Hello everyone.
Please share your thoughts and experience, I’m wondering if you can confirm the following:
I noticed recently that I cannot edit, remove or add files on my share created by Dolphin. This has nothing to do with Dolphin but with the default settings provided by manjaro-settings-samba
. Its smb.conf needs a change from:
passdb backend = tdbsam
to:
passdb backend = smbpasswd
Then smb user should be created with sudo smbpasswd -a $LOGNAME
.
However, that’s not enough. Every share needs to be discarded and created again – but that’s an easy thing to do.
This was discussed in detail here: https://serverfault.com/questions/900440/samba-configuration-statusnt-status-access-denied
If I recall this correct - smbpasswd has been deprecated for years and only exist for some backwards compatibility - tdbsam has been used for years to store the users.
The early version looked like this in the [global] section
security = user
smb passwd file = /etc/smbpasswd
[global]
security = user
passdb backend = tdbsam
The user must be created on the samba host system using a common usergroup (either the default users
or a group for the purpose) → then added to the sam database with smbpasswd (a samba share user do not need a shell and no home folder)
useradd smbuser1 -s /usr/bin/nologin -M -g smbgroup
Set a local pass
passwd smbuser1
Set smb pass
smbpasswd -a smbuser1
The folder tree (path) you share need to be owned by root:smbgroup and permissions set to 775 which will give the group the necessary permissions on the share.
To grant rw access set your smb.conf to force the smbgroup and have a create mask of 0660 and directory mask of 0770 (some say 0771 imo it makes no sense to be able to cd into a folder you cannot read) and read-write permission
Something like
[yourshare]
comment = share for smbgroup
path = /some/path
valid users = @smbgroup
force group = smbgroup
create mask = 0660
directory mask = 2770
writable = yes # I know - this contradicts above - but hey it is samba
EDIT
1 Like