Ubuntu
Samba 權限錯誤
我有一個帶有多個文件夾的 Samba 伺服器,但是當使用者嘗試創建文件夾或文件時,組權限僅設置為“r”(讀取),我做錯了什麼?
我的 Samba 版本是 4.3.11-Ubuntu
這是smb.conf
[COMPANY] browsable = yes path = /PATH/OTHERPATH guest ok = no guest only = no create mask = 0770 force create mode = 0770 directory mask = 0770 force directory mode = 0770 write list = @GROUP1, @GROUP2 read list = valid users = @GROUP1, @GROUP2 read only = no
這是 samba 授予我的使用者創建的文件和文件夾的權限
-rw-r--r-- 1 user GROUP1 0 jul 12 17:43 file drwxr-xr-x 2 user GROUP1 4096 jul 12 17:43 folder/
提前致謝
正如我在您問題下方的評論中所說,要通過 Samba 正確設置權限,您必須將系統 umask 設置為 0007。
我不確定這是否是設置 Samba 的“正確方法”。我注意到我在 Samba conf 文件中授予單個共享的權限與在 samba 共享中創建文件時創建的權限不同。基本上,從系統 umask 中,samba 正在刪除權限位,實際上它是在其他權限下創建文件。
我(很久以前)所做的是調整系統umask。
在**/etc/profile** 我添加了
umask 0007
我的 samba conf 文件是這樣的:
# # Samba config file # # To use with umask 0007 [global] server string = %h server (Samba, Ubuntu) map to guest = Bad User obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 deadtime = 45 socket options = TCP_NODELAY IPTOS_THROUGHPUT dns proxy = No panic action = /usr/share/samba/panic-action %d idmap config * : range = idmap config * : backend = tdb map acl inherit = Yes csc policy = documents # interfaces = 10.8.0.0/24 tun0 # do you want to serve your Samba over a dedicated network? # hosts allow = 10.8.0.0/24 # these rows are what I'd use in the OpenVPN [User] path = /home/samba/user valid users = user force group = user read only = No directory mask = 0770 force directory mode = 0770 create mask = 0660 force create mode = 0660 write cache size = 2621440 veto oplock files = /*.tmp/ # in this case, only the user User can r/w his own share. # What if we have a group with more users? [Group] path = /home/samba/group valid users = @group force group = group read only = No directory mask = 0770 force directory mode = 0770 create mask = 0660 force create mode = 0660 write cache size = 2621440 veto oplock files = /*.tmp/
如果共享有文件文件,請選擇 csc policy = 我在 GLOBAL 配置中使用的文件。
可能存在共享文件夾包含執行檔的情況(主要在 Windows 系統上,如攜帶式應用程序)。在這種情況下,您可以
在共享配置中使用csc policy = programs 。