# Setting SAMBA to share all the data



## adripillo (Jan 28, 2013)

Hello, IÂ´ve installed SAMBA and set it to share a folder inside of a second disk that I have on my computer. As I am inside a LAN I configured the SAMBA to share the entire folder with no restriction, I want all inside my LAN can write, read, copy and delete.
Problem is that if someone copy 1 file/folder inside the disk and someone want to copy or delete from other side, it does not allow him/her. So I need to do each time someone copy something: 


```
#chmod -R 777 /mnt/disk/datos
```


Is there any way to let it permanent ?,  I mean without writing that all the time. Thanks in advance.


----------



## adripillo (Jan 29, 2013)

Please, someone help me. I need it for my work. Thanks


----------



## Sebulon (Jan 29, 2013)

Could you please provide the output of:
`# ls -lah /mnt/disk/datos`

And:
`# cat /usr/local/etc/smb.conf`

/Sebulon


----------



## adripillo (Jan 29, 2013)

Sebulon said:
			
		

> Could you please provide the output of:
> `# ls -lah /mnt/disk/datos`
> 
> And:
> ...




```
# ls -lah /mnt/disk/datos
total 1848496
drwxrwxrwx  34 nobody  nogroup   2.0k Jan 28 09:48 .
drwxr-xr-x   4 root    wheel     512B Jan 14 10:50 ..
drwxrwxrwx   2 nobody  nogroup   512B Jan 15 09:15 4 Hojas
drwxrwxrwx  11 nobody  nogroup   512B Jan 15 09:16 5350
drwxrwxrwx   3 nobody  nogroup   512B Jan 15 09:19 ANA
drwxrwxrwx   2 nobody  nogroup   512B Jan 15 09:19 Alternatiff
-rwxrwxrwx   1 nobody  nogroup   105k Mar 23  2012 Aviso ant.jpg
-rwxrwxrwx   1 nobody  nogroup   1.1M Sep 28  2011 CCI0002888.JPG
-rwxrwxrwx   1 nobody  nogroup   2.4M Aug 30  2011 CCI00174.jpg
-rwxrwxrwx   1 nobody  nogroup   469k Oct 24  2011 CCI00190.pdf
-rwxrwxrwx   1 nobody  nogroup   379k Dec  5  2011 CCI00193.pdf
-rwxrwxrwx   1 nobody  nogroup   178B Jun  3  2011 Consulta Padron.url
drwxrwxrwx   3 nobody  nogroup   512B Jan 15 09:19 CtlRne
-rwxrwxrwx   1 nobody  nogroup    97k May 30  2011 Dibujo.JPG
-rwxrwxrwx   1 nobody  nogroup    61k Jan 31  2012 Doc1.doc
drwxrwxrwx   2 nobody  nogroup   512B Jan 15 09:19 FOTOAGRANDAR
-rwxrwxrwx   1 nobody  nogroup    17M Dec 28 11:56 Gustavo Lima.rar
drwxrwxrwx   3 nobody  nogroup   512B Jan 15 09:19 HOST
drwxrwxrwx   2 nobody  nogroup   512B Jan 15 09:19 Horas
-rwxrwxrwx   1 nobody  nogroup    16M Sep  2  2011 IE8-WindowsXP-x86-ENU.exe
-rwxrwxrwx   1 nobody  nogroup    94M Oct 22  2011 InstallSoftware_i1400_v2.33.exe
drwxrwxrwx   3 nobody  nogroup   512B Jan 15 09:19 Insumos
-rwxrwxrwx   1 nobody  nogroup     6M Aug  5  2011 MFEagent.msi
-rwxrwxrwx   1 nobody  nogroup    11M Jul 28  2011 Nero 7.10.10 Portable.rar
drwxrwxrwx   2 nobody  nogroup   512B Jan 15 09:19 Notas
drwxrwxrwx   2 nobody  nogroup   6.0k Jan 15 09:19 Nueva carpeta
-rwxrwxrwx   1 nobody  nogroup   244M Jun  9  2011 OOo_3.3.0_Win_x86_install_en-
drwxrwxrwx   2 nobody  nogroup   512B Jan 15 09:19 Scan 10.01.2013
drwxrwxrwx   2 nobody  nogroup   512B Jan 15 09:19 Scan19-08-2011
drwxrwxrwx   2 nobody  nogroup   512B Jan 15 09:19 Scannnn
drwxrwxrwx   2 nobody  nogroup   512B Jan 15 09:19 Spanish
-rwxrwxrwx   1 nobody  nogroup    33k Nov 15 09:29 Thumbs.db
-rwxrwxrwx   1 nobody  nogroup   438k Jun  6  2011 a1.JPG
-rwxrwxrwx   1 nobody  nogroup   446k Jun  6  2011 a2.JPG
drwxrwxrwx   4 nobody  nogroup   512B Jan 15 09:19 agenda deane
```


----------



## adripillo (Jan 29, 2013)

```
# cat /usr/local/etc/smb.conf
#======================= Global Settings =====================================
[global]

# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
   workgroup = HCDJJN61

# server string is the equivalent of the NT Description field
   server string = MCS435

# Security mode. Defines in which mode Samba will operate. Possible
# values are share, user, server, domain and ads. Most people will want
# user level security. See the Samba-HOWTO-Collection for details.
   security = share

# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
   hosts allow = 16.

# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
   load printers = yes

# you may wish to override the location of the printcap file
;   printcap name = /etc/printcap

# on SystemV system setting printcap name to lpstat should allow
# you to automatically obtain a printer list from the SystemV spool
# system
;   printcap name = lpstat

# It should not be necessary to specify the print system type unless
# it is non-standard. Currently supported print systems include:
# bsd, cups, sysv, plp, lprng, aix, hpux, qnx
;   printing = cups

# Uncomment this if you want a guest account, you must add this to /etc/passwd
# otherwise the user "nobody" is used
;  guest account = pcguest

# this tells Samba to use a separate log file for each machine
# that connects
   log file = /var/log/samba/log.%m

# Put a capping on the size of the log files (in Kb).
   max log size = 50

# Use password server option only with security = server
# The argument list may include:
#   password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
# or to auto-locate the domain controller/s
#   password server = *
;   password server = <NT-Server-Name>

# Use the realm option only with security = ads
# Specifies the Active Directory realm the host is part of
;   realm = MY_REALM

# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
;   passdb backend = tdbsam

# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting.
# Note: Consider carefully the location in the configuration file of
#       this line.  The included file is read at that point.
;   include = /usr/local/etc/smb.conf.%m

# Most people will find that this option gives better performance.
# See the chapter 'Samba performance issues' in the Samba HOWTO Collection
# and the manual pages for details.
# You may want to add the following on a Linux system:
;   socket options = SO_RCVBUF=8192 SO_SNDBUF=8192

# Configure Samba to use multiple interfaces
# If you have multiple network interfaces then you must list them
# here. See the man page for details.
   interfaces = 16.1.16.215/32

# Browser Control Options:
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
   local master = no

# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
;   os level = 33

# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
;   domain master = no

# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
;   preferred master = no

# Enable this if you want Samba to be a domain logon server for
# Windows95 workstations.
;   domain logons = no

# if you enable domain logons then you may want a per-machine or
# per user logon script
# run a specific logon batch file per workstation (machine)
;   logon script = %m.bat
# run a specific logon batch file per username
;   logon script = %U.bat

# Where to store roving profiles (only for Win95 and WinNT)
#        %L substitutes for this servers netbios name, %U is username
#        You must uncomment the [Profiles] share below
;   logon path = \\%L\Profiles\%U

# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
;   wins support = yes

# WINS Server - Tells the NMBD components of Samba to be a WINS Client
#       Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
;   wins server = w.x.y.z

# WINS Proxy - Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one  WINS Server on the network. The default is NO.
;   wins proxy = yes

# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The default is NO.
   dns proxy = no

# Charset settings
;   display charset = koi8-r
;   unix charset = koi8-r
;   dos charset = cp866

# Use extended attributes to store file modes
;    store dos attributes = yes
;    map hidden = no
;    map system = no
;    map archive = no

# Use inherited ACLs for directories
;    nt acl support = yes
;    inherit acls = yes
;    map acl inherit = yes

# These scripts are used on a domain controller or stand-alone
# machine to add or delete corresponding unix accounts
;  add user script = /usr/sbin/useradd %u
;  add group script = /usr/sbin/groupadd %g
;  add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
;  delete user script = /usr/sbin/userdel %u
;  delete user from group script = /usr/sbin/deluser %u %g
;  delete group script = /usr/sbin/groupdel %g

# No Pass
    null passwords = yes

#============================ Share Definitions ==============================
#[homes]
#   comment = Home Directories
#   browseable = yes
#   writable = yes

# Un-comment the following and create the netlogon directory for Domain Logons
; [netlogon]
;   comment = Network Logon Service
;   path = /usr/local/samba/lib/netlogon
;   guest ok = yes
;   writable = no
;   share modes = no


# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
;[Profiles]
;    path = /usr/local/samba/profiles
;    browseable = no
;    guest ok = yes


# NOTE: If you have a BSD-style print system there is no need to
# specifically define each individual printer
[printers]
   comment = All Printers
   path = /var/spool/samba
   browseable = no
# Set public = yes to allow user 'guest account' to print
   guest ok = no
   writable = no
   printable = yes

# This one is useful for people to share files
;[tmp]
;   comment = Temporary file space
;   path = /tmp
;   read only = no
;   public = yes

# A publicly accessible directory, but read only, except for people in
# the "staff" group
;[public]
;   comment = Public Stuff
;   path = /home/samba
;   public = yes
;   writable = yes
;   printable = no
;   write list = @staff

# Other examples.
#
# A private printer, usable only by fred. Spool data will be placed in fred's
# home directory. Note that fred must have write access to the spool directory,
# wherever it is.
;[fredsprn]
;   comment = Fred's Printer
;   valid users = fred
;   path = /homes/fred
;   printer = freds_printer
;   public = no
;   writable = no
;   printable = yes

# A private directory, usable only by fred. Note that fred requires write
# access to the directory.
;[fredsdir]
;   comment = Fred's Service
;   path = /usr/somewhere/private
;   valid users = fred
;   public = no
;   writable = yes
;   printable = no

# a service which has a different directory for each machine that connects
# this allows you to tailor configurations to incoming machines. You could
# also use the %U option to tailor it by user name.
# The %m gets replaced with the machine name that is connecting.
;[pchome]
;  comment = PC Directories
;  path = /usr/pc/%m
;  public = no
;  writable = yes

# A publicly accessible directory, read/write to all users. Note that all files
# created in the directory by users will be owned by the default user, so
# any user with access can delete any other user's files. Obviously this
# directory must be writable by the default user. Another user could of course
# be specified, in which case all files would be owned by that user instead.
[public]
   path = /mnt/disk/datos
   public = yes
   only guest = yes
   writable = yes
   printable = no
   usershare allow guests = yes

# The following two entries demonstrate how to share a directory so that two
# users can place files there that will be owned by the specific users. In this
# setup, the directory should be writable by both users and should have the
# sticky bit set on it to prevent abuse. Obviously this could be extended to
# as many users as required.
;[myshare]
;   comment = Mary's and Fred's stuff
;   path = /usr/somewhere/shared
;   valid users = mary fred
;   public = no
;   writable = yes
;   printable = no
;   create mask = 0765
;

# This is a DRAFT sample configuration for the ACLs on the ZFS partition.
#
;    nt acl support = yes
;    inherit acls = no
;    map acl inherit = yes
;
;[zpool]
;    path = /tank/zpool
;    unix extensions = no
;    vfs objects = zfsacl
;    nfs4:mode = special
;    nfs4:acedup = merge
;    nfs4:chown = yes
```


----------



## adripillo (Jan 29, 2013)

```
# cat /usr/local/etc/smb.conf
#======================= Global Settings =====================================
[global]

# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
   workgroup = HCDJJN61

# server string is the equivalent of the NT Description field
   server string = MCS435

# Security mode. Defines in which mode Samba will operate. Possible
# values are share, user, server, domain and ads. Most people will want
# user level security. See the Samba-HOWTO-Collection for details.
   security = share

# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
   hosts allow = 16.

# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
   load printers = yes

# you may wish to override the location of the printcap file
;   printcap name = /etc/printcap

# on SystemV system setting printcap name to lpstat should allow
# you to automatically obtain a printer list from the SystemV spool
# system
;   printcap name = lpstat

# It should not be necessary to specify the print system type unless
# it is non-standard. Currently supported print systems include:
# bsd, cups, sysv, plp, lprng, aix, hpux, qnx
;   printing = cups

# Uncomment this if you want a guest account, you must add this to /etc/passwd
# otherwise the user "nobody" is used
;  guest account = pcguest

# this tells Samba to use a separate log file for each machine
# that connects
   log file = /var/log/samba/log.%m

# Put a capping on the size of the log files (in Kb).
   max log size = 50

# Use password server option only with security = server
# The argument list may include:
#   password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
# or to auto-locate the domain controller/s
#   password server = *
;   password server = <NT-Server-Name>

# Use the realm option only with security = ads
# Specifies the Active Directory realm the host is part of
;   realm = MY_REALM

# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
;   passdb backend = tdbsam

# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting.
# Note: Consider carefully the location in the configuration file of
#       this line.  The included file is read at that point.
;   include = /usr/local/etc/smb.conf.%m

# Most people will find that this option gives better performance.
# See the chapter 'Samba performance issues' in the Samba HOWTO Collection
# and the manual pages for details.
# You may want to add the following on a Linux system:
;   socket options = SO_RCVBUF=8192 SO_SNDBUF=8192

# Configure Samba to use multiple interfaces
# If you have multiple network interfaces then you must list them
# here. See the man page for details.
   interfaces = 16.1.16.215/32

# Browser Control Options:
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
   local master = no

# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
;   os level = 33

# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
;   domain master = no

# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
;   preferred master = no

# Enable this if you want Samba to be a domain logon server for
# Windows95 workstations.
;   domain logons = no

# if you enable domain logons then you may want a per-machine or
# per user logon script
# run a specific logon batch file per workstation (machine)
;   logon script = %m.bat
# run a specific logon batch file per username
;   logon script = %U.bat

# Where to store roving profiles (only for Win95 and WinNT)
#        %L substitutes for this servers netbios name, %U is username
#        You must uncomment the [Profiles] share below
;   logon path = \\%L\Profiles\%U

# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
;   wins support = yes

# WINS Server - Tells the NMBD components of Samba to be a WINS Client
#       Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
;   wins server = w.x.y.z

# WINS Proxy - Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one  WINS Server on the network. The default is NO.
;   wins proxy = yes

# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The default is NO.
   dns proxy = no

# Charset settings
;   display charset = koi8-r
;   unix charset = koi8-r
;   dos charset = cp866

# Use extended attributes to store file modes
;    store dos attributes = yes
;    map hidden = no
;    map system = no
;    map archive = no

# Use inherited ACLs for directories
;    nt acl support = yes
;    inherit acls = yes
;    map acl inherit = yes

# These scripts are used on a domain controller or stand-alone
# machine to add or delete corresponding unix accounts
;  add user script = /usr/sbin/useradd %u
;  add group script = /usr/sbin/groupadd %g
;  add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
;  delete user script = /usr/sbin/userdel %u
;  delete user from group script = /usr/sbin/deluser %u %g
;  delete group script = /usr/sbin/groupdel %g

# No Pass
    null passwords = yes

#============================ Share Definitions ==============================
#[homes]
#   comment = Home Directories
#   browseable = yes
#   writable = yes

# Un-comment the following and create the netlogon directory for Domain Logons
; [netlogon]
;   comment = Network Logon Service
;   path = /usr/local/samba/lib/netlogon
;   guest ok = yes
;   writable = no
;   share modes = no


# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
;[Profiles]
;    path = /usr/local/samba/profiles
;    browseable = no
;    guest ok = yes


# NOTE: If you have a BSD-style print system there is no need to
# specifically define each individual printer
[printers]
   comment = All Printers
   path = /var/spool/samba
   browseable = no
# Set public = yes to allow user 'guest account' to print
   guest ok = no
   writable = no
   printable = yes

# This one is useful for people to share files
;[tmp]
;   comment = Temporary file space
;   path = /tmp
;   read only = no
;   public = yes

# A publicly accessible directory, but read only, except for people in
# the "staff" group
;[public]
;   comment = Public Stuff
;   path = /home/samba
;   public = yes
;   writable = yes
;   printable = no
;   write list = @staff

# Other examples.
#
# A private printer, usable only by fred. Spool data will be placed in fred's
# home directory. Note that fred must have write access to the spool directory,
# wherever it is.
;[fredsprn]
;   comment = Fred's Printer
;   valid users = fred
;   path = /homes/fred
;   printer = freds_printer
;   public = no
;   writable = no
;   printable = yes

# A private directory, usable only by fred. Note that fred requires write
# access to the directory.
;[fredsdir]
;   comment = Fred's Service
;   path = /usr/somewhere/private
;   valid users = fred
;   public = no
;   writable = yes
;   printable = no

# a service which has a different directory for each machine that connects
# this allows you to tailor configurations to incoming machines. You could
# also use the %U option to tailor it by user name.
# The %m gets replaced with the machine name that is connecting.
;[pchome]
;  comment = PC Directories
;  path = /usr/pc/%m
;  public = no
;  writable = yes

# A publicly accessible directory, read/write to all users. Note that all files
# created in the directory by users will be owned by the default user, so
# any user with access can delete any other user's files. Obviously this
# directory must be writable by the default user. Another user could of course
# be specified, in which case all files would be owned by that user instead.
[public]
   path = /mnt/disk/datos
   public = yes
   only guest = yes
   writable = yes
   printable = no
   usershare allow guests = yes

# The following two entries demonstrate how to share a directory so that two
# users can place files there that will be owned by the specific users. In this
# setup, the directory should be writable by both users and should have the
# sticky bit set on it to prevent abuse. Obviously this could be extended to
# as many users as required.
;[myshare]
;   comment = Mary's and Fred's stuff
;   path = /usr/somewhere/shared
;   valid users = mary fred
;   public = no
;   writable = yes
;   printable = no
;   create mask = 0765
;

# This is a DRAFT sample configuration for the ACLs on the ZFS partition.
#
;    nt acl support = yes
;    inherit acls = no
;    map acl inherit = yes
;
;[zpool]
;    path = /tank/zpool
;    unix extensions = no
;    vfs objects = zfsacl
;    nfs4:mode = special
;    nfs4:acedup = merge
;    nfs4:chown = yes
```


----------



## Sebulon (Jan 29, 2013)

Thanks. How does it behave if you add this?:

```
[public]
    path = /mnt/disk/datos
    public = yes
    only guest = yes
    writable = yes
    printable = no
    usershare allow guests = yes
    create mask = 777
    force create mode = 777
    security mask = 777
    force security mode = 777
    directory mask = 0777
    force directory mode = 0777
    directory security mask = 0777
    force directory security mode = 0777
```

/Sebulon


----------



## adripillo (Jan 29, 2013)

Sebulon said:
			
		

> Thanks. How does it behave if you add this?:
> 
> ```
> [public]
> ...



Excellent, I can copy from all the sides now, its working with computers inside the domain and outside too, event with windows 7 and xp. Thanks a lot.


----------



## Sebulon (Jan 29, 2013)

adripillo said:
			
		

> Excellent, I can copy from all the sides now, its working with computers inside the domain and outside too, event with windows 7 and xp. Thanks a lot.



Wait a minute..._domain_? So youÂ´re using this setup in an business environment; sharing out a filesystem to anyone, anywhere, with no access restrictions what so ever?! I could basically mount this share from home and steal all of your data. Does that sound thought through to you?

/Sebulon


----------



## kisscool-fr (Jan 29, 2013)

Sebulon said:
			
		

> Thanks. How does it behave if you add this?:
> 
> ```
> [public]
> ...



No need to add all this. 


```
[public]
    path = /mnt/disk/datos
    public = yes
    only guest = yes
    writable = yes
    printable = no
    usershare allow guests = yes
    create mask = 777
    directory mask = 0777
```

Should be sufficient.


----------



## gqgunhed (Jan 29, 2013)

@adripillo
If you are using this setup in a productive environment please have a look at the different security models for the smb.conf, e.g. samba.org: Domain Security Mode (User-Level Security)

Leaving everything unprotected is not a good idea - at least add some local users and groups... please.


----------

