Edit the samba configuration file.
sudo nano /etc/samba/smb.conf
Add this to the end of the file:
[Public Directory]
comment = Contents are read/write by all.
path = /home/user/directory-to-be-shared
read only = no
guest ok = yes
create mask = 0666
force create mode = 0666
directory mask = 0777
force directory mode = 0777
Then restart samba.
sudo service smbd restart
Notes:
- The string within brackets (
Public Directoryin the example above) is what users will see when accessing the shared folder from other systems. - Files created within this directory by users on other systems will be owned by nobody:nogroup, with read and write permissions for owner, group, and other.
- Directories created in this directory by users on other systems will be owned by nobody:nogroup, with read, write, and directory traversal permissions for owner, group, and other.
- The masks and modes in the configuration file apply to files and
directories created by users on other systems. These masks and modes
are ignored when creating files as a user on the server. Or, to put it
another way, if you are user on the server, make sure that each file
and directory that you create within
/home/user/directory-to-be-sharedhas 666 and 777 permissions respectively. If you have enabled a firewall on the server, you will need to open port 445 for tcp. For example, if you use
ufw(uncomplicated firewall) to configure the firewall:sudo ufw allow in 445/tcp sudo ufw reload sudo ufw status verbose
How to create a Samba share that is writable from Windows without 777 permissions? - Unix & Linux Stack Exchange
File Permission Issues With SMB Server on Ubuntu 20.04
Questions about file permissions and its relationship to Samba file sharing
Samba write permissions
Videos
Edit the samba configuration file.
sudo nano /etc/samba/smb.conf
Add this to the end of the file:
[Public Directory]
comment = Contents are read/write by all.
path = /home/user/directory-to-be-shared
read only = no
guest ok = yes
create mask = 0666
force create mode = 0666
directory mask = 0777
force directory mode = 0777
Then restart samba.
sudo service smbd restart
Notes:
- The string within brackets (
Public Directoryin the example above) is what users will see when accessing the shared folder from other systems. - Files created within this directory by users on other systems will be owned by nobody:nogroup, with read and write permissions for owner, group, and other.
- Directories created in this directory by users on other systems will be owned by nobody:nogroup, with read, write, and directory traversal permissions for owner, group, and other.
- The masks and modes in the configuration file apply to files and
directories created by users on other systems. These masks and modes
are ignored when creating files as a user on the server. Or, to put it
another way, if you are user on the server, make sure that each file
and directory that you create within
/home/user/directory-to-be-sharedhas 666 and 777 permissions respectively. If you have enabled a firewall on the server, you will need to open port 445 for tcp. For example, if you use
ufw(uncomplicated firewall) to configure the firewall:sudo ufw allow in 445/tcp sudo ufw reload sudo ufw status verbose
It's not clear to me if you want a share accessible to everyone or only a group of client users so this is a template for the latter.
Note: This will only work as described if the default umask of your system is 0002 so it will not work for Ubuntu Desktop 17/18 but it will work for Xubuntu Desktop and Ubuntu Server.
In this template it is required that all users you want to have access become members of the "users" group. It will assign the setgid bit on the shared directory and any future subdirectories which forces anything new added to them to inherit the group of it's parent folder.
sudo mkdir /path
sudo chown root:users /path
sudo chmod 2775 /path
The share would look like this:
[UsersShare]
path = /path
valid users = @users
force group = users
read only = no
create mask = 0664
force directory mode = 2775
When bob - who was made a member of the "users" group - logs in with his samba username/password and adds a file to the [UsersShare] share it will have owner = bob, group = users, mode = 664 files / 2775 folders.
All other client users who are members of the users group who sign in will have full access to whatever bob did.
Any local users - those on the server itself - who add or modify files who are also members of the users group will all have the same ability and newly created files/folders will have the same 664/2775 mode and all will have as group: "users". The one exception to all this is root - as in when you use sudo - since it's default umask is 022 unlike a regular user his files will inherit the "users" group but will have a mode of 644.
If you truly want a pure public share where everyone has access replace "valid users = @users" with "guest ok = yes". For this to work locally on the server you would still need to add those users to the "users" group.
To be thorough:
First, create a samba user if you haven't already:
useradd sambauser
smbpasswd -a sambauser
Enter and confirm the password for sambauser.
Change that part of your /etc/samba/smb.conf to this:
[share]
comment = Ubuntu File Server Share
path = /srv/samba/share
valid users = sambauser
browsable = yes
writable = yes
write list = sambauser
create mask = 0755
Make sure that the directory and everything that might be inside has the proper ownership and permissions:
chown -R sambauser:sambauser /srv/samba/share
chmod -R 755 /srv/samba/share
Make sure that you have allowed samba through selinux with this command if it is enabled. If selinux is not enabled then you can skip this part:
chcon -R -t samba_share_t /srv/samba/share
Lastly, make sure that the ports are open for samba on the firewall.
firewall-cmd --permanent --zone=public --add-port=445/tcp
firewall-cmd --permanent --zone=public --add-port=139/tcp
firewall-cmd --reload
systemctl restart firewalld
If using `iptables:
iptables -A INPUT -p tcp --dport 445 -j ACCEPT
iptables -A INPUT -p tcp --dport 139 -j ACCEPT
iptables-save
iptables-restore
Restart the samba service and then log in with the credentials of sambauser.
Turn off guest permissions and log into the shared drive with the owners credentials from the SAMBA machine to which owns the folder.
Samba has its own layer of access control for each share. There are two basic options
read only: by default every share is read-only, regardless of filesystem permissions,writeable: in order to allow write access you should setwriteable = Yes.
This should be enough to solve the problem. But if you'd like to learn more about Samba permissions, like how to set umask, enable guest account or control access for individual users/groups, then read the short tutorial on Samba permissions.
I just had same problem as OP. Samba config was set up correctly but still I could not write files.
My problem was that directory i wanted to share was created by root user so i had to chown that directory to my normal user and everything is working fine. I can create /delete and /modify files and folders now.
I recommend to create a dedicated user for that share and specify it in force user(see docs).
Create a user (shareuser for example) and set the owner of everything in the share folder to that user:
adduser --system shareuser
chown -R shareuser /path/to/share
Then add force user and permission mask settings in smb.conf:
[myshare]
path = /path/to/share
writeable = yes
browseable = yes
public = yes
create mask = 0644
directory mask = 0755
force user = shareuser
Note that guest ok is a synonym for public.
In the share settings in smb.conf, you'll need to specify the names of users and/or groups that are allowed to write to the share, using a write list = ... line.
Example:
[myshare]
...
write list = my_linux_username
Then you'll need to use the smbpasswd command to set up a password to authenticate my_linux_username for Samba:
sudo smbpasswd -a my_linux_username
This step is necessary because the standard system passwords in /etc/shadow are hashed in algorithms that are incompatible with the password hash algorithms used in the SMB protocol. When a client sends a SMB authentication packet, it includes a hashed password. It can only be compared to another password hash that uses the same algorithm.
(Very, very old instructions from the previous millennium may recommend disabling password encryption in Samba, and using certain registry hacks to allow Windows to emit unencrypted passwords to the network. This advice is obsolete: those registry hacks may no longer work in current versions of Windows, and allow anyone who can monitor your network traffic to trivially capture your password.)
There's one more thing you may have to do client-side. When your Windows client system is joined to an Active Directory domain and you're logged in with an AD account, it automatically prefixes all unqualified usernames with the name of the AD domain of the user, i.e. you will be authenticating as AD_DOMAIN\your_username, not just your_username.
If you are logged in with a local account (or your client system is not joined to an AD domain), Windows may automatically prefix the username with the client hostname unless you specify another domain name.
To successfully log in to a stand-alone Samba server from a stand-alone Windows client, you may have to specify your username as SAMBA_SERVER_HOSTNAME\your_username.
Otherwise Samba will see the username as WINDOWS_CLIENT_HOSTNAME\your_username, conclude that it has no way to verify any users belonging to domain named WINDOWS_CLIENT_HOSTNAME, and will reject the login.
(Newer versions of Samba may have a built-in check for this specific situation, and they might allow you access nevertheless. But this is basically how SMB authentication works "under the hood", and if you need to deal with old versions of Samba, it might be useful still.)
I have a network share hosted on an Ubuntu 20.04 server. I've set up the server properly and the client computers can upload files to the SMB share but unfortunately, the files are locked on the host computer. I can change the files using chmod -R 777 but any new files do not follow the same permissions.
Is there any way to make it where the folder's permissionless - where anyone with access can treat their files as their own and without having to run that command every 5 minutes?
Any help would be greatly appreciated. I will even throw in some beautiful Reddit Gold karma for the first answer that works :)
Edit: Thanks for the help everyone
In smb.conf, in the shared directory section, place:
create mask = 0644
directory mask = 2777
Initially, use g+s permission on all directories and chown them for the sambashare group. The s bit will keep the group of the files created the same as the directory group (and 2777 will take care of the s bit on the new directories).
To allow everyone from the group SAMBASHARE to access the shares add the following to the [global] directive:
create mode = 664
workgroup = SAMBASHARE
security = user
usershare allow guests = yes
To export /data/shared you have to add the following at the end of the file:
[data]
comment = shared
path = /data/shared
guest ok = yes
read only = no
public = yes
writable = yes
That should work for you, but I strongly recommend to gather some more information.