[root tip] [How To] Troubleshoot samba share write protection when accessed from Windows

This an exceprt from the thread Warum ist Samba nicht von Ubuntu nach Manjaro übertragbar - #17 by linux-aarhus

This document shows how permissions on a Linux filesystem (ext4) affects a Windows client accessing the share.

:warning:

The following is highly insecure as it allows any and all devices on the network - including ransomware - to access and write/rewrite your data - so be warned.

A test server using a Raspberry Pi with the default Manjaro ARM minimal image - and starting here Install Samba Package

Basic Samba demo installation

Basic installation and configuration

Install samba package

Install the samba package and ensure your system is fully updated in the process.

sudo pacman -Syu samba

Basic Server configuration

Create the configuration file /etc/samba/smb.conf - the folder may need to be created beforehand.

sudo mkdir -p /etc/samba
sudo touch /etc/samba/smb.conf

Edit the file - using superuser privilige - insert below content and save the file (need superuser). If you are connecting an existing network of servers change the WORKGROUP to match the existing network.

[global]
   workgroup = MANJARO
   server string = Manjaro Samba Server
   server role = standalone server
   log file = /var/log/samba/log.%m
   max log size = 50
   guest account = nobody
   map to guest = Bad Password
   
   min protocol = SMB2
   # max protocol = SMB3

[public]
   path = /srv/samba/rpi-share
   public = yes
   writable = yes
   printable = no

Test your config

sudo testparm /etc/samba/smb.conf

Started the service

sudo systemctl enable --now smb

Creating the shared folder

sudo mkdir -p /srv/samba/rpi-share

In this topic I have included images as I had to showcase how to access the share from Windows and what steps were necessary to ensure Windows was able to write to a Manjaro powered Samba share.

From a Windows tablet (Windows 11 Pro) browse the network

Image

Entering the locating of the service - in this case just an ip - you will need to replace with the ip for your system - and we get the list of shares

\\ip.x.y.z
Image

Opening the demo file that was created beforehand

Image

The properties of the share tells us it is indeed the MANJARO workgroup

Image

If I try to change the file and save it - I get permission error - and this is to be expected - because even though I have defined the share as writable - the underlying folder has only read permissions.

Back to server side - I can make the file writable

sudo chmod go+w /srv/samba/rpi-share/rpi-share.txt

Then I can edit the file and save the changes

Image

If I try to create a new file in the share - I get permission error once more - again this is expected as the folder is readonly.

Image

Back to server side - I can make the folder writable

sudo chmod go+w /srv/samba/rpi-share

And then I can create a new file

Image

Conclusion

It is fine for demonstration purpose so a big warning is

:warning:

The above is highly insecure as it allows any and all devices on the network - including ransomware - to access and write/rewrite your data - so be warned.

2 Likes

:no_entry: This a tutorial - questions may be asked in a new thread - include a reference link.
:ok: If you spot an error - spelling or otherwise - leave a comment - thank you.