Originally Posted by
mblahay
The answer for why all the newly created or saved files are changing ownership to nobody has to do with the guest access to the share (I'm assuming it is guest access since the specific access being used was not stated). All guest to save to modify files will end up created files that are owned by the user nobody, in the same manner that any user that creates a file will create a file owned by himself or herself.
How do you get around this? It is possible to change the guest user in the smb.conf file, but this may be a bad idea if you have other shares on the system. I would instead create a share with very specific user access or create a deamon that scans for new files and then executes the chown command on them.
Yes it is possible to change the user that is used for the guest account. You have to set the parameters in the /etc/samba/smb.conf file. This is done with 2 parts. The first part is set by default. It is the parameter map to guest. This is a [global] parameter that says "...logins with an invalid password are rejected, unless the username does not exist, in which case it is treated as a guest login and mapped into the guest account. It is defined as
Code:
map to guest = Bad User
The second part is the [global] parameter guest account which is used to map the user you wish to be used as the Samba guest account. The default is the user "nobody". It is defined as
Code:
guest account = nobody
I use an account called smbguest on my system.
In practice, the user is not as important as the group the file is created with. All of my Samba users and the guest account create files with the group smbusers and the permissions of 3664. This allows any user that is part of the smbusers to manipulate the file. In addition any directory (folder) is created with this group and the permissions are 3775.
These parameters are set by using extended permissions. The leading 3 (as in 3775 or 3664) set the sticky bit on folders and sets the setguid to smbusers). The sticky bit is set so no file or folder can be deleted except by the owner (creator) or root. The setguid is what forces the file or folder when created to have the group the same as the folder it is created in.
First you set the directory that is the root of the share with the permissions and group ownership you want (in my case it looks like this Note the extended attributes)
Code:
drwsrwsr-t 9 root smbusers 4.0K 2011-08-23 19:01 backup
Then you can force these create modes on in the /etc/samba/smb.conf. These are [share] parameters. They are used like this for files
Code:
force create mode = 3664
...and for directories
Code:
force directory mode = 0775
All the samba configuration parameters for the smb.conf file are described here.
I also set the umask to 002 so any file created on the system is set to the minimum of 664 and any directory is set to 775. The default is umask=022 which has a setting of 644 and 755. The default is not appropriate for group usage.
In addition I set the underlaying file permissions to 3664 and directories to 3775. This is explained here.
This is a lot of tuning to the system, but in the end you have a setup that allows any samba user to read, write and copy any shared file or folder while only the original creator or root can delete or change permissions on the file or folder.
If you have a need to control user access you can do that by changing the user group on any particular share.
Adv Reply
Bookmarks