Samba share configured, lost internet and group permissions issue

[DrPancreas]

'boothI work in a cinema and set up a workstation for the housing and creation of the cinema film files. I am the super-user, but want my other projectionist colleagues as well as two colleagues in another office to be able to place film files on a shared local drive, and everyone have access to those files. Each person has there own user account and I have created a group "booth" that they are all members of.

I set the mount point for the shared drive to /media/sda1 and established myself as the owner, the group as booth; and read&write permissions for everyone recursively for all directories on that drive. With test files, everything worked as it should; tested users could access existing files, and files created or downloaded from their account were usable by myself.

I then proceeded to set up samba to allow a colleague to either move files over from her Windows computer in another office or download directly onto the Workstation drive. I generated samba password for both her user account and my own. Everything seemed to work from her computer but a file she placed on the drive had herself as the owner, "booth" as the group but with only read permissions. I could perform a chown command to fix those permissions but don't want to do that every time, and other users will be unable to perform that command. I have tested moving a file from another Windows computer with myself as the user and for that file the group read and write permission were intact.

Is there a terminal command I can run that will fix these group permissions issues for files placed over samba from her account?

The second issue I have was that after establishing the samba share and she was connected that I lost internet capability over that Ethernet connection. I enabled wifi to restore internet on my machine but assuming it is possible to have the samba connection and internet on the same Ethernet port. I had changed the port from automatic to a static IP with the same address it was using at the time in automatic, a netmask of 255.255.255.0 and the same gateway it had been using before. This network stuff is pretty new to me so I wasn't too surprised that something got screwed up. I can use the wifi for now, but need to download large files on a regular basis so would like to have the Ethernet port internet enabled while keeping the samba share open for my colleague.

Appreciate any tips and suggestions.

System:
Kernel: 5.15.0-56-generic x86_64 bits: 64 compiler: gcc v: 11.3.0
Desktop: Cinnamon 5.6.5 tk: GTK 3.24.33 wm: muffin vt: 8 dm: LightDM 1.30.0
Distro: Linux Mint 21.1 Vera base: Ubuntu 22.04 jammy
Machine:
Type: Desktop System: ASUS product: N/A v: N/A serial: <superuser required>
Mobo: ASUSTeK model: Pro WS WRX80E-SAGE SE WIFI v: Rev 1.xx

[altair4]

The "lost internet" part of this I don't understand.

The permissions part of this has either a simple fix or a slightly more complicated fix but I need to understand how this share is set up and how it was created since Mint Cinnamon offers two ways to create samba shares.

If you post the output of the following commands it would help:

Code: Select all

testparm -s

Code: Select all

net usershare info --long

[DrPancreas]

The internet functioning is indeed odd. I have a dual Ethernet port and tried a completely different Ethernet connection, that had functional internet on a different computer, in the second port with default automatic settings and still no connection to the internet unless I enable wifi. Both Ethernet ports show as being connected with 1000 Mbps, but no internet access. I assume it is the other computer being logged in to the samba share that is causing the problem.

Here is the output from your queries:

al@BoothWorkstation:~$ testparm -s
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Weak crypto is allowed

WARNING: The 'netbios name' is too long (max. 15 chars).

Server role: ROLE_STANDALONE

# Global parameters
[global]
log file = /var/log/samba/log.%m
logging = file
map to guest = Bad User
max log size = 1000
obey pam restrictions = Yes
pam password change = Yes
panic action = /usr/share/samba/panic-action %d
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
passwd program = /usr/bin/passwd %u
server role = standalone server
server string = %h server (Samba, Ubuntu)
unix password sync = Yes
usershare allow guests = Yes
idmap config * : backend = tdb


[printers]
browseable = No
comment = All Printers
create mask = 0700
path = /var/spool/samba
printable = Yes


[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
al@BoothWorkstation:~$ net usershare info --long
[May - June 2023]
path=/media/sda1/May - June 2023
comment=
usershare_acl=Everyone:F,
guest_ok=n

info_fn: file /var/lib/samba/usershares/nov dec 2022 is not a well formed usershare file.
info_fn: Error was Path is not a directory.
[Public]
path=/media/sda1/Public
comment=
usershare_acl=Everyone:F,
guest_ok=y

[Films]
path=/media/sda1
comment=Workstation storage for all film files
usershare_acl=Everyone:F,
guest_ok=y

[Downloads]
path=/media/sda1/Downloads
comment=
usershare_acl=Everyone:F,
guest_ok=y

[altair4]

All of your shares are called Samba Usershares since they were created using your file manager. One way to ensure that all files are read/writeable to all users is to force the samba users to appear to be you - which I assume is al.

You would do that by editing /etc/samba/smb.conf and right under the workgroup = WORKGROUP line add this one:

Code: Select all

force user = al

Then restart the samba daemon:

Code: Select all

sudo service smbd restart

When the samba client user accesses the share his identity will be changed to al so all files saved will be owned by al.

As long as everything done on the server itself is done as al all of the files added to the share both locally and from the client machines will have al as owner.

If you have another process that is adding files directly to the shared folder on the server itself however - some process that is not owned by al - there will be a problem. There is another solution available if that is the case. It is more involved than the one above but I suggest trying the simple solution first and see if it satisfies your use case.

Note: You do have a logic error in the way you set up your shares.

Share [May - June 2023] which shares path=/media/sda1/May - June 2023 does not allow guest access guest_ok=n

But you have another share [Films] which shares the parent directory path=/media/sda1 which does allow guest access guest_ok=y

Everyone accessing the [Films] share will have access to the contents of the [May - June 2023] share since to them it's just another subdirectory.

[DrPancreas]

Yes that would work, or I could just log her out and then log back in as myself on her computer which would essentially be the same thing. In my mind there was some value in being able at a glance to see what she had added to the system versus myself; but upon further consideration not that important.

I do have it set up, and appears to be working, for different users to add files to those directories locally and accessible by all members of the group "booth". Was thinking it would work the same over samba but in there the group permissions came out as read only.

The logic error comes from my initial attempt to set it up with others having fewer permissions; but then altered it recursively after some initial tests failed. I was using a combination of terminal commands and Nemo.

[altair4]

In my mind there was some value in being able at a glance to see what she had added to the system versus myself; but upon further consideration not that important.

Should you change your mind there is a more classic way of sharing a folder that will do that but you can't do it through your file manager. You have to create a share definition in smb.conf directly.

I will use a newly created folder in Mint Cinnamon 21 as an example:

I will create a new folder under /media called Test, change group ownership to plugdev ( already present of the system ), and set permissions allowing write access to everyone in the plugdev group and also set the setgid bit which forces all new files to "inherit" the group of the parent:

Code: Select all

sudo mkdir /media/Test
sudo chown :plugdev /media/Test
sudo chmod 2775 /media/Test

Then I will edit /etc/samba/smb.conf and create a share definition of the Test folder by adding it to the end of the file:

Code: Select all

[Test]
path = /media/Test
read only = no
valid users = @plugdev
force group = plugdev
create mask = 0664
force directory mode = 2775

Then restart smbd: sudo service smbd restart

Now on the server ( in my case vmintcinn21 ) I ( admin user named tester ) will add a file to the /media/Test folder directly then check permissions:

tester@vmintcinn21:~$ touch /media/Test/local-file-add.txt
tester@vmintcinn21:~$ ls -l /media/Test
total 0
-rw-rw-r-- 1 tester plugdev 0 Mar 24 07:31 local-file-add.txt

Now I ( Win10 / Linux / Samba user named smbuser ) will access the Test share from Win10 and add a new file called win10-file-add.txt.

Back on the server I will check permissions of the Test folder again:

tester@vmintcinn21:~$ ls -l /media/Test
total 0
-rw-rw-r-- 1 tester plugdev 0 Mar 24 07:31 local-file-add.txt
-rw-rw-r-- 1 smbuser plugdev 0 Mar 24 07:36 win10-file-add.txt

Note: the force directory mode = 2775 operand ensures that any newly created subfolder from the Win10 machine will also have the setgid bit set:

tester@vmintcinn21:~$ ls -l /media/Test
total 8
-rw-rw-r-- 1 tester plugdev 0 Mar 24 07:31 local-file-add.txt
drwxrwsr-x 2 smbuser plugdev 4096 Mar 24 07:58 SubFolder
-rw-rw-r-- 1 smbuser plugdev 0 Mar 24 07:36 win10-file-add.txt

The little s in the group section rws represents the setgid bit.

[DrPancreas]

Thanks for your assistance. Your instructions make sense but I have run into a snag that has left me quite confused and frustrated (unrelated to your advice). When I went into edit the samba config file I noted no presence of my earlier changes through various means. This was confirmed when I reran the testparm -s command and compared with the output from last week. Furthermore I could see that the mount point of the hard drive had moved back to my user directory which undid much of the functionality I had established prior to doing the samba work.

I had restarted the computer to clear the issue with the Ethernet port, but didn't expect it to cause other issues. The only other thing I can think of was installing Teamviewer as an attempt to setup Remote Desktop. Long story short, I was not able to connect from Windows after making those changes to the samba config file but I believe that is a result of the mount point changing. Will try again tomorrow.

[altair4]

Mount points don't generally move around by themselves.

Is this a multi-disk machine? The mount point /media/sda1 would be problematic in a multi-disk system depending on how you are mounting it since it may be sda1 on one boot but sdb1 on another.

If you want to explore this look at the output of the following commands:

Code: Select all

sudo blkid -c /dev/null -o list

Code: Select all

cat /etc/fstab

When you use fstab to mount the partition it should be by UUID number not it's /dev/sdxy designation.

So something like this:
UUID=bunch-of-numbers /media/sda1 .......
Not this:
/dev/sda1 /media/sda1 .......

[DrPancreas]

It is indeed a multi hard drive system. I have an 8 TB HDD which I just want to use for film file download, storage, and creation that all users can access, and any user can edit. I mounted it in as /media/sda1/ using the terminal to establish it outside of my home directory. It has reverted back to /media/al/. I had wanted to avoid editing the fstab; as I have seen the warnings about improperly editing it. I assumed the location reverting was a result of my restarting the computer and it moving there as part of the boot

Here is the output:

device fs_type label mount point UUID
--------------------------------------------------------------------------------------------------------------------
/dev/nvme0n1p1 vfat /boot/efi E666-5F35
/dev/nvme0n1p2 ext4 / 49bec525-7138-48cc-8a6a-bc58fb7d1435
/dev/nvme1n1p2 btrfs (in use) 3a8be14d-8ba0-4156-a8f7-9f3f53f403c1
/dev/nvme1n1p3 swap swap (not mounted) 91bcf7e0-44e0-461c-a3eb-431f23d9c63b
/dev/nvme1n1p1 vfat NO_LABEL (not mounted) 490F-180F
/dev/sda1 btrfs (in use) c0d08c2d-1ccf-421b-8764-11e09affabf2

# <file system> <mount point> <type> <options> <dump> <pass>

UUID=49bec525-7138-48cc-8a6a-bc58fb7d1435 / ext4 errors=remount-ro 0 1
UUID=E666-5F35 /boot/efi vfat umask=0077 0 1
/swapfile none swap sw 0 0

The drive with the UUID ending in affabf2 is the8 TB drive in question. It has always appeared in Nemo as 8.0 TB Volume under Devices with an eject button next to it.

[altair4]

Unless you define a mount in fstab for a partition it will be considered "removable" by the system giving the user the option to mount / unmount it through the file manager. It mounts under /media/$USER by default.

[DrPancreas]

Ok so in my case I would add:

UUID=c0d08c2d-1ccf-421b-8764-11e09affabf2 /media/sda1 btrfs defaults 0 0

to the bottom of the fstab file? Is there any option in my case that is not included in the defaults?

[altair4]

I have absolutely no experience using btrfs so I don't know if there are any other options recommended for it's use.

If this was an ext4 partition I would only recommend you add the nofail option just in case the partition goes ti... um ... belly up at some point and prevents you from booting.

[DrPancreas]

Everything is working now as it should. I did add the nofail option after researching it. Thanks a lot for your assistance.