBA's native functionality for permissions and groups management on shares. For example..
force user=user1
force group=sharedgroup
create mask=775
You would specify these settings under the share. Be certain to reload SAMBA after the configuration change, which could be done via the init script.
Set the permissions on the directory to be 2777, like this:
chmod 2777 /shared/dir
This causes all files and folders under the '/shared/dir' directory to inherit the permissions of the top directory, in this case 777.
Afterwards, do this to make sure all files have the proper permissions:
chmod -R 777 /shared/dir
I see what you want. All users/computers on your LAN should be 'guests' and have full 'read/write' access to the file share.
Steps:
Check Samba config. Does the share include these:
[Share]
available = yes
browsable = yes
public = yes
writeable = yes
Check POSIX permissions. Example ls -lh:
drwxrws---+ 1 nobody nogroup 252 May 12 14:55 Music
You will want to have the sticky bit there otherwise the fileshare won't behave like you would expect in windows. chmod 2770 [dir]... To apply with permission to all the directories use find. Example
find . -type d -exec chmod 2770 {} \;
find . -type f -exec chmod 2760 {} \;
You will also want to set the group to be nogroup, which is the default guest group for samba.
Finally acls. Use getfacl and setfacl. You'll want to setup defaults for the user nobody and the group nogroup. Once you've done that, anything that gets created via samba will inherit good permissions. Here's an example directory ACL:
# file: Downloads
# owner: nobody
# group: nogroup
# flags: -s-
user::rwx
group::rwx
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:mask::rwx
default:other::---
To get some defaults going, use find:
find . -type d -exec setfacl -d -m u::rwx {} \;
find . -type d -exec setfacl -d -m g::rwx {} \;
To fix up existing files:
find . -type f -exec chgrp nogroup {} \;
find . -type f -exec chmod 660 {} \;
find . -type f -exec setfacl -m g::rw {} \;
WANT MORE !
Let's just say that you don't want to change the POSIX group. Then you can use the ACL to explicitly add the group. Example:
setfacl -m g:linuxgroup:rw [filename]
With these settings I share between ubuntu, windows, RPi, android, and other linux apps.
Typically one doesn't want to give everyone with network access write access to a directory. There often better solutions to share files among a user group, e. g. giving everybody their own network share with (partial) read access for everybody else. That's where the recommendation to not use world-writable access permissions comes from.
However, in your case that seems to be exactly what you want. So go ahead and use chmod -R a+rwX /path/to/share1 along with appropriate Samba configuration entries like writable = yes.
1 a+rwX means that all (owner, group, and others) will receive read, write, and conditional exexute permissions. “conditional” means that execute/traverse permissions will only be added if execute/traverse permission is already granted to at least one access group (owner, group, others). This is useful if you want to extend execute/traverse permissions of those files and directories that are already executable/traversable by the owner.
Hi!
I am using this samba config file, in order to have full permission for all the data copied into the SMB folder, but it is adding 777 only for folders, not for files...
[media]comment = Samba on Ubuntupath = /home/mediaread only = nobrowsable = yeswritable = yescreate mask = 0777directory mask = 0777force create mode = 0777force directory mode = 02777force user = pickone
New folders will have 777, but the files will get 775... Any idea how to achieve the 777 permision to all files/folders which I copy to SMB folder?
Thank you in advance.
Edit the samba configuration file.
sudo nano /etc/samba/smb.conf
Add this to the end of the file:
[Public Directory]
comment = Contents are read/write by all.
path = /home/user/directory-to-be-shared
read only = no
guest ok = yes
create mask = 0666
force create mode = 0666
directory mask = 0777
force directory mode = 0777
Then restart samba.
sudo service smbd restart
Notes:
- The string within brackets (
Public Directoryin the example above) is what users will see when accessing the shared folder from other systems. - Files created within this directory by users on other systems will be owned by nobody:nogroup, with read and write permissions for owner, group, and other.
- Directories created in this directory by users on other systems will be owned by nobody:nogroup, with read, write, and directory traversal permissions for owner, group, and other.
- The masks and modes in the configuration file apply to files and
directories created by users on other systems. These masks and modes
are ignored when creating files as a user on the server. Or, to put it
another way, if you are user on the server, make sure that each file
and directory that you create within
/home/user/directory-to-be-sharedhas 666 and 777 permissions respectively. If you have enabled a firewall on the server, you will need to open port 445 for tcp. For example, if you use
ufw(uncomplicated firewall) to configure the firewall:sudo ufw allow in 445/tcp sudo ufw reload sudo ufw status verbose
It's not clear to me if you want a share accessible to everyone or only a group of client users so this is a template for the latter.
Note: This will only work as described if the default umask of your system is 0002 so it will not work for Ubuntu Desktop 17/18 but it will work for Xubuntu Desktop and Ubuntu Server.
In this template it is required that all users you want to have access become members of the "users" group. It will assign the setgid bit on the shared directory and any future subdirectories which forces anything new added to them to inherit the group of it's parent folder.
sudo mkdir /path
sudo chown root:users /path
sudo chmod 2775 /path
The share would look like this:
[UsersShare]
path = /path
valid users = @users
force group = users
read only = no
create mask = 0664
force directory mode = 2775
When bob - who was made a member of the "users" group - logs in with his samba username/password and adds a file to the [UsersShare] share it will have owner = bob, group = users, mode = 664 files / 2775 folders.
All other client users who are members of the users group who sign in will have full access to whatever bob did.
Any local users - those on the server itself - who add or modify files who are also members of the users group will all have the same ability and newly created files/folders will have the same 664/2775 mode and all will have as group: "users". The one exception to all this is root - as in when you use sudo - since it's default umask is 022 unlike a regular user his files will inherit the "users" group but will have a mode of 644.
If you truly want a pure public share where everyone has access replace "valid users = @users" with "guest ok = yes". For this to work locally on the server you would still need to add those users to the "users" group.