How can I set up Samba shares to only be accessed by certain users?












29















I have a RAID10 array mounted on Ubuntu Server 12.04. I have created a few folders within the mount point and want the following functionality.



There will be 4 users, 3 of them are windows users: 'one' 'two' & 'three'.
'four' is a media streamer that only needs to access the MEDIA share.
One Two and Three need to have full access to the media share and their own personal shares (for documents) which no other users but them can access.



Currently, User Four works perfectly (Has full access to the MEDIA folder and can't access folders owned by other users). The problem is, when logged in as the other user, I can't access either share; (tried using valid users = and using chmod to add permissions to no avail).



TL;DR: I need to know how to configure Samba properly to restrict access to certain shares for certain users and allow all of them to access one communal folder (all files on a RAID10 mount).










share|improve this question





























    29















    I have a RAID10 array mounted on Ubuntu Server 12.04. I have created a few folders within the mount point and want the following functionality.



    There will be 4 users, 3 of them are windows users: 'one' 'two' & 'three'.
    'four' is a media streamer that only needs to access the MEDIA share.
    One Two and Three need to have full access to the media share and their own personal shares (for documents) which no other users but them can access.



    Currently, User Four works perfectly (Has full access to the MEDIA folder and can't access folders owned by other users). The problem is, when logged in as the other user, I can't access either share; (tried using valid users = and using chmod to add permissions to no avail).



    TL;DR: I need to know how to configure Samba properly to restrict access to certain shares for certain users and allow all of them to access one communal folder (all files on a RAID10 mount).










    share|improve this question



























      29












      29








      29


      15






      I have a RAID10 array mounted on Ubuntu Server 12.04. I have created a few folders within the mount point and want the following functionality.



      There will be 4 users, 3 of them are windows users: 'one' 'two' & 'three'.
      'four' is a media streamer that only needs to access the MEDIA share.
      One Two and Three need to have full access to the media share and their own personal shares (for documents) which no other users but them can access.



      Currently, User Four works perfectly (Has full access to the MEDIA folder and can't access folders owned by other users). The problem is, when logged in as the other user, I can't access either share; (tried using valid users = and using chmod to add permissions to no avail).



      TL;DR: I need to know how to configure Samba properly to restrict access to certain shares for certain users and allow all of them to access one communal folder (all files on a RAID10 mount).










      share|improve this question
















      I have a RAID10 array mounted on Ubuntu Server 12.04. I have created a few folders within the mount point and want the following functionality.



      There will be 4 users, 3 of them are windows users: 'one' 'two' & 'three'.
      'four' is a media streamer that only needs to access the MEDIA share.
      One Two and Three need to have full access to the media share and their own personal shares (for documents) which no other users but them can access.



      Currently, User Four works perfectly (Has full access to the MEDIA folder and can't access folders owned by other users). The problem is, when logged in as the other user, I can't access either share; (tried using valid users = and using chmod to add permissions to no avail).



      TL;DR: I need to know how to configure Samba properly to restrict access to certain shares for certain users and allow all of them to access one communal folder (all files on a RAID10 mount).







      server permissions samba multiple-users






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Jan 29 '14 at 9:50









      Flyk

      1,38931624




      1,38931624










      asked Oct 29 '12 at 7:10









      LiamLiam

      148124




      148124






















          1 Answer
          1






          active

          oldest

          votes


















          44














          Each samba user must have a normal linux account as well.




          1. Make sure that every user can access the common media folder on the unix side (without samba); alternatively, you can set force user in smb.conf

          2. Make sure each user has a samba password set. You can set it with sudo smbpasswd -a your_user

          3. Look at /etc/samba/smb.conf: check if the line security = user is set in the [GLOBAL] section

          4. Set your shares in /etc/samba/smb.conf, see example


          Example shares:



          [allaccess]
          path = /media/common
          read only = no
          writeable = yes
          browseable = yes
          valid users = one, two, three, four
          create mask = 0644
          directory mask = 0755
          ; if you set this, all files get written as this user
          force user = one


          This will be accessible via \yourserverallaccess



          A single user share:



          [special]
          path = /home/two/onlytwo
          read only = no
          writeable = yes
          browseable = yes
          valid users = one
          create mask = 0640
          directory mask = 0750


          Restart the samba server after the changes with:



          sudo service smbd restart





          share|improve this answer



















          • 2





            You sir are a god, the masks and force user was what I needed all along but didn't understand.

            – Liam
            Oct 29 '12 at 19:22






          • 3





            I think "read only" and "writable" are so-called "inverted synonyms" for one another. No need to set them both.

            – Mike Diehn
            Apr 8 '14 at 14:53






          • 1





            Awesome! I had done every thing except step #2. I've never seen that mentioned anywhere else in setting up samba shares. Thanks!!

            – PatrickSteele
            Dec 29 '14 at 0:13











          • Don't specify share name as temp if you want it writable.

            – SergA
            Jan 24 at 4:26













          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "89"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f208013%2fhow-can-i-set-up-samba-shares-to-only-be-accessed-by-certain-users%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          44














          Each samba user must have a normal linux account as well.




          1. Make sure that every user can access the common media folder on the unix side (without samba); alternatively, you can set force user in smb.conf

          2. Make sure each user has a samba password set. You can set it with sudo smbpasswd -a your_user

          3. Look at /etc/samba/smb.conf: check if the line security = user is set in the [GLOBAL] section

          4. Set your shares in /etc/samba/smb.conf, see example


          Example shares:



          [allaccess]
          path = /media/common
          read only = no
          writeable = yes
          browseable = yes
          valid users = one, two, three, four
          create mask = 0644
          directory mask = 0755
          ; if you set this, all files get written as this user
          force user = one


          This will be accessible via \yourserverallaccess



          A single user share:



          [special]
          path = /home/two/onlytwo
          read only = no
          writeable = yes
          browseable = yes
          valid users = one
          create mask = 0640
          directory mask = 0750


          Restart the samba server after the changes with:



          sudo service smbd restart





          share|improve this answer



















          • 2





            You sir are a god, the masks and force user was what I needed all along but didn't understand.

            – Liam
            Oct 29 '12 at 19:22






          • 3





            I think "read only" and "writable" are so-called "inverted synonyms" for one another. No need to set them both.

            – Mike Diehn
            Apr 8 '14 at 14:53






          • 1





            Awesome! I had done every thing except step #2. I've never seen that mentioned anywhere else in setting up samba shares. Thanks!!

            – PatrickSteele
            Dec 29 '14 at 0:13











          • Don't specify share name as temp if you want it writable.

            – SergA
            Jan 24 at 4:26


















          44














          Each samba user must have a normal linux account as well.




          1. Make sure that every user can access the common media folder on the unix side (without samba); alternatively, you can set force user in smb.conf

          2. Make sure each user has a samba password set. You can set it with sudo smbpasswd -a your_user

          3. Look at /etc/samba/smb.conf: check if the line security = user is set in the [GLOBAL] section

          4. Set your shares in /etc/samba/smb.conf, see example


          Example shares:



          [allaccess]
          path = /media/common
          read only = no
          writeable = yes
          browseable = yes
          valid users = one, two, three, four
          create mask = 0644
          directory mask = 0755
          ; if you set this, all files get written as this user
          force user = one


          This will be accessible via \yourserverallaccess



          A single user share:



          [special]
          path = /home/two/onlytwo
          read only = no
          writeable = yes
          browseable = yes
          valid users = one
          create mask = 0640
          directory mask = 0750


          Restart the samba server after the changes with:



          sudo service smbd restart





          share|improve this answer



















          • 2





            You sir are a god, the masks and force user was what I needed all along but didn't understand.

            – Liam
            Oct 29 '12 at 19:22






          • 3





            I think "read only" and "writable" are so-called "inverted synonyms" for one another. No need to set them both.

            – Mike Diehn
            Apr 8 '14 at 14:53






          • 1





            Awesome! I had done every thing except step #2. I've never seen that mentioned anywhere else in setting up samba shares. Thanks!!

            – PatrickSteele
            Dec 29 '14 at 0:13











          • Don't specify share name as temp if you want it writable.

            – SergA
            Jan 24 at 4:26
















          44












          44








          44







          Each samba user must have a normal linux account as well.




          1. Make sure that every user can access the common media folder on the unix side (without samba); alternatively, you can set force user in smb.conf

          2. Make sure each user has a samba password set. You can set it with sudo smbpasswd -a your_user

          3. Look at /etc/samba/smb.conf: check if the line security = user is set in the [GLOBAL] section

          4. Set your shares in /etc/samba/smb.conf, see example


          Example shares:



          [allaccess]
          path = /media/common
          read only = no
          writeable = yes
          browseable = yes
          valid users = one, two, three, four
          create mask = 0644
          directory mask = 0755
          ; if you set this, all files get written as this user
          force user = one


          This will be accessible via \yourserverallaccess



          A single user share:



          [special]
          path = /home/two/onlytwo
          read only = no
          writeable = yes
          browseable = yes
          valid users = one
          create mask = 0640
          directory mask = 0750


          Restart the samba server after the changes with:



          sudo service smbd restart





          share|improve this answer













          Each samba user must have a normal linux account as well.




          1. Make sure that every user can access the common media folder on the unix side (without samba); alternatively, you can set force user in smb.conf

          2. Make sure each user has a samba password set. You can set it with sudo smbpasswd -a your_user

          3. Look at /etc/samba/smb.conf: check if the line security = user is set in the [GLOBAL] section

          4. Set your shares in /etc/samba/smb.conf, see example


          Example shares:



          [allaccess]
          path = /media/common
          read only = no
          writeable = yes
          browseable = yes
          valid users = one, two, three, four
          create mask = 0644
          directory mask = 0755
          ; if you set this, all files get written as this user
          force user = one


          This will be accessible via \yourserverallaccess



          A single user share:



          [special]
          path = /home/two/onlytwo
          read only = no
          writeable = yes
          browseable = yes
          valid users = one
          create mask = 0640
          directory mask = 0750


          Restart the samba server after the changes with:



          sudo service smbd restart






          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Oct 29 '12 at 13:52









          phoibosphoibos

          15.7k23744




          15.7k23744








          • 2





            You sir are a god, the masks and force user was what I needed all along but didn't understand.

            – Liam
            Oct 29 '12 at 19:22






          • 3





            I think "read only" and "writable" are so-called "inverted synonyms" for one another. No need to set them both.

            – Mike Diehn
            Apr 8 '14 at 14:53






          • 1





            Awesome! I had done every thing except step #2. I've never seen that mentioned anywhere else in setting up samba shares. Thanks!!

            – PatrickSteele
            Dec 29 '14 at 0:13











          • Don't specify share name as temp if you want it writable.

            – SergA
            Jan 24 at 4:26
















          • 2





            You sir are a god, the masks and force user was what I needed all along but didn't understand.

            – Liam
            Oct 29 '12 at 19:22






          • 3





            I think "read only" and "writable" are so-called "inverted synonyms" for one another. No need to set them both.

            – Mike Diehn
            Apr 8 '14 at 14:53






          • 1





            Awesome! I had done every thing except step #2. I've never seen that mentioned anywhere else in setting up samba shares. Thanks!!

            – PatrickSteele
            Dec 29 '14 at 0:13











          • Don't specify share name as temp if you want it writable.

            – SergA
            Jan 24 at 4:26










          2




          2





          You sir are a god, the masks and force user was what I needed all along but didn't understand.

          – Liam
          Oct 29 '12 at 19:22





          You sir are a god, the masks and force user was what I needed all along but didn't understand.

          – Liam
          Oct 29 '12 at 19:22




          3




          3





          I think "read only" and "writable" are so-called "inverted synonyms" for one another. No need to set them both.

          – Mike Diehn
          Apr 8 '14 at 14:53





          I think "read only" and "writable" are so-called "inverted synonyms" for one another. No need to set them both.

          – Mike Diehn
          Apr 8 '14 at 14:53




          1




          1





          Awesome! I had done every thing except step #2. I've never seen that mentioned anywhere else in setting up samba shares. Thanks!!

          – PatrickSteele
          Dec 29 '14 at 0:13





          Awesome! I had done every thing except step #2. I've never seen that mentioned anywhere else in setting up samba shares. Thanks!!

          – PatrickSteele
          Dec 29 '14 at 0:13













          Don't specify share name as temp if you want it writable.

          – SergA
          Jan 24 at 4:26







          Don't specify share name as temp if you want it writable.

          – SergA
          Jan 24 at 4:26




















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Ask Ubuntu!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f208013%2fhow-can-i-set-up-samba-shares-to-only-be-accessed-by-certain-users%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          mysqli_query(): Empty query in /home/lucindabrummitt/public_html/blog/wp-includes/wp-db.php on line 1924

          How to change which sound is reproduced for terminal bell?

          Can I use Tabulator js library in my java Spring + Thymeleaf project?