[Solved] SMB Share Permissions

[busthead]

Hello, I'm new to unRAID, can list the folders in the root of my SMB share but cannot click into them.

 

I have created unRAID user scott and granted him Read/Write permissions on the share. Attempting to access the share from a Windows 10 client. The owner and group of the folders in the share is root.

 

I've attached the output of the 'net use' command from the client and 'smbstatus' command from the server, and also the server diagnostic file. Any help is appreciated.

tower-diagnostics-20190115-1059.zip

[Squid]

Lots of info here

 

https://forums.unraid.net/topic/53172-windows-issues-with-unraid/

 

(or hopefully @Frank1940) will also chime in, as he seems to know what he's talking about regarding this.

[Frank1940]

If I read your post correctly, the owner and group is root  This is probably the source of your problem.  This is the output of the smbstatus command on my server. 

root@Rose:~# smbstatus

Samba version 4.8.7
PID     Username     Group        Machine                                   Protocol Version  Encryption           Signing
----------------------------------------------------------------------------------------------------------------------------------------
10960   nobody       users        192.168.1.102 (ipv4:192.168.1.102:55257)  SMB2_10           -                    -

Service      pid     Machine       Connected at                     Encryption   Signing
---------------------------------------------------------------------------------------------
IPC$         10960   192.168.1.102 Tue Jan 15 09:16:04 PM 2019 EST  -            -
Backup       10960   192.168.1.102 Tue Jan 15 09:16:07 PM 2019 EST  -            -

Locked files:
Pid          Uid        DenyMode   Access      R/W        Oplock           SharePath   Name   Time
--------------------------------------------------------------------------------------------------
10960        99         DENY_NONE  0x100081    RDONLY     NONE             /mnt/user/Backup   Albums&Pictures   Tue Jan 15 21:16:10 2019
10960        99         DENY_NONE  0x100081    RDONLY     NONE             /mnt/user/Backup   .   Tue Jan 15 21:16:07 2019

Note that the owner is nobody and the Group is users.   These are the normal default owner and group for Unraid.  Deviating from that generally causes problems. 

 

Furthermore, there is this line in the smb.conf  file:

invalid users = root

I would think that this would prevent any files owned by root from being shared!  (The reason for this is to prevent access to system files via smb!)  

 

Now, as to how to fix the problem.  Go to    Tools   >>>  Docker Safe New Permissions   (This utility is a part of the Fix Common Problems plugin.)   You can use the  Tools   >>>   New Permissions    utility BUT you have to exclude, at least, the appdata share!!!    If you have a VM as a part of your server setup, I am not sure if there are any shares that would have to be excluded as I don't have a VM on either of my servers.  

 

(The reason that my files are 'Locked' is for security.  In fact, there is only read access to any of my Samba shares for protection against Ransomware.  The 'normal default Unraid setup has no locked files, and anyone and any process can modify them with a file operation via Samba.  You do not have to change the owner from nobody  to control access to directories and files via Samba.  If you set the SMB Security Settings for a share to Secure or Private, you will be able to assign 'users' with permissions for various different access rights for that share.) 

[busthead]

chown -R nobody:users /mnt/user/unRAID/

 

appears to have resolved the SMB permission denied. The file were likely incorrectly owned because I used rsync, run as root, to copy them to /mnt/user/unRAID/

 

Thx

 

[Christopher Morris]

On 1/15/2019 at 8:09 PM, Frank1940 said:

If I read your post correctly, the owner and group is root  This is probably the source of your problem.  This is the output of the smbstatus command on my server. 

root@Rose:~# smbstatus

Samba version 4.8.7
PID     Username     Group        Machine                                   Protocol Version  Encryption           Signing
----------------------------------------------------------------------------------------------------------------------------------------
10960   nobody       users        192.168.1.102 (ipv4:192.168.1.102:55257)  SMB2_10           -                    -

Service      pid     Machine       Connected at                     Encryption   Signing
---------------------------------------------------------------------------------------------
IPC$         10960   192.168.1.102 Tue Jan 15 09:16:04 PM 2019 EST  -            -
Backup       10960   192.168.1.102 Tue Jan 15 09:16:07 PM 2019 EST  -            -

Locked files:
Pid          Uid        DenyMode   Access      R/W        Oplock           SharePath   Name   Time
--------------------------------------------------------------------------------------------------
10960        99         DENY_NONE  0x100081    RDONLY     NONE             /mnt/user/Backup   Albums&Pictures   Tue Jan 15 21:16:10 2019
10960        99         DENY_NONE  0x100081    RDONLY     NONE             /mnt/user/Backup   .   Tue Jan 15 21:16:07 2019

Note that the owner is nobody and the Group is users.   These are the normal default owner and group for Unraid.  Deviating from that generally causes problems. 

 

Furthermore, there is this line in the smb.conf  file:

invalid users = root

I would think that this would prevent any files owned by root from being shared!  (The reason for this is to prevent access to system files via smb!)  

 

Now, as to how to fix the problem.  Go to    Tools   >>>  Docker Safe New Permissions   (This utility is a part of the Fix Common Problems plugin.)   You can use the  Tools   >>>   New Permissions    utility BUT you have to exclude, at least, the appdata share!!!    If you have a VM as a part of your server setup, I am not sure if there are any shares that would have to be excluded as I don't have a VM on either of my servers.  

 

(The reason that my files are 'Locked' is for security.  In fact, there is only read access to any of my Samba shares for protection against Ransomware.  The 'normal default Unraid setup has no locked files, and anyone and any process can modify them with a file operation via Samba.  You do not have to change the owner from nobody  to control access to directories and files via Samba.  If you set the SMB Security Settings for a share to Secure or Private, you will be able to assign 'users' with permissions for various different access rights for that share.) 

 

 

Sorry for resurrecting old thread.  

 

I removed an unRAID setup from a domain a while back, and ever since the SMB share permissions haven't worked like they do when set stock.   Will this fix that issue and make it so the unRAID user permissions work.    Right now either I open up a share to everyone, or no one can access it.   

 

Thanks,