How to set root ownership and inheritable 0777 permission across share

ogriff79 · March 19, 2015, 4:21pm

I’m having an issue with a windows application that despite normal read/write access in windows explorer (windows 7 pro 64 bit), when the application tries to export files to the share I get an access denied error.

If I chmod -r 777 to the entire share the application can write to a directory, however if as a windows user I create a new folder, the disk access denied in the application export returns. Then I’m back to chmod -r 777 to temporarily fix.

On a private share the owner is correctly set but the application is denied access, on a public share when a folder is created via windows, it inherits ‘nobody’ user permission (i.e. the guest). Yes, the application doesn’t like this, and is denied disk access.

So, I’m looking at adding the following to /etc/samba/overall_share

create mask = 000
directory mask = 000
force create mode = 777 #permissions I want on all files
force directory mode = 777 #permissions I want on all directories

How woudl I add to

## BEGIN ## sharename = Public #
[Public]
  path = /DataVolume/shares/Public
  comment = Public Share
  public = yes
  browseable = yes
  writable = yes
  guest ok = yes
  map read only = no
## END ##

## BEGIN ## sharename = Private #
[Private]
  path = /shares/Private
  comment = Private share
  invalid users =
  valid users = admin
  read list =
  write list = admin
  map read only = no
## END ##

or

as a more extreme option could anyone advise on

sudo bindfs -o perms=0777:+X,group=users /mnt/Shared /mnt/Shared

Thanks

wptski · March 19, 2015, 4:49pm

That must be a W7 Pro 64-bit thing. I noticed that if a file is copied to a share with WinSCP, later I can’t overwrite it from Windows but I can delete it and then copy the file. The group and ownership has changed but this doesn’t happen using W10TP.

ogriff79 · March 20, 2015, 12:05pm

Any ideas?

jamalaya · March 21, 2015, 12:48am

Just a thought:

try these

force create mode = 0777
force directory mode = 0777
create mask = 0777
directory mask = 0777

you can add them either in the global conf or per share

restart the Samba server

what happens if you create a directory and add a file without using that application?

How did you create the users and permission? Via dashboard?

what happens if you ssh to the WD and login to the share (via smbclient)? can you create a directory and add a file?

hth

Wormvortex · March 22, 2015, 1:27pm

I had this problem and used the below command as for some reason root was the owner of my share and the only one allowed to access it even though the dashboard showed my user account as having access.

chown -hR (username) /shares/xxxxx (where xxxxx is the share folder)

jamalaya · March 22, 2015, 3:13pm

Both OP and you msut have had problems to do that. You never ever have do that as it compromises security.

this is the flow with Samba and Unix:

create a user, user will have a default group.

add user to samba database

as root create a share and make share owned by root (default) and nominate a group that can have access to that share and make the group owner of the share (NOT USER)

for each user modify them to belong to that nominated share as well.

anyuser that belongs to that share will be able to access it.

that is it, that is all is needed.

in WDmycloud case, they added an extra layer of security in the dashboard (some sort of database to control individual acess even if they belong to the same share). My guess is that creating many arbitrary groups is not useful in this case.

so they create a couple of groups (mostly “share” for all users). that is why all shares are owned by root and “shares”.

anything else you are compromising security of your box (if you care ).