I recommend to create a dedicated user for that share and specify it in force user(see docs).

Create a user (shareuser for example) and set the owner of everything in the share folder to that user:

adduser --system shareuser
chown -R shareuser /path/to/share

Then add force user and permission mask settings in smb.conf:

[myshare]
path = /path/to/share
writeable = yes
browseable = yes
public = yes
create mask = 0644
directory mask = 0755
force user = shareuser

Note that guest ok is a synonym for public.

Answer from yaegashi on Stack Exchange
🌐
Reddit
reddit.com › r/linuxquestions › samba - how can i ensure new files/folders are created with a 777 permission?
r/linuxquestions on Reddit: Samba - How can I ensure new files/folders are created with a 777 permission?
October 30, 2020 -

I have the following share which is on the whole working as expected.

[mediaShareGuest]
    comment = MediaShareGuest
    path = /home/shareUser/media
    writeable = yes
    browsable = yes
    guest ok = yes
    create mask = 0777
    directory mask = 0777
    force user = shareUser

From a Windows client I then create a file and folder.

However on the server when I run ls -la, I see that the folder has the right permissions but not the file. The file seems to have a 0766 permission.

drwxrwxrwx  2 shareUser shareUser 4096 Oct 30 21:51 0777_dir
-rwxrw-rw-  1 shareUser shareUser    0 Oct 30 21:50 0777_file.txt

Any ideas?

Thanks!

🌐
Super User
superuser.com › questions › 1707541 › how-to-set-permissions-in-samba-ubuntu-20-04
how to set permissions in SAMBA Ubuntu 20.04 - Super User
March 1, 2022 - ... the best fix I've found for this, is to put the users in a group, set the existing directories to be owned by that group, and use SetGID to ensure that all users of the group get the permissions of the parent directory for new files/dirs. combine with the samba Create Mask settings on the share definition...
Discussions

How to create a Samba share that is writable from Windows without 777 permissions? - Unix & Linux Stack Exchange
I had a similar problem and all ... use 777. I wanted 775 for my shared folder and I wanted files to be created using my linux "defaultUser", I used also public = yes. Folder was 775, create and dir mask was 775 but in Windows it was not writable and I could not get why. Adding force user = defaultUser did the job for me. ... I got it, the problem was the location of smb.conf. Google and even sambas documentation ... More on unix.stackexchange.com
🌐 unix.stackexchange.com
debian - Always permission 777 on mount shared cifs - Stack Overflow
I have a little problem when I mount a SMB shared folder from a Synology NAS. I want to mount a shared folder with permissions: git:root 700 But the mounted folder always have permission set to 77... More on stackoverflow.com
🌐 stackoverflow.com
Mount samba shares with 777 permissions? | The FreeBSD Forums
I'm trying to mount a samba share with 777 permissions but I can't seem to get this working. I can get my share to mount using both fstab and autofs, but the permissions out of the box are 755. Here's an example from my fstab file: //username@SERVER/DATA /mnt/DATA smbfs... More on forums.freebsd.org
🌐 forums.freebsd.org
November 11, 2017
How to set root ownership and inheritable 0777 permission across share
I’m having an issue with a windows application that despite normal read/write access in windows explorer (windows 7 pro 64 bit), when the application tries to export files to the share I get an access denied error. If I chmod -r 777 to the entire share the application can write to a directory, ... More on community.wd.com
🌐 community.wd.com
0
0
March 19, 2015
🌐
Ask Ubuntu
askubuntu.com › questions › 1123786 › does-samba-require-777-permissions-on-shared-directory
server - Does SAMBA require 777 permissions on shared directory - Ask Ubuntu
Directory permissions differ from file permissions - the x permission on a directory makes the directory searchable by {owner,group.other} ... Of course this is not samba specific. You always need the x permission to enter a directory. ... "Does SAMBA require 777 permissions on shared directory" and "sudo chmod 770 /data/movies" are not the same issue.
🌐
Samba
samba.org › samba › docs › using_samba › ch08.html
Samba
To show how Samba's create masks work, suppose we have a Windows Me user connecting to his Unix home directory through Samba, and Samba is configured with create mask = 777 in the [homes] share. With this value, create mask will not affect the bits that are set on new files.
🌐
Help Center
support.dvsus.com › hc › en-us › articles › 212921606-Force-read-write-permissions-777-on-SMB-mounts
Force read/write permissions (777) on SMB mounts – Help Center
September 19, 2016 - SpycerBox Ultra (or MDS) with StorNext volume, the volume is Samba shared out. Make the following changes on the SBU. There are two steps, 1) Apply just the smb.conf changes below gets us this: Windows SMB mount the SBU volume, created folders/files = 0777 (good). Mac SMB mount, folder created is 755 (not good), file is 777 (good).
Top answer
1 of 5
103

I recommend to create a dedicated user for that share and specify it in force user(see docs).

Create a user (shareuser for example) and set the owner of everything in the share folder to that user:

adduser --system shareuser
chown -R shareuser /path/to/share

Then add force user and permission mask settings in smb.conf:

[myshare]
path = /path/to/share
writeable = yes
browseable = yes
public = yes
create mask = 0644
directory mask = 0755
force user = shareuser

Note that guest ok is a synonym for public.

2 of 5
6

In the share settings in smb.conf, you'll need to specify the names of users and/or groups that are allowed to write to the share, using a write list = ... line.

Example:

[myshare]
...
write list = my_linux_username

Then you'll need to use the smbpasswd command to set up a password to authenticate my_linux_username for Samba:

sudo smbpasswd -a my_linux_username

This step is necessary because the standard system passwords in /etc/shadow are hashed in algorithms that are incompatible with the password hash algorithms used in the SMB protocol. When a client sends a SMB authentication packet, it includes a hashed password. It can only be compared to another password hash that uses the same algorithm.

(Very, very old instructions from the previous millennium may recommend disabling password encryption in Samba, and using certain registry hacks to allow Windows to emit unencrypted passwords to the network. This advice is obsolete: those registry hacks may no longer work in current versions of Windows, and allow anyone who can monitor your network traffic to trivially capture your password.)


There's one more thing you may have to do client-side. When your Windows client system is joined to an Active Directory domain and you're logged in with an AD account, it automatically prefixes all unqualified usernames with the name of the AD domain of the user, i.e. you will be authenticating as AD_DOMAIN\your_username, not just your_username.

If you are logged in with a local account (or your client system is not joined to an AD domain), Windows may automatically prefix the username with the client hostname unless you specify another domain name.

To successfully log in to a stand-alone Samba server from a stand-alone Windows client, you may have to specify your username as SAMBA_SERVER_HOSTNAME\your_username.

Otherwise Samba will see the username as WINDOWS_CLIENT_HOSTNAME\your_username, conclude that it has no way to verify any users belonging to domain named WINDOWS_CLIENT_HOSTNAME, and will reject the login.

(Newer versions of Samba may have a built-in check for this specific situation, and they might allow you access nevertheless. But this is basically how SMB authentication works "under the hood", and if you need to deal with old versions of Samba, it might be useful still.)

Find elsewhere
🌐
FreeBSD
forums.freebsd.org › server and networking › web and network services
Mount samba shares with 777 permissions? | The FreeBSD Forums
November 11, 2017 - /SERVER/DATA -fstype=smbfs,-N,-I10.57.0.62 ://username@10.57.0.62/DATA I've tried adding things like "dir_mode=0777,file_mode=0777" to both of those but that results in an error during mounting: mount_smbfs: -o dir_mode=: option not supported How would I go about mounting a samba share but allowing it to be world writeable (777)? ... -f mode, -d mode Specify permissions that should be assigned to files and directories.
🌐
WD Community
community.wd.com › legacy products › my cloud os 3
How to set root ownership and inheritable 0777 permission across share - My Cloud OS 3 - WD Community
March 19, 2015 - I’m having an issue with a windows application that despite normal read/write access in windows explorer (windows 7 pro 64 bit), when the application tries to export files to the share I get an access denied error. If I chmod -r 777 to the entire share the application can write to a directory, however if as a windows user I create a new folder, the disk access denied in the application export returns.
🌐
Manjaro Linux
forum.manjaro.org › support › network
Setting Up Samba User Permissions - Network - Manjaro Linux Forum
July 27, 2021 - I’m having trouble setting up a Samba file share on my home server. Security is not a big concern. Here are the 3 things I need to accomplish: Fix permissions on the existing drive. Right now they are a mess. The shared folder is on a separate internal hard drive and is mounted as /mnt/Shared ...
Top answer
1 of 2
2

I see what you want. All users/computers on your LAN should be 'guests' and have full 'read/write' access to the file share.

Steps:

Check Samba config. Does the share include these:

[Share]
available = yes
browsable = yes
public = yes
writeable = yes

Check POSIX permissions. Example ls -lh:

drwxrws---+ 1 nobody nogroup  252 May 12 14:55 Music

You will want to have the sticky bit there otherwise the fileshare won't behave like you would expect in windows. chmod 2770 [dir]... To apply with permission to all the directories use find. Example

find . -type d -exec chmod 2770 {} \;
find . -type f -exec chmod 2760 {} \;

You will also want to set the group to be nogroup, which is the default guest group for samba.

Finally acls. Use getfacl and setfacl. You'll want to setup defaults for the user nobody and the group nogroup. Once you've done that, anything that gets created via samba will inherit good permissions. Here's an example directory ACL:

# file: Downloads
# owner: nobody
# group: nogroup
# flags: -s-
user::rwx
group::rwx
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:mask::rwx
default:other::---

To get some defaults going, use find:

find . -type d -exec setfacl -d -m u::rwx {} \;
find . -type d -exec setfacl -d -m g::rwx {} \;

To fix up existing files:

find . -type f -exec chgrp nogroup {} \;
find . -type f -exec chmod 660 {} \;
find . -type f -exec setfacl -m g::rw {} \;

WANT MORE !

Let's just say that you don't want to change the POSIX group. Then you can use the ACL to explicitly add the group. Example:

setfacl -m g:linuxgroup:rw [filename]

With these settings I share between ubuntu, windows, RPi, android, and other linux apps.

2 of 2
1

Typically one doesn't want to give everyone with network access write access to a directory. There often better solutions to share files among a user group, e. g. giving everybody their own network share with (partial) read access for everybody else. That's where the recommendation to not use world-writable access permissions comes from.

However, in your case that seems to be exactly what you want. So go ahead and use chmod -R a+rwX /path/to/share1 along with appropriate Samba configuration entries like writable = yes.


1 a+rwX means that all (owner, group, and others) will receive read, write, and conditional exexute permissions. “conditional” means that execute/traverse permissions will only be added if execute/traverse permission is already granted to at least one access group (owner, group, others). This is useful if you want to extend execute/traverse permissions of those files and directories that are already executable/traversable by the owner.

🌐
why = WHY_NOT;
blog.svedr.in › posts › samba-chmod-777-config-without-securityshare
Samba "chmod 777" config without security=share | why = WHY_NOT;
May 11, 2016 - The "force user" and "guest account" settings define which system user samba should use, regardless of whether or not the user managed to authenticate. In my case, I created a separate "smb-data" user for this purpose, but it can be any other account as well. Note that the directory needs to be writeable for the group your smb-data user is in. So you'll at least require the directory to be chmod 775. If that still doesn't work, you can of course always resort to 777 - the config has this name for a reason anyway.
🌐
CubePath
cubepath.com › docs › storage-management › samba-configuration-for-file-sharing
Samba Configuration for File Sharing: Complete Cross-Platform Setup Guide - CubePath Docs | CubePath
log file: Location of log files ... · Configure appropriate permissions: # Public share (everyone can access) sudo chmod 777 /srv/samba/public sudo chown nobody:nogroup /srv/samba/public # Shared directory (group access) sudo ...
🌐
Reddit
reddit.com › r/ubuntu › samba: 777 for new files?
r/Ubuntu on Reddit: Samba: 777 for new files?
September 2, 2024 -

Hi!

I am using this samba config file, in order to have full permission for all the data copied into the SMB folder, but it is adding 777 only for folders, not for files...

[media]
comment = Samba on Ubuntu
path = /home/media
read only = no
browsable = yes
writable = yes
create mask = 0777
directory mask = 0777
force create mode = 0777
force directory mode = 02777
force user = pickone

New folders will have 777, but the files will get 775... Any idea how to achieve the 777 permision to all files/folders which I copy to SMB folder?

Thank you in advance.

Top answer
1 of 2
4

Edit the samba configuration file.

sudo nano /etc/samba/smb.conf

Add this to the end of the file:

[Public Directory]
comment = Contents are read/write by all.
path = /home/user/directory-to-be-shared
read only = no
guest ok = yes
create mask = 0666
force create mode = 0666
directory mask = 0777
force directory mode = 0777

Then restart samba.

sudo service smbd restart

Notes:

  1. The string within brackets (Public Directory in the example above) is what users will see when accessing the shared folder from other systems.
  2. Files created within this directory by users on other systems will be owned by nobody:nogroup, with read and write permissions for owner, group, and other.
  3. Directories created in this directory by users on other systems will be owned by nobody:nogroup, with read, write, and directory traversal permissions for owner, group, and other.
  4. The masks and modes in the configuration file apply to files and directories created by users on other systems. These masks and modes are ignored when creating files as a user on the server. Or, to put it another way, if you are user on the server, make sure that each file and directory that you create within /home/user/directory-to-be-shared has 666 and 777 permissions respectively.
  5. If you have enabled a firewall on the server, you will need to open port 445 for tcp. For example, if you use ufw (uncomplicated firewall) to configure the firewall:

    sudo ufw allow in 445/tcp
    sudo ufw reload
    sudo ufw status verbose
    
2 of 2
2

It's not clear to me if you want a share accessible to everyone or only a group of client users so this is a template for the latter.

Note: This will only work as described if the default umask of your system is 0002 so it will not work for Ubuntu Desktop 17/18 but it will work for Xubuntu Desktop and Ubuntu Server.

In this template it is required that all users you want to have access become members of the "users" group. It will assign the setgid bit on the shared directory and any future subdirectories which forces anything new added to them to inherit the group of it's parent folder.

sudo mkdir /path
sudo chown root:users /path
sudo chmod 2775 /path

The share would look like this:

[UsersShare]
path = /path
valid users = @users
force group = users
read only = no
create mask = 0664
force directory mode = 2775

When bob - who was made a member of the "users" group - logs in with his samba username/password and adds a file to the [UsersShare] share it will have owner = bob, group = users, mode = 664 files / 2775 folders.

All other client users who are members of the users group who sign in will have full access to whatever bob did.

Any local users - those on the server itself - who add or modify files who are also members of the users group will all have the same ability and newly created files/folders will have the same 664/2775 mode and all will have as group: "users". The one exception to all this is root - as in when you use sudo - since it's default umask is 022 unlike a regular user his files will inherit the "users" group but will have a mode of 644.

If you truly want a pure public share where everyone has access replace "valid users = @users" with "guest ok = yes". For this to work locally on the server you would still need to add those users to the "users" group.

🌐
Super User
superuser.com › questions › 873706 › how-to-set-the-correct-samba-chmod-permissions-for-folders-in-ext4-file-system
linux - How to set the correct Samba chmod permissions for folders in ext4 file system? Is ext4 the right choice? - Super User
February 4, 2015 - Few weeks earlier the added to the main wiki page, https://wiki.samba.org, two new entries: Setup and configure file shares using POSIX ACLs and Setup and configure file shares using Windows ACLs (which where "hidden" inside the "more..." link with bit less text). Now using both methods (not yet fully tested in my config) are working. So creating or modifying the shares permissons to 2770 and setting the permissions with setfacl -m g:"":rwx is working.