Just add comma ',' if you want multiple valid users. See line that I used below.

valid users = @group1, @group2
Answer from ckknight on Stack Exchange
🌐
Linux Mint Forums
forums.linuxmint.com › board index › main edition support › networking
Understanding "valid users" in smb.conf (SOLVED) - Linux Mint Forums
May 14, 2025 - [Documents] path = /home/dreas_sf/Documents read only = no valid users = dreas_sf guest ok = No And you would have to add that user to samba: ... sudo smbpasswd -a dreas_sf On the client: On the client I will use one of your fstab declarations from your earlier question as an example:
Discussions

smb - Samba multi user setup - step by step? - Unix & Linux Stack Exchange
Tried it many times but never get the SMB sharing right on Unix. A minimal Debian file server, no GUI, just SSH... I always thought you set all the permissions in SMB and just found out you do it in More on unix.stackexchange.com
🌐 unix.stackexchange.com
December 21, 2019
how do I add multiple users to smb extras - General Support - Unraid
OK looking for the format to use is it a space a comma or maybe a semicolon to add multiple users . I have looked in the official the unofficial wiki searched the forums found it 3 times but only for a single user. watched Spaceinvader ones video only one user. Regards Rhino2310 More on forums.unraid.net
🌐 forums.unraid.net
April 25, 2023
multiple users to access same share in samba? | AnandTech Forums: Technology, Hardware, Software, and Deals
This is my config: [auclair] path = /data/samba/shared/auclair/ comment = Auclair browseable = yes writable = yes valid users=administrator, auclair forcegroup smbusers create mode 770 create mask 770 directory mode 770 [shared] path = /data/samba/shared/ comment = main share browseable = yes ... More on forums.anandtech.com
🌐 forums.anandtech.com
July 14, 2007
SMB share only works in read-only
Better to ask in r/linux But I will ask this. What are the permissions on those directories set as and is your myusername part of the group or user with permissions there? More on reddit.com
🌐 r/selfhosted
4
0
February 17, 2024
🌐
Samba
samba.org › samba › docs › using_samba › ch09.html
Chapter 9. Users and Security
[dave] comment = %U home directory writable = yes valid users = dave path = %H · With a single user accessing a home directory, access permissions are taken care of when the user account is created. The home directory is owned by the user, and permissions on it are set appropriately. However, if you're creating a shared directory for group access, you need to perform a few more steps. Let's take a stab at a group share for the accounting department in the smb.conf file:
Top answer
1 of 1
3

let me first start off by saying read up at https://www.samba.org/samba/docs/

because there are a handful of knobs to know about with Samba Server in linux and there is probably more than one way to accomplish what you are asking.

But in a nutshell

  • install samba server in linux, this minimal samba functionality to be described should work on any linux
  • edit /etc/samba/smb.conf to be at least the following

# smb.conf file sample
[global]
    security = user
    passdb backend = tdbsam
[scratch]
    path = /scratch
    read only = No
    guest ok = No
  • read up at samba.org for explanation on security and passdb, but this will set up basic functionality meaning a local linux account needs to exist and valid with that account name [ragnar and harald] which also needs to be the account name from whatever the connectting computer is. And if the account passwords are the same between the connnecting computer and the samba password on the linux system hosting the samba server then connection is granted
  • you must do
    • smbpasswd -a ragnar
    • smbpasswd -a harald
    • on your linux system hosting samba server to meet the passdb backend choice... because we are using samba passwords which are different than the local account password in /etc/passwd. Read samba docs for detailed explanation, but this will set up fundamental access security based on linux file/folder permissions for the given account names, until you do guest ok = yes to allow anyone access to that given share specified in smb.conf
    • i only shared out a folder called scratch as an example in my smb.conf sample
  • as for all your other specific questions- too hard to answer sorry
  • doing it this way, if for example account name harald exists on the linux samba server and on the client system, and the linux server smbpasswd for harald matches the account password of harald on the connecting client, then everything that applies to harald on the linux system will be in affect over the samba connection and you can resort to basic file/folder permissions based on users and groups as defined on the linux [samba] server.

always thought you set all the permissions in SMB and just found out you do it in Windows

not necessarily, you can set them from the client side (from your windows computer) but the file/folder permission authority is derived from samba server... so it's first and foremost the linux file system permissions, that are then read by samba server, and then passed over the SMB (server message block) protocol to whoever the client is which must be able to understand SMB. When there's a mismatch (i.e. guest ok== yes and windows account does not exist on linux [samba] server you will notice permissions are set to nobody when viewed on the linux system.

  • read samba doc about Map to Guest
  • there are many other tweaks to be done to meet varying levels of access and restrictions
    • obey pam restrictions
    • I suggest you remove that or say no because that's beyond what seems to be your current level of understanding on samba; and PAM is a whole other animal.
    • I am not sure if nologin for the linux accounts will still allow samba smb access for those accounts, so I suggest you make harald and ragnar fully active linux accounts first; and once everything is working then change those accounts to nologin (to prevent ssh). This is is why i say pam=no because your saying obey pam restrictions then making the account nologin is likely to prevent samba access.
🌐
Red Hat
access.redhat.com › solutions › 2262051
How to secure samba share access using 'valid users' parameters along with local samba groups with security=ads. - Red Hat Customer Portal
# net sam addmem <local_group_name> <ad_user_name> Example: # net sam addmem tgroup EXAMPLE\\aduser · 3] Change group of the shared path to local group as below. # chgrp -R "<local_group_name>" /<share> Example: # chgrp -R "RHEL6\\tgroup" /share · 4] Run following command to list group members. # net sam listmem <local_group_name> Example: # net sam listmem tgroup · 5] Add the local group in file smb.conf as below. [share] . . valid users = +tgroup ·
🌐
LinuxQuestions.org
linuxquestions.org › questions › linux-networking-3 › configuring-samba-for-multiple-users-or-for-everyone-on-a-lan-728522
Configuring samba for multiple users or for everyone on a LAN
Hi, I am trying to configure samba for anyone of the scenarios in the subject. here's what my smb.conf looks like: Code: workgroup = RnD [Samba Share]
🌐
Raspberry Pi Forums
forums.raspberrypi.com › board index › using the raspberry pi › beginners
Multiple users and shares for Samba - Raspberry Pi Forums
[homes] comment = Home Directories valid users = %S read only = No create mask = 0644 Then everything in /home/username will be shared if username has a smbpasswd assigned. Here is the complete first part of the smb.conf
Find elsewhere
🌐
Delinea
docs.delinea.com › online-help › server-suite › integrate › samba › config › modify.htm
Modifying the Samba smb.conf Configuration File | Delinea
# and when the user or group is in AD , the setting syntaxes is: # valid users = CPUBS\username +CPUBS\group writable = yes [MyShare] path = /samba-test browsable = yes writable = yes guest ok = yes read only = no [homes] comment = Home directories read only = No browseable = No · Some platforms will have slight variations in the smb.conf file, as follows:
🌐
Jaytaala Confluence
confluence.jaytaala.com › display › TKB › Create+samba+share+writeable+by+all,+group,+or+only+a+user
Create samba share writeable by all, group, or only a user - Tech Knowledge Base - jaytaala.com Confluence
August 25, 2020 - We now need to edit /etc/samba/smb.conf. Below are several examples depending on how you want to users to access your smb share. ... # share [share] path = /media/share writeable = yes browseable = yes public = yes create mask = 0644 directory mask = 0755 force user = shareuser ... Note: you should have created group "sharegroup" (or another group) as outlined above. ... # share [share] path = /media/share valid users = @sharegroup writeable = yes browseable = yes create mask = 0644 directory mask = 0755 force user = shareuser ...
🌐
Samba
samba.org › samba › docs › current › man-html › smb.conf.5.html
smb.conf
On POSIX system Samba processes ... The process of mapping SIDs to POSIX users and groups is called IDENTITY MAPPING or, in short, ID MAPPING. Samba supports multiple ......
Top answer
1 of 1
2

Yes, Samba can support ACLs nowadays. it takes a few lines in the globals section, and a list of allowed and denied ACLs per share. some adjustment may be needed to your underlying filesystem permissions to support them though, since ext filesystems don't do ACLs by default.

heres a tutorial: http://aisalen.wordpress.com/2007/08/10/acls-on-samba/

and a general reference for the SMB.conf file: http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html

Edit: try changing your share configuration like this. note that OS groups require an '@' in front, and that write list does not imply read priv, so put both groups in the read list.

add these to globals:

invalid users = root
valid users = @smbusers, @smbusers_RO
create mask = 02775
directory mask = 02770

[SAMBA]
comment = Debian File Server With Read Write
invalid users=nobody,nobody
valid users=@smbusr,@smbusr_RO
path = /samba
browseable = yes
guest ok = no
read list = @smbusr,@smbusr_RO
write list = @smbusr
writeable=yes

also run 'sudo testparm -s' to check your config file integrity.

in terms of filesystem permissions, you can chown -R your files to be owned by 'root:smbusers', so that your group permission controls who can write, and your other permission can control who can read (smb will make sure that read permissions are only granted to 'smbusers_RO'). then I recommend using SetGID so that all new folders created in the share are owned by :smbusers and all your smbusers will have access to them.

chown -R root:smbusers /samba 
chmod -R 2775 /samba
🌐
Unraid
forums.unraid.net › home › unraid os support › general support › how do i add multiple users to smb extras
how do I add multiple users to smb extras - General Support - Unraid
April 25, 2023 - OK looking for the format to use is it a space a comma or maybe a semicolon to add multiple users . I have looked in the official the unofficial wiki searched the forums found it 3 times but only for a single user. watched Spaceinvader ones video only one user. Regards Rhino2310
🌐
AnandTech
forums.anandtech.com › home › software › open source
multiple users to access same share in samba? | AnandTech Forums: Technology, Hardware, Software, and Deals
July 14, 2007 - This is my config: [auclair] path = /data/samba/shared/auclair/ comment = Auclair browseable = yes writable = yes valid users=administrator, auclair forcegroup smbusers create mode 770 create mask 770 directory mode 770 [shared] path = /data/samba/shared/ comment = main share browseable = yes writable = yes guest ok = no valid users=administrator,ryan, p2puser force group smbusers write mode = 775 directory mode = 775 If auclair user writes to auclair share, I log is as ryan into shared and cant delete any files inside folders made by auclair.
🌐
SUSE
suse.com › support › kb › doc
valid users with AD group | SUSE | Support Center
wbinfo -u" and "wbinfo -g" all the AD users and groups can be seen. When accessing a samba share, the following error is displayed · "Access is Denied" This happens when setting the following in /etc/samba/smb.conf valid users = @"<domain>\<AD group>" It works when the "valid users" line is deleted.
Top answer
1 of 1
2

Your two users are by default in their own groups: user1:user1 and user2:user2.

The files are likely owned by user1:user1 with no access to 'other' users.

Solutions range from simplest to most robust:

  1. Pretend everyone is user1 by adding force user = user1 to the share.
  • user2 now has all the rights and permissions that user1 has.
  • As per @DeeJayh's comment, you will also want to add valid users = user1 user2 so that user3 and 4, etc cannot browse the share.
  1. Pretend everyone is group user1 by adding force group = user1 to the share.
  • Same caveat as above but you can remove group write access with chmod g-w ...
  1. Grant EVERYONE read/execute access.
  • This including user2
  • Everyone on the system will have access to the files as they exist now, though not via samba.
  • Future additions will need this run each time.
  • chmod -R o+rx /media/user1/multimedia/video/movies-library
  1. Share group
  • Create a group that user1 and user2 are both members of and set ownership of the files to that group.
  • Add that group to both users.
  • Set the group ownership of the share to that group.
  • Make sure everything in that directory is group accessible.
  • SetGID on the directory so future additions inherit the group.

sudo usermod -a -G media-share user1 sudo usermod -a -G media-share user2 chown -R user1:media-share /media/user1/multimedia/video/movies-library chmod -R g+rx /media/user1/multimedia/video/movies-library chmod -R g+s /media/user1/multimedia/video/movies-library```

  • If you add files via samba then you can set the directory and file mask to ensure group permissions by adding create mask = 0750 and directory mask = 0770 to the share.
🌐
OneUptime
oneuptime.com › home › blog › how to configure samba user authentication and permissions on rhel
How to Configure Samba User Authentication and Permissions on RHEL
March 4, 2026 - # Create groups for different access levels sudo groupadd samba_readonly sudo groupadd samba_writers sudo groupadd samba_admins # Add users to groups sudo usermod -aG samba_writers smbuser1 sudo usermod -aG samba_admins smbuser2 ... [projects] path = /srv/samba/projects browseable = yes # Allow these users/groups valid users = @samba_readonly @samba_writers @samba_admins # Read-only for readonly users, write access for writers and admins read list = @samba_readonly write list = @samba_writers @samba_admins admin users = @samba_admins
🌐
Raspberry Pi Forums
forums.raspberrypi.com › board index › projects › networking and servers
Samba share invalid user not working - Raspberry Pi Forums
sudo chown user1:users -R /path/share1 sudo chown user1:users -R /path/share1/share2 sudo chown user1:users -R /path/share1/share3 In the group 'users' we only have user1 and user2 As a following step, I then adjusted the smb.conf like that: ... [share1] path=/path/share1 group=users valid users=user1 user2 writeable=Yes create mask=0777 directory mask=0777 public=no [share2] path=/path/share1/share2 group=users valid users=user1 user2 writeable=Yes create mask=0777 directory mask=0777 public=no [share3] path=/path/share1/share3 group=users valid users=user1 invalid user=user2 writeable=Yes create mask=0777 directory mask=0777 public=no Now, for user1 still everything works fine but user2 has no access to any share.