# Change Folder permissions



## jackocurly0074 (Nov 19, 2009)

Hi just a quick question that I can't seem to find a straight answer for!  I'm using Samba and want to allow one of the users access to a share.  However I believe the problem is that this user doesn't have access to write to the folder in question in Unix.  So the question is how do I enable username1 to get read/write, create files etc access to the following folder (e.g.)


```
/usr/home/otherusersfolder
```


----------



## SirDice (Nov 19, 2009)

Add username1 to the group 'otheruser'. Add write permissions for the group on the directory.


----------



## jackocurly0074 (Nov 19, 2009)

I don't know what command to use to add the write permissions for the group on the directory!  I do however think that the username1 is part of the same group as otheruser.


----------



## FBSDin20Steps (Nov 19, 2009)

IIRC you should add a valid user to "/usr/home/otherusersfolder"
in your smb.conf


----------



## SirDice (Nov 19, 2009)

jackocurly0074 said:
			
		

> I don't know what command to use to add the write permissions for the group on the directory!



`# chmod g+w /usr/home/otherusersfolder`

See chmod(1).


----------



## jackocurly0074 (Nov 19, 2009)

Erm, IIRC??  As far as I know the user is added to the smb.conf and should have access as far as samba is concerned.  However the issue is that username1 doesn't have the correct folder permissions within unix.  So from terminal how do I amend the foler permissions so that username1 has read and write access to the folder in question?


----------



## jackocurly0074 (Nov 19, 2009)

Right I ran that command and now username1 cannot even open the folder!


----------



## FBSDin20Steps (Nov 19, 2009)

Did you ran "smbpasswd -a username1"?


----------



## jackocurly0074 (Nov 19, 2009)

Yep !  I ran that command and i can see the folder but I can't write to files or create them.


----------



## FBSDin20Steps (Nov 19, 2009)

Did you add "username1" to the list of valid users in your "smb.conf"?


----------



## jackocurly0074 (Nov 19, 2009)

Yes they are in the list of valid users for that share!


----------



## FBSDin20Steps (Nov 19, 2009)

Just curious... Who owns the folder?


----------



## jackocurly0074 (Nov 19, 2009)

It is another user which was created purely for the share.  The user is named joebloggs and is a standard user.  This users folder is only used for storing all the shared folder stuff!


----------



## FBSDin20Steps (Nov 19, 2009)

chown -R username1 /usr/home/otherusersfolder... and see what happens.


----------



## jackocurly0074 (Nov 19, 2009)

Well, now username1 has access to create folders/directorys to otherusersfolder, but the user who owned the folder now only has read access :\


----------



## SirDice (Nov 19, 2009)

Chown it back to the original user. Look at the permissions with `# ls -ld /usr/home/otherusersfolder`. Make sure the group is correct too (usually it's the same name as the user).

The use the chmod command I posted earlier. Have a look at the permissions again.

If all that failed, please post the output of the commands here.


----------



## FBSDin20Steps (Nov 19, 2009)

So it's working for username1, right? Could you show me your smb.conf.


----------



## DutchDaemon (Nov 19, 2009)

jackocurly0074 said:
			
		

> Erm, IIRC??



http://www.gaarde.org/Acronyms/?lookup=I


----------



## jackocurly0074 (Nov 19, 2009)

And yes it works for username1.  Here is the smb.conf



```
#======================= Global Settings =====================================
[global]

# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
   workgroup = WORKGROUP

# server string is the equivalent of the NT Description field
   server string =%h Samba Server

# Security mode. Defines in which mode Samba will operate. Possible
# values are share, user, server, domain and ads. Most people will want
# user level security. See the Samba-HOWTO-Collection for details.
   security = user

# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
;   hosts allow = 192.168.1. 192.168.2. 127.

# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
   load printers = yes

# you may wish to override the location of the printcap file
;   printcap name = /etc/printcap

# on SystemV system setting printcap name to lpstat should allow
# you to automatically obtain a printer list from the SystemV spool
# system
;   printcap name = lpstat

# It should not be necessary to specify the print system type unless
# it is non-standard. Currently supported print systems include:
# bsd, cups, sysv, plp, lprng, aix, hpux, qnx
;   printing = cups

# Uncomment this if you want a guest account, you must add this to /etc/passwd
# otherwise the user "nobody" is used
;  guest account = pcguest

# this tells Samba to use a separate log file for each machine
# that connects
   log file = /var/log/samba/log.%m

# Put a capping on the size of the log files (in Kb).
   max log size = 50

# Use password server option only with security = server
# The argument list may include:
#   password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
# or to auto-locate the domain controller/s
#   password server = *
;   password server = <NT-Server-Name>

# Use the realm option only with security = ads
# Specifies the Active Directory realm the host is part of
;   realm = MY_REALM

# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
;   passdb backend = tdbsam

# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting.
# Note: Consider carefully the location in the configuration file of
#       this line.  The included file is read at that point.
;   include = /usr/local/etc/smb.conf.%m

# Most people will find that this option gives better performance.
# See the chapter 'Samba performance issues' in the Samba HOWTO Collection
# and the manual pages for details.
# You may want to add the following on a Linux system:
;   socket options = SO_RCVBUF=8192 SO_SNDBUF=8192

# Configure Samba to use multiple interfaces
# If you have multiple network interfaces then you must list them
# here. See the man page for details.
;   interfaces = 192.168.12.2/24 192.168.13.2/24

# Browser Control Options:
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
;   local master = no

# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
;   os level = 33

# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
;   domain master = yes

# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
;   preferred master = yes

# Enable this if you want Samba to be a domain logon server for
# Windows95 workstations.
;   domain logons = yes

# if you enable domain logons then you may want a per-machine or
# per user logon script
# run a specific logon batch file per workstation (machine)
;   logon script = %m.bat
# run a specific logon batch file per username
;   logon script = %U.bat

# Where to store roving profiles (only for Win95 and WinNT)
#        %L substitutes for this servers netbios name, %U is username
#        You must uncomment the [Profiles] share below
;   logon path = \\%L\Profiles\%U

# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
;   wins support = yes

# WINS Server - Tells the NMBD components of Samba to be a WINS Client
#       Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
;   wins server = w.x.y.z

# WINS Proxy - Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one  WINS Server on the network. The default is NO.
;   wins proxy = yes

# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The default is NO.
   dns proxy = no

# Charset settings
;   display charset = koi8-r
;   unix charset = koi8-r
;   dos charset = cp866

# Use extended attributes to store file modes
;    store dos attributes = yes
;    map hidden = no
;    map system = no
;    map archive = no

# Use inherited ACLs for directories
;    nt acl support = yes
;    inherit acls = yes
;    map acl inherit = yes

# These scripts are used on a domain controller or stand-alone
# machine to add or delete corresponding unix accounts
;  add user script = /usr/sbin/useradd %u
;  add group script = /usr/sbin/groupadd %g
;  add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
;  delete user script = /usr/sbin/userdel %u
;  delete user from group script = /usr/sbin/deluser %u %g
;  delete group script = /usr/sbin/groupdel %g


#============================ Share Definitions ==============================
[homes]
   comment = Home Directories for %u on %h
   browseable = no
   writable = yes
   path = /usr/home/otheruser
;   valid users = %S
   valid users = otheruser username1
   create mask = 0765

# Un-comment the following and create the netlogon directory for Domain Logons
; [netlogon]
;   comment = Network Logon Service
;   path = /usr/local/samba/lib/netlogon
;   guest ok = yes
;   writable = no
;   share modes = no


# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
;[Profiles]
;    path = /usr/local/samba/profiles
;    browseable = no
;    guest ok = yes

# NOTE: If you have a BSD-style print system there is no need to
# specifically define each individual printer
[printers]
   comment = All Printers
   path = /var/spool/samba
   browseable = no
# Set public = yes to allow user 'guest account' to print
   guest ok = no
   writable = no
   printable = yes

# This one is useful for people to share files
;[tmp]
;   comment = Temporary file space
;   path = /tmp
;   read only = no
;   public = yes

# A publicly accessible directory, but read only, except for people in
# the "staff" group
;[public]
;   comment = Public Stuff
;   path = /home/samba
;   public = yes
;   writable = yes
;   printable = no
;   write list = @staff

# Other examples.
#
# A private printer, usable only by fred. Spool data will be placed in fred's
# home directory. Note that fred must have write access to the spool directory,
# wherever it is.
;[fredsprn]
;   comment = Fred's Printer
;   valid users = fred
;   path = /homes/fred
;   printer = freds_printer
;   public = no
;   writable = no
;   printable = yes

# A private directory, usable only by fred. Note that fred requires write
# access to the directory.
;[fredsdir]
;   comment = Fred's Service
;   path = /usr/somewhere/private
;   valid users = fred
;   public = no
;   writable = yes
;   printable = no

# a service which has a different directory for each machine that connects
# this allows you to tailor configurations to incoming machines. You could
# also use the %U option to tailor it by user name.
# The %m gets replaced with the machine name that is connecting.
;[pchome]
;  comment = PC Directories
;  path = /usr/pc/%m
;  public = no
;  writable = yes

# A publicly accessible directory, read/write to all users. Note that all files
# created in the directory by users will be owned by the default user, so
# any user with access can delete any other user's files. Obviously this
# directory must be writable by the default user. Another user could of course
# be specified, in which case all files would be owned by that user instead.
;[public]
;   path = /usr/somewhere/else/public
;   public = yes
;   only guest = yes
;   writable = yes
;   printable = no

# The following two entries demonstrate how to share a directory so that two
# users can place files there that will be owned by the specific users. In this
# setup, the directory should be writable by both users and should have the
# sticky bit set on it to prevent abuse. Obviously this could be extended to
# as many users as required.
[myshare]
;   comment = Mary's and Fred's stuff
   path = /home/username1
   valid users = username1
   public = no
   writable = yes
   printable = no
;   create mask = 0765
```

Sorry for the length that's the entire file!  I will amend this to the sections required in future!


----------



## FBSDin20Steps (Nov 19, 2009)

Try this in your smb.conf


```
global]
	workgroup = WORKGROUP
	server string = Samba Server
	log file = /var/log/samba/log.%m
	max log size = 50
	dns proxy = No
	wins support = Yes
	hosts allow = 192.168.1.



#============================ Share Definitions ==============================

[homes]
	comment = Home Directories
	read only = No
	comment = otheruser's stuff
	path = /home/otheruser
	valid users = otheruser username1
```


----------



## jackocurly0074 (Nov 19, 2009)

Made no difference meh!


----------



## FBSDin20Steps (Nov 19, 2009)

Are you approaching the samba server with a windows client?


----------



## jackocurly0074 (Nov 19, 2009)

Yes, using windows 7 /XP to test whether I can write to the folder!  Although when I try to write to the folder from the user I want to test (from SSH access ) it doesn't work either!  I.E if username1 tries to create a folder in otherusersarea it says access denied!


----------



## jackocurly0074 (Nov 19, 2009)

Right got it working!  Thanks SirDice, used that command as the otheruser and it worked


----------



## FBSDin20Steps (Nov 19, 2009)

I've just tested samba with the smb.conf I gave you... with XP I can create folders and delete folders. Did you try without SSH?


----------



## jackocurly0074 (Nov 19, 2009)

That code in the smb.conf also helped!  I think it is the read only part that fixed it as I commented out most of the other stuff and it still worked so thanks for that!


----------



## FBSDin20Steps (Nov 19, 2009)

I Don't think it was the other user, because both users are valid. Well, you got it working.


----------

