Best practice for shared directory on server (samba windows 10 clients)
Clash Royale CLAN TAG#URR8PPP up vote
0
down vote
favorite
Setting up file sharing on Linux server (Ubuntu) with Samba for Windows 10 clients. Originally setup this environment 7 years ago on Fedora server, but I am uncertain that I did it in the best practice manner. My question is this: For a shared directory on the Linux server, how do I give multiple users full permission to that share so that they can edit/delete sub-directories and files, whether they created (own) them or not? For example, I have several different groups of users who will have access to their groups shared directories with full permission in those directories. On my old server I did a work around that I am sure must have a better way.....I created a generic Linux/Samba user with full permission to each group share, then through a login script on the Windows clients mapped them to that share as if they were the generic user (ex. public_user accessing the public share). It works, but there is no accountability as to tracking changes or newly created files or directories, since everything is owned by the generic user. This is my first question here. Any help is greatly appreciated.
server permissions samba file-sharing shared-folders
asked Mar 29 at 14:09
gcruthers
13
add a comment |Â
up vote
0
down vote
favorite
Setting up file sharing on Linux server (Ubuntu) with Samba for Windows 10 clients. Originally setup this environment 7 years ago on Fedora server, but I am uncertain that I did it in the best practice manner. My question is this: For a shared directory on the Linux server, how do I give multiple users full permission to that share so that they can edit/delete sub-directories and files, whether they created (own) them or not? For example, I have several different groups of users who will have access to their groups shared directories with full permission in those directories. On my old server I did a work around that I am sure must have a better way.....I created a generic Linux/Samba user with full permission to each group share, then through a login script on the Windows clients mapped them to that share as if they were the generic user (ex. public_user accessing the public share). It works, but there is no accountability as to tracking changes or newly created files or directories, since everything is owned by the generic user. This is my first question here. Any help is greatly appreciated.
server permissions samba file-sharing shared-folders
asked Mar 29 at 14:09
gcruthers
13
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
Setting up file sharing on Linux server (Ubuntu) with Samba for Windows 10 clients. Originally setup this environment 7 years ago on Fedora server, but I am uncertain that I did it in the best practice manner. My question is this: For a shared directory on the Linux server, how do I give multiple users full permission to that share so that they can edit/delete sub-directories and files, whether they created (own) them or not? For example, I have several different groups of users who will have access to their groups shared directories with full permission in those directories. On my old server I did a work around that I am sure must have a better way.....I created a generic Linux/Samba user with full permission to each group share, then through a login script on the Windows clients mapped them to that share as if they were the generic user (ex. public_user accessing the public share). It works, but there is no accountability as to tracking changes or newly created files or directories, since everything is owned by the generic user. This is my first question here. Any help is greatly appreciated.
server permissions samba file-sharing shared-folders
asked Mar 29 at 14:09
gcruthers
13
Setting up file sharing on Linux server (Ubuntu) with Samba for Windows 10 clients. Originally setup this environment 7 years ago on Fedora server, but I am uncertain that I did it in the best practice manner. My question is this: For a shared directory on the Linux server, how do I give multiple users full permission to that share so that they can edit/delete sub-directories and files, whether they created (own) them or not? For example, I have several different groups of users who will have access to their groups shared directories with full permission in those directories. On my old server I did a work around that I am sure must have a better way.....I created a generic Linux/Samba user with full permission to each group share, then through a login script on the Windows clients mapped them to that share as if they were the generic user (ex. public_user accessing the public share). It works, but there is no accountability as to tracking changes or newly created files or directories, since everything is owned by the generic user. This is my first question here. Any help is greatly appreciated.
server permissions samba file-sharing shared-folders
server permissions samba file-sharing shared-folders
asked Mar 29 at 14:09
gcruthers
13
asked Mar 29 at 14:09
gcruthers
13
asked Mar 29 at 14:09
gcruthers
13
asked Mar 29 at 14:09
gcruthers
13
asked Mar 29 at 14:09
gcruthers
13
13
add a comment |Â
add a comment |Â
2 Answers
2
active
oldest
votes
up vote
0
down vote
Edit the samba configuration file.
sudo nano /etc/samba/smb.conf
Add this to the end of the file:
[Public Directory]
comment = Contents are read/write by all.
path = /home/user/directory-to-be-shared
read only = no
guest ok = yes
create mask = 0666
force create mode = 0666
directory mask = 0777
force directory mode = 0777
Then restart samba.
sudo service smbd restart
Notes:
- The string within brackets (
Public Directoryin the example above)
is what users will see when accessing the shared folder from other
systems. - Files created within this directory by users on other systems will
be owned by nobody:nogroup, with read and write permissions for
owner, group, and other. - Directories created in this directory by users on other systems will
be owned by nobody:nogroup, with read, write, and directory traversal
permissions for owner, group, and other. - The masks and modes in the configuration file apply to files and
directories created by users on other systems. These masks and modes
are ignored when creating files as a user on the server. Or, to put it
another way, if you are user on the server, make sure that each file
and directory that you create within/home/user/directory-to-be-sharedhas 666 and 777 permissions respectively. If you have enabled a firewall on the server, you will need to open
port 445 for tcp. For example, if you useufw(uncomplicated
firewall) to configure the firewall:sudo ufw allow in 445/tcp
sudo ufw reload
sudo ufw status verbose
answered Mar 29 at 16:33
TooManyPets
26116
Thank you. Question: What about the Linux permissions for the "Public" directory? I currently have the directory set to 770 with root ownership and the public group. Without Samba running, I can login through a terminal as a regular user and create/delete directories/files: , but bob cannot
– gcruthers
Mar 29 at 19:14
-rw-r--r-- 1 greg greg 41 Mar 28 15:47 gregs_notes.txt -rw-r--r-- 1 bob users 35 Mar 28 15:44 myfile.txt -rw-r--r-- 1 root root 41 Mar 28 15:37 notes.txt -rw-r--r-- 1 greg greg 90 Mar 28 15:56 sharedfile.txt bob is regular user in public group and greg is me as sudo.....if bob attempts to edit a file he other than his own, it errors stating "attempting to edit a read-only file." in VI.
– gcruthers
Mar 29 at 19:22
All of your permissions are 644. Are you using Ubuntu Server or are you using Ubuntu Desktop? The default umask in Server is 0002 so all newly created files should have permissions of 664. But on Desktop the umask is 0022 resulting in new files having permissions of 644. To find your umask run - without quotes: "umask" in a terminal.
– Morbius1
Mar 30 at 11:13
I am running server. I have not altered the umask. Can't verify umask until Monday.
– gcruthers
Mar 30 at 16:09
add a comment |Â
up vote
0
down vote
It's not clear to me if you want a share accessible to everyone or only a group of client users so this is a template for the latter.
Note: This will only work as described if the default umask of your system is 0002 so it will not work for Ubuntu Desktop 17/18 but it will work for Xubuntu Desktop and Ubuntu Server.
In this template it is required that all users you want to have access become members of the "users" group. It will assign the setgid bit on the shared directory and any future subdirectories which forces anything new added to them to inherit the group of it's parent folder.
sudo mkdir /path
sudo chown root:users /path
sudo chmod 2775 /path
The share would look like this:
[UsersShare]
path = /path
valid users = @users
force group = users
read only = no
create mask = 0664
force directory mode = 2775
When bob - who was made a member of the "users" group - logs in with his samba username/password and adds a file to the [UsersShare] share it will have owner = bob, group = users, mode = 664 files / 2775 folders.
All other client users who are members of the users group who sign in will have full access to whatever bob did.
Any local users - those on the server itself - who add or modify files who are also members of the users group will all have the same ability and newly created files/folders will have the same 664/2775 mode and all will have as group: "users". The one exception to all this is root - as in when you use sudo - since it's default umask is 022 unlike a regular user his files will inherit the "users" group but will have a mode of 644.
If you truly want a pure public share where everyone has access replace "valid users = @users" with "guest ok = yes". For this to work locally on the server you would still need to add those users to the "users" group.
answered Mar 31 at 12:18
Morbius1
88626
add a comment |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
Edit the samba configuration file.
sudo nano /etc/samba/smb.conf
Add this to the end of the file:
[Public Directory]
comment = Contents are read/write by all.
path = /home/user/directory-to-be-shared
read only = no
guest ok = yes
create mask = 0666
force create mode = 0666
directory mask = 0777
force directory mode = 0777
Then restart samba.
sudo service smbd restart
Notes:
- The string within brackets (
Public Directoryin the example above)
is what users will see when accessing the shared folder from other
systems. - Files created within this directory by users on other systems will
be owned by nobody:nogroup, with read and write permissions for
owner, group, and other. - Directories created in this directory by users on other systems will
be owned by nobody:nogroup, with read, write, and directory traversal
permissions for owner, group, and other. - The masks and modes in the configuration file apply to files and
directories created by users on other systems. These masks and modes
are ignored when creating files as a user on the server. Or, to put it
another way, if you are user on the server, make sure that each file
and directory that you create within/home/user/directory-to-be-sharedhas 666 and 777 permissions respectively. If you have enabled a firewall on the server, you will need to open
port 445 for tcp. For example, if you useufw(uncomplicated
firewall) to configure the firewall:sudo ufw allow in 445/tcp
sudo ufw reload
sudo ufw status verbose
answered Mar 29 at 16:33
TooManyPets
26116
Thank you. Question: What about the Linux permissions for the "Public" directory? I currently have the directory set to 770 with root ownership and the public group. Without Samba running, I can login through a terminal as a regular user and create/delete directories/files: , but bob cannot
– gcruthers
Mar 29 at 19:14
-rw-r--r-- 1 greg greg 41 Mar 28 15:47 gregs_notes.txt -rw-r--r-- 1 bob users 35 Mar 28 15:44 myfile.txt -rw-r--r-- 1 root root 41 Mar 28 15:37 notes.txt -rw-r--r-- 1 greg greg 90 Mar 28 15:56 sharedfile.txt bob is regular user in public group and greg is me as sudo.....if bob attempts to edit a file he other than his own, it errors stating "attempting to edit a read-only file." in VI.
– gcruthers
Mar 29 at 19:22
All of your permissions are 644. Are you using Ubuntu Server or are you using Ubuntu Desktop? The default umask in Server is 0002 so all newly created files should have permissions of 664. But on Desktop the umask is 0022 resulting in new files having permissions of 644. To find your umask run - without quotes: "umask" in a terminal.
– Morbius1
Mar 30 at 11:13
I am running server. I have not altered the umask. Can't verify umask until Monday.
– gcruthers
Mar 30 at 16:09
add a comment |Â
up vote
0
down vote
Edit the samba configuration file.
sudo nano /etc/samba/smb.conf
Add this to the end of the file:
[Public Directory]
comment = Contents are read/write by all.
path = /home/user/directory-to-be-shared
read only = no
guest ok = yes
create mask = 0666
force create mode = 0666
directory mask = 0777
force directory mode = 0777
Then restart samba.
sudo service smbd restart
Notes:
- The string within brackets (
Public Directoryin the example above)
is what users will see when accessing the shared folder from other
systems. - Files created within this directory by users on other systems will
be owned by nobody:nogroup, with read and write permissions for
owner, group, and other. - Directories created in this directory by users on other systems will
be owned by nobody:nogroup, with read, write, and directory traversal
permissions for owner, group, and other. - The masks and modes in the configuration file apply to files and
directories created by users on other systems. These masks and modes
are ignored when creating files as a user on the server. Or, to put it
another way, if you are user on the server, make sure that each file
and directory that you create within/home/user/directory-to-be-sharedhas 666 and 777 permissions respectively. If you have enabled a firewall on the server, you will need to open
port 445 for tcp. For example, if you useufw(uncomplicated
firewall) to configure the firewall:sudo ufw allow in 445/tcp
sudo ufw reload
sudo ufw status verbose
answered Mar 29 at 16:33
TooManyPets
26116
Thank you. Question: What about the Linux permissions for the "Public" directory? I currently have the directory set to 770 with root ownership and the public group. Without Samba running, I can login through a terminal as a regular user and create/delete directories/files: , but bob cannot
– gcruthers
Mar 29 at 19:14
-rw-r--r-- 1 greg greg 41 Mar 28 15:47 gregs_notes.txt -rw-r--r-- 1 bob users 35 Mar 28 15:44 myfile.txt -rw-r--r-- 1 root root 41 Mar 28 15:37 notes.txt -rw-r--r-- 1 greg greg 90 Mar 28 15:56 sharedfile.txt bob is regular user in public group and greg is me as sudo.....if bob attempts to edit a file he other than his own, it errors stating "attempting to edit a read-only file." in VI.
– gcruthers
Mar 29 at 19:22
All of your permissions are 644. Are you using Ubuntu Server or are you using Ubuntu Desktop? The default umask in Server is 0002 so all newly created files should have permissions of 664. But on Desktop the umask is 0022 resulting in new files having permissions of 644. To find your umask run - without quotes: "umask" in a terminal.
– Morbius1
Mar 30 at 11:13
I am running server. I have not altered the umask. Can't verify umask until Monday.
– gcruthers
Mar 30 at 16:09
add a comment |Â
up vote
0
down vote
up vote
0
down vote
Edit the samba configuration file.
sudo nano /etc/samba/smb.conf
Add this to the end of the file:
[Public Directory]
comment = Contents are read/write by all.
path = /home/user/directory-to-be-shared
read only = no
guest ok = yes
create mask = 0666
force create mode = 0666
directory mask = 0777
force directory mode = 0777
Then restart samba.
sudo service smbd restart
Notes:
- The string within brackets (
Public Directoryin the example above)
is what users will see when accessing the shared folder from other
systems. - Files created within this directory by users on other systems will
be owned by nobody:nogroup, with read and write permissions for
owner, group, and other. - Directories created in this directory by users on other systems will
be owned by nobody:nogroup, with read, write, and directory traversal
permissions for owner, group, and other. - The masks and modes in the configuration file apply to files and
directories created by users on other systems. These masks and modes
are ignored when creating files as a user on the server. Or, to put it
another way, if you are user on the server, make sure that each file
and directory that you create within/home/user/directory-to-be-sharedhas 666 and 777 permissions respectively. If you have enabled a firewall on the server, you will need to open
port 445 for tcp. For example, if you useufw(uncomplicated
firewall) to configure the firewall:sudo ufw allow in 445/tcp
sudo ufw reload
sudo ufw status verbose
answered Mar 29 at 16:33
TooManyPets
26116
Edit the samba configuration file.
sudo nano /etc/samba/smb.conf
Add this to the end of the file:
[Public Directory]
comment = Contents are read/write by all.
path = /home/user/directory-to-be-shared
read only = no
guest ok = yes
create mask = 0666
force create mode = 0666
directory mask = 0777
force directory mode = 0777
Then restart samba.
sudo service smbd restart
Notes:
- The string within brackets (
Public Directoryin the example above)
is what users will see when accessing the shared folder from other
systems. - Files created within this directory by users on other systems will
be owned by nobody:nogroup, with read and write permissions for
owner, group, and other. - Directories created in this directory by users on other systems will
be owned by nobody:nogroup, with read, write, and directory traversal
permissions for owner, group, and other. - The masks and modes in the configuration file apply to files and
directories created by users on other systems. These masks and modes
are ignored when creating files as a user on the server. Or, to put it
another way, if you are user on the server, make sure that each file
and directory that you create within/home/user/directory-to-be-sharedhas 666 and 777 permissions respectively. If you have enabled a firewall on the server, you will need to open
port 445 for tcp. For example, if you useufw(uncomplicated
firewall) to configure the firewall:sudo ufw allow in 445/tcp
sudo ufw reload
sudo ufw status verbose
answered Mar 29 at 16:33
TooManyPets
26116
answered Mar 29 at 16:33
TooManyPets
26116
answered Mar 29 at 16:33
TooManyPets
26116
answered Mar 29 at 16:33
TooManyPets
26116
26116
Thank you. Question: What about the Linux permissions for the "Public" directory? I currently have the directory set to 770 with root ownership and the public group. Without Samba running, I can login through a terminal as a regular user and create/delete directories/files: , but bob cannot
– gcruthers
Mar 29 at 19:14
-rw-r--r-- 1 greg greg 41 Mar 28 15:47 gregs_notes.txt -rw-r--r-- 1 bob users 35 Mar 28 15:44 myfile.txt -rw-r--r-- 1 root root 41 Mar 28 15:37 notes.txt -rw-r--r-- 1 greg greg 90 Mar 28 15:56 sharedfile.txt bob is regular user in public group and greg is me as sudo.....if bob attempts to edit a file he other than his own, it errors stating "attempting to edit a read-only file." in VI.
– gcruthers
Mar 29 at 19:22
All of your permissions are 644. Are you using Ubuntu Server or are you using Ubuntu Desktop? The default umask in Server is 0002 so all newly created files should have permissions of 664. But on Desktop the umask is 0022 resulting in new files having permissions of 644. To find your umask run - without quotes: "umask" in a terminal.
– Morbius1
Mar 30 at 11:13
I am running server. I have not altered the umask. Can't verify umask until Monday.
– gcruthers
Mar 30 at 16:09
add a comment |Â
Thank you. Question: What about the Linux permissions for the "Public" directory? I currently have the directory set to 770 with root ownership and the public group. Without Samba running, I can login through a terminal as a regular user and create/delete directories/files: , but bob cannot
– gcruthers
Mar 29 at 19:14
-rw-r--r-- 1 greg greg 41 Mar 28 15:47 gregs_notes.txt -rw-r--r-- 1 bob users 35 Mar 28 15:44 myfile.txt -rw-r--r-- 1 root root 41 Mar 28 15:37 notes.txt -rw-r--r-- 1 greg greg 90 Mar 28 15:56 sharedfile.txt bob is regular user in public group and greg is me as sudo.....if bob attempts to edit a file he other than his own, it errors stating "attempting to edit a read-only file." in VI.
– gcruthers
Mar 29 at 19:22
All of your permissions are 644. Are you using Ubuntu Server or are you using Ubuntu Desktop? The default umask in Server is 0002 so all newly created files should have permissions of 664. But on Desktop the umask is 0022 resulting in new files having permissions of 644. To find your umask run - without quotes: "umask" in a terminal.
– Morbius1
Mar 30 at 11:13
I am running server. I have not altered the umask. Can't verify umask until Monday.
– gcruthers
Mar 30 at 16:09
Thank you. Question: What about the Linux permissions for the "Public" directory? I currently have the directory set to 770 with root ownership and the public group. Without Samba running, I can login through a terminal as a regular user and create/delete directories/files: , but bob cannot
– gcruthers
Mar 29 at 19:14
Thank you. Question: What about the Linux permissions for the "Public" directory? I currently have the directory set to 770 with root ownership and the public group. Without Samba running, I can login through a terminal as a regular user and create/delete directories/files: , but bob cannot
– gcruthers
Mar 29 at 19:14
-rw-r--r-- 1 greg greg 41 Mar 28 15:47 gregs_notes.txt -rw-r--r-- 1 bob users 35 Mar 28 15:44 myfile.txt -rw-r--r-- 1 root root 41 Mar 28 15:37 notes.txt -rw-r--r-- 1 greg greg 90 Mar 28 15:56 sharedfile.txt bob is regular user in public group and greg is me as sudo.....if bob attempts to edit a file he other than his own, it errors stating "attempting to edit a read-only file." in VI.
– gcruthers
Mar 29 at 19:22
-rw-r--r-- 1 greg greg 41 Mar 28 15:47 gregs_notes.txt -rw-r--r-- 1 bob users 35 Mar 28 15:44 myfile.txt -rw-r--r-- 1 root root 41 Mar 28 15:37 notes.txt -rw-r--r-- 1 greg greg 90 Mar 28 15:56 sharedfile.txt bob is regular user in public group and greg is me as sudo.....if bob attempts to edit a file he other than his own, it errors stating "attempting to edit a read-only file." in VI.
– gcruthers
Mar 29 at 19:22
All of your permissions are 644. Are you using Ubuntu Server or are you using Ubuntu Desktop? The default umask in Server is 0002 so all newly created files should have permissions of 664. But on Desktop the umask is 0022 resulting in new files having permissions of 644. To find your umask run - without quotes: "umask" in a terminal.
– Morbius1
Mar 30 at 11:13
All of your permissions are 644. Are you using Ubuntu Server or are you using Ubuntu Desktop? The default umask in Server is 0002 so all newly created files should have permissions of 664. But on Desktop the umask is 0022 resulting in new files having permissions of 644. To find your umask run - without quotes: "umask" in a terminal.
– Morbius1
Mar 30 at 11:13
I am running server. I have not altered the umask. Can't verify umask until Monday.
– gcruthers
Mar 30 at 16:09
I am running server. I have not altered the umask. Can't verify umask until Monday.
– gcruthers
Mar 30 at 16:09
add a comment |Â
up vote
0
down vote
It's not clear to me if you want a share accessible to everyone or only a group of client users so this is a template for the latter.
Note: This will only work as described if the default umask of your system is 0002 so it will not work for Ubuntu Desktop 17/18 but it will work for Xubuntu Desktop and Ubuntu Server.
In this template it is required that all users you want to have access become members of the "users" group. It will assign the setgid bit on the shared directory and any future subdirectories which forces anything new added to them to inherit the group of it's parent folder.
sudo mkdir /path
sudo chown root:users /path
sudo chmod 2775 /path
The share would look like this:
[UsersShare]
path = /path
valid users = @users
force group = users
read only = no
create mask = 0664
force directory mode = 2775
When bob - who was made a member of the "users" group - logs in with his samba username/password and adds a file to the [UsersShare] share it will have owner = bob, group = users, mode = 664 files / 2775 folders.
All other client users who are members of the users group who sign in will have full access to whatever bob did.
Any local users - those on the server itself - who add or modify files who are also members of the users group will all have the same ability and newly created files/folders will have the same 664/2775 mode and all will have as group: "users". The one exception to all this is root - as in when you use sudo - since it's default umask is 022 unlike a regular user his files will inherit the "users" group but will have a mode of 644.
If you truly want a pure public share where everyone has access replace "valid users = @users" with "guest ok = yes". For this to work locally on the server you would still need to add those users to the "users" group.
answered Mar 31 at 12:18
Morbius1
88626
add a comment |Â
up vote
0
down vote
It's not clear to me if you want a share accessible to everyone or only a group of client users so this is a template for the latter.
Note: This will only work as described if the default umask of your system is 0002 so it will not work for Ubuntu Desktop 17/18 but it will work for Xubuntu Desktop and Ubuntu Server.
In this template it is required that all users you want to have access become members of the "users" group. It will assign the setgid bit on the shared directory and any future subdirectories which forces anything new added to them to inherit the group of it's parent folder.
sudo mkdir /path
sudo chown root:users /path
sudo chmod 2775 /path
The share would look like this:
[UsersShare]
path = /path
valid users = @users
force group = users
read only = no
create mask = 0664
force directory mode = 2775
When bob - who was made a member of the "users" group - logs in with his samba username/password and adds a file to the [UsersShare] share it will have owner = bob, group = users, mode = 664 files / 2775 folders.
All other client users who are members of the users group who sign in will have full access to whatever bob did.
Any local users - those on the server itself - who add or modify files who are also members of the users group will all have the same ability and newly created files/folders will have the same 664/2775 mode and all will have as group: "users". The one exception to all this is root - as in when you use sudo - since it's default umask is 022 unlike a regular user his files will inherit the "users" group but will have a mode of 644.
If you truly want a pure public share where everyone has access replace "valid users = @users" with "guest ok = yes". For this to work locally on the server you would still need to add those users to the "users" group.
answered Mar 31 at 12:18
Morbius1
88626
add a comment |Â
up vote
0
down vote
up vote
0
down vote
It's not clear to me if you want a share accessible to everyone or only a group of client users so this is a template for the latter.
Note: This will only work as described if the default umask of your system is 0002 so it will not work for Ubuntu Desktop 17/18 but it will work for Xubuntu Desktop and Ubuntu Server.
In this template it is required that all users you want to have access become members of the "users" group. It will assign the setgid bit on the shared directory and any future subdirectories which forces anything new added to them to inherit the group of it's parent folder.
sudo mkdir /path
sudo chown root:users /path
sudo chmod 2775 /path
The share would look like this:
[UsersShare]
path = /path
valid users = @users
force group = users
read only = no
create mask = 0664
force directory mode = 2775
When bob - who was made a member of the "users" group - logs in with his samba username/password and adds a file to the [UsersShare] share it will have owner = bob, group = users, mode = 664 files / 2775 folders.
All other client users who are members of the users group who sign in will have full access to whatever bob did.
Any local users - those on the server itself - who add or modify files who are also members of the users group will all have the same ability and newly created files/folders will have the same 664/2775 mode and all will have as group: "users". The one exception to all this is root - as in when you use sudo - since it's default umask is 022 unlike a regular user his files will inherit the "users" group but will have a mode of 644.
If you truly want a pure public share where everyone has access replace "valid users = @users" with "guest ok = yes". For this to work locally on the server you would still need to add those users to the "users" group.
answered Mar 31 at 12:18
Morbius1
88626
It's not clear to me if you want a share accessible to everyone or only a group of client users so this is a template for the latter.
Note: This will only work as described if the default umask of your system is 0002 so it will not work for Ubuntu Desktop 17/18 but it will work for Xubuntu Desktop and Ubuntu Server.
In this template it is required that all users you want to have access become members of the "users" group. It will assign the setgid bit on the shared directory and any future subdirectories which forces anything new added to them to inherit the group of it's parent folder.
sudo mkdir /path
sudo chown root:users /path
sudo chmod 2775 /path
The share would look like this:
[UsersShare]
path = /path
valid users = @users
force group = users
read only = no
create mask = 0664
force directory mode = 2775
When bob - who was made a member of the "users" group - logs in with his samba username/password and adds a file to the [UsersShare] share it will have owner = bob, group = users, mode = 664 files / 2775 folders.
All other client users who are members of the users group who sign in will have full access to whatever bob did.
Any local users - those on the server itself - who add or modify files who are also members of the users group will all have the same ability and newly created files/folders will have the same 664/2775 mode and all will have as group: "users". The one exception to all this is root - as in when you use sudo - since it's default umask is 022 unlike a regular user his files will inherit the "users" group but will have a mode of 644.
If you truly want a pure public share where everyone has access replace "valid users = @users" with "guest ok = yes". For this to work locally on the server you would still need to add those users to the "users" group.
answered Mar 31 at 12:18
Morbius1
88626
edited Mar 31 at 13:44
answered Mar 31 at 12:18
Morbius1
88626
answered Mar 31 at 12:18
Morbius1
88626
answered Mar 31 at 12:18
Morbius1
88626
88626
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1020281%2fbest-practice-for-shared-directory-on-server-samba-windows-10-clients%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password