# Samba41 everyone read only



## yhq_34 (Jun 6, 2015)

Hi ALL,

I setup a Samba on freebsd FreeBSD, but I cannot write file in Windows with guest account.

Below is my conf. When I open share folder property on Windows client I found everyone is only read and execute permission. How can I change it to all permission? I have changed my share folder to 777.


```
[global]
        dos charset = CP437
        server string = samba server
        map to guest = Bad User
        passwd program = /usr/bin/passwd %u
        unix password sync = Yes
        log file = /var/log/samba4/log.%m
        max log size = 500
        unix extensions = No
        keepalive = 60
        os level = 200
        idmap config * : backend = tdb
        wide links = Yes

[DATA-WWW]
        path = /usr/local/www/apache24/data
        read only = No
        create mask = 0777
        directory mask = 0777
        guest ok = Yes
```


----------



## gkontos (Jun 6, 2015)

I wanted to give you a solution but you write in the title of the thread that this is "read only".


----------



## yhq_34 (Jun 7, 2015)

Read only? I want Windows client access use guest account can write and change files, now cannot, it's read only?


----------



## Remington (Jun 7, 2015)

Did you double check your permissions for owner and group?  It's more likely you have permission issue and its not Samba.


----------



## yhq_34 (Jun 7, 2015)

Yes, I change to 777.


----------



## Remington (Jun 7, 2015)

Try adding this...

```
writable = yes
```


----------



## yhq_34 (Jun 7, 2015)

Yes, I add it in conf file


----------



## Remington (Jun 7, 2015)

It should be writable... not writeable.


----------



## yhq_34 (Jun 7, 2015)

Both same as Samba manual said.


----------



## Remington (Jun 7, 2015)

Try adding this...

```
force user = root
```


----------



## yhq_34 (Jun 7, 2015)

Seems OK, thanks a lot


----------



## junovitch@ (Jun 9, 2015)

Forcing it to root seems like a bad suggestion.  Does this quote from the Samba manual seem helpful?


> guest account
> 
> This option specifies the name of the account to be used for guest access to shares in Samba. The default for this option varies from system to system, but it is often set to nobody. Some default user accounts have trouble connecting as guest users. If that occurs on your system, the Samba Team recommends using the ftp account as the guest user.



See https://www.samba.org/samba/docs/using_samba/ch09.html


----------



## SirDice (Jun 9, 2015)

Forcing files to be root owned is a really bad idea if those users also have shell access to the machine. That's a sure way of getting your box rooted (imagine what you could do if you managed to save a SUID root owned executable).

Besides that, allowing "guest" (i.e. unauthenticated users) write access to the webroot is also a bad idea. Anyone could replace or modify the files that are served with Apache. 

I would suggest creating proper user accounts with proper access permissions.


----------



## Remington (Jun 9, 2015)

junovitch said:


> Forcing it to root seems like a bad suggestion.



I agree its bad idea to use root or guest for samba on a production machine.  For home, its okay.  I would use LDAP or create users account for Samba or NFS on a production server.


----------

