I recommend to create a dedicated user for that share and specify it in force user(see docs).

Create a user (shareuser for example) and set the owner of everything in the share folder to that user:

adduser --system shareuser
chown -R shareuser /path/to/share

Then add force user and permission mask settings in smb.conf:

[myshare]
path = /path/to/share
writeable = yes
browseable = yes
public = yes
create mask = 0644
directory mask = 0755
force user = shareuser

Note that guest ok is a synonym for public.

Answer from yaegashi on Stack Exchange
Top answer
1 of 5
103

I recommend to create a dedicated user for that share and specify it in force user(see docs).

Create a user (shareuser for example) and set the owner of everything in the share folder to that user:

adduser --system shareuser
chown -R shareuser /path/to/share

Then add force user and permission mask settings in smb.conf:

[myshare]
path = /path/to/share
writeable = yes
browseable = yes
public = yes
create mask = 0644
directory mask = 0755
force user = shareuser

Note that guest ok is a synonym for public.

2 of 5
6

In the share settings in smb.conf, you'll need to specify the names of users and/or groups that are allowed to write to the share, using a write list = ... line.

Example:

[myshare]
...
write list = my_linux_username

Then you'll need to use the smbpasswd command to set up a password to authenticate my_linux_username for Samba:

sudo smbpasswd -a my_linux_username

This step is necessary because the standard system passwords in /etc/shadow are hashed in algorithms that are incompatible with the password hash algorithms used in the SMB protocol. When a client sends a SMB authentication packet, it includes a hashed password. It can only be compared to another password hash that uses the same algorithm.

(Very, very old instructions from the previous millennium may recommend disabling password encryption in Samba, and using certain registry hacks to allow Windows to emit unencrypted passwords to the network. This advice is obsolete: those registry hacks may no longer work in current versions of Windows, and allow anyone who can monitor your network traffic to trivially capture your password.)


There's one more thing you may have to do client-side. When your Windows client system is joined to an Active Directory domain and you're logged in with an AD account, it automatically prefixes all unqualified usernames with the name of the AD domain of the user, i.e. you will be authenticating as AD_DOMAIN\your_username, not just your_username.

If you are logged in with a local account (or your client system is not joined to an AD domain), Windows may automatically prefix the username with the client hostname unless you specify another domain name.

To successfully log in to a stand-alone Samba server from a stand-alone Windows client, you may have to specify your username as SAMBA_SERVER_HOSTNAME\your_username.

Otherwise Samba will see the username as WINDOWS_CLIENT_HOSTNAME\your_username, conclude that it has no way to verify any users belonging to domain named WINDOWS_CLIENT_HOSTNAME, and will reject the login.

(Newer versions of Samba may have a built-in check for this specific situation, and they might allow you access nevertheless. But this is basically how SMB authentication works "under the hood", and if you need to deal with old versions of Samba, it might be useful still.)

🌐
Raspberry Pi Forums
forums.raspberrypi.com › board index › community › general discussion
How to make samba share writable? - Raspberry Pi Forums
If it's FAT, vFAT or exFAT then as far as unix security goes all bets are off. The FAT filesystems security is set by the uid/gid passed (or defaulted) on the mount command. If you want your security to work properly you need to reformat USB0 as a ext2/ext3/ext4 filesystem. The same is true for mounting samba filesystems on unix.
🌐
Linux-training
linux-training.be › networking › ch18.html
Chapter 18. a writable file server
Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions [global] netbios name = TEACHER0 server string = Public Anonymous File Server security = SHARE [pubwrite] comment = files to write path = /srv/samba/writable read only = No guest ok = Yes [pubread] comment = files to read path = /srv/samba/readonly guest ok = Yes
🌐
nixCraft
cyberciti.biz › nixcraft › howto › linux › unix samba: make a share writable
UNIX Samba: Make A Share Writable - nixCraft
April 13, 2010 - and please if you use writeable = yes, write it correctly….. samba will accept both.
Find elsewhere
🌐
Linux-training
linux-training.be › storage › ch20.html
Chapter 20. a writable file server
Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions [global] netbios name = TEACHER0 server string = Public Anonymous File Server security = SHARE [pubwrite] comment = files to write path = /srv/samba/writable read only = No guest ok = Yes [pubread] comment = files to read path = /srv/samba/readonly guest ok = Yes
🌐
Samba
samba.org › samba › docs › using_samba › ch09.html
Samba
When a user requests a connection to a share, Samba authenticates by validating the given username and password with the authorized users in the configuration file and the passwords in the password database of the Samba server. As mentioned earlier in the chapter, one way to isolate which users are allowed access to a specific share is by using the valid users option for each share: [global] security = user [accounting1] writable = yes valid users = bob, joe, sandy
🌐
Samba
samba.org › samba › docs › using_samba › ch06.html
Chapter 6. The Samba Configuration File
[template] writable = yes browsable = yes valid users = andy, dave, jay [data] path = /usr/local/samba copy = template
🌐
Reddit
reddit.com › r/proxmox › add/create write permission to samba share
r/Proxmox on Reddit: Add/create write permission to Samba share
March 2, 2024 -

I am so close to having this set up, I just need a little help with the last steps. I set up a samba share on my Proxmox server using this tutorial:

https://computingforgeeks.com/how-to-configure-samba-share-on-debian/

From my Windows PC I can see the Proxmox server on the network, I can login and see the demo files I created in the tutorial, but I can’t make any changes. Just keeps saying I don’t have permission. I have Plex in an LXC. From Windows I need to be able to navigate to the hdd and add media files over the local network. I thought I enabled write permission, but maybe I missed something.

Can someone please help me figure this out?

Top answer
1 of 2
2

Remove samba by executing following commands

sudo apt-get remove --purge samba
sudo apt-get remove --purge smbclient libsmbclient
sudo apt-get purge samba samba-common
sudo rm -rf /etc/samba/ /etc/default/samba

Install it again

sudo apt-get install samba
sudo apt-get install smbclient libsmbclient

Now original smb.conf has been restored so restart Ubuntu then add user from terminal.

root@Dell-Inspiron-3521:~# sudo smbpasswd -a username (username should be without space eg "sudo smbpasswd -a alamjitsingh")
New SMB password:*********
Retype new SMB password:*********
Added user alamjitsingh.

Now edit smb.conf file as follows. Mentioned lines must be present in the the code.

sudo gedit /usr/share/samba/smb.conf


[global]
 workgroup = WORKGROUP
 passdb backend = tdbsam 
 security = user

[Optional] If you want to share folder which are inside opt directory then you also have to add following line in global section.

usershare owner only = False

In authentication section turn "map to guest = bad user" off by adding # at starting of code

#map to guest = bad user

At last add your personal code

   [sqr_custom]
path = /opt/oracle/psft/pt/ps_home8.55.11/sqr_custom
comment = Personal_Share
read only = no
available = yes
browseable = yes
writable = yes
guest ok = no
public = yes
printable = no
locking = no
strict locking = no

Apart from this your shared folder is in opt folder which require permissions to write. So firstly test this prog by sharing folder of home directory. Then we will proceed further. To know correct path of shared folder drag and drop folder on running terminal.


If you are succeed to run above code then do the following

To create a group:

sudo groupadd demoGroup

To add the user account to the group:

sudo usermod -G demoGroup username(eg alamjitsingh)

For setting permissions of writing

sudo chown -R username:groupname /opt/demo

eg

sudo chown -R alamjitsingh:demogroup /opt/demo

Following lines are for granting the write access to members of the demoGroup in directory demo (It will grant all demoGroup members to write)

sudo chgrp -R demogroup /opt/demo
sudo chmod 2770 /opt/demo

Restart services

sudo service nmbd restart
sudo service smbd restart

eg of shared folder of restricted directory with write privilege

[demo]
path = /opt/demo
comment = HD Share
read only = no
available = yes
browseable = yes
writable = yes
guest ok = no
public = yes
printable = no
locking = no
strict locking = no
force create mode = 0660
force directory mode = 2770
force user = alamjitsingh
force group = demogroup
2 of 2
1

Try below mentioned code

[global]
workgroup = WORKGROUP
netbios name = CDA
passdb backend = tdbsam 
security = user
#map to guest = Bad User
username map = /etc/samba/smbusers
guest account = nobody
guest ok = yes
log file = /var/log/samba.log.%m
log level = 2
max log size = 1000
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printing = bsd



[custom_home]
  path = /opt/asdf/custom_home
  read only = no
  available = yes
  browseable = yes
  writable = yes
  guest ok = no
  public = yes
  locking = no
  strict locking = no
  create mask = 0777
  directory mask = 0777
  valid users = @writer (if writer is not username remove this line i think, you added user name = testuser so remove this line)

Most probably testuser is your user name to access this shared folder. In windows 10 you have to "Add a Network Location" manually, eg- "\\192.168.1.3\ Shared_folder_name" then it will ask for username and password. Find this option->Add a Network Location in windows 10. In android devices you can access this shared directory via "ES file explorer" app. If still not working intimate me. Good luck.

🌐
Linux-training
linux-training.be › storage › ch23.html
Chapter 23. samba securing shares
[authwrite] path = /srv/samba/authwrite comment = authenticated users only read only = no guest ok = no create mask = 600 directory mask = 555 inherit permissions = yes · 1. Create a writable share called sales, and a readonly share called budget.
🌐
Samba
lists.samba.org › archive › samba › 2010-October › 159149.html
[Samba] writable = yes for Profiles in smb.conf.default
October 30, 2010 - Next message: [Samba] Samba 3.4.9 net rpc shutdown and XP Domain client · Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] On Sat, Oct 30, 2010 at 11:14 AM, Benedikt Panzer <Benedikt_Panzer at gmx.de> wrote: > I'm suggesting to add line 'writable = yes' for Profiles share in file examples/smb.conf.default.
🌐
LinuxQuestions.org
linuxquestions.org › questions › linux-server-73 › what's-the-difference-between-read-only=no-and-writable=yes-in-samba-756930
What's the difference between read only=no and writable=yes in Samba?
September 22, 2009 - What's the difference between read only=no and writable=yes in Samba? I see some docs stating read only=no means writable, then at this point, what's