SMB settings to force nobody:users


Recommended Posts

I have most of my SMB shares set to Private or Secure, and I access them generally from my Windows 10 machine with a login that is also a corresponding unraid user. I noticed that any changes I make to files from my windows machine changes ownership to "johnsanc:users" instead of keeping it as "nobody:users"

 

Ideally I would like to force the settings for most of my shares to something like this, while still having them only accessible by specific users.

 

[share_name]

force user = nobody

force group = users

force directory mode = 0777

force create mode = 0666

create mask = 0666

 

Now, I know I can add this kind of setting into [global] in the smb-extra.conf from the web UI, but I do not want it to apply globally (because I dont want to mess up any dockers). I'd rather define these extra parameters on a per-share level, but I don't see a way to do that in the web UI. If I add the configuration above into the smb-extra.conf I cannot access the share at all - so I assume it is overwriting that share configuration entirely instead of just appending the extra configurations.

 

So what is the recomended way to do this?

Do I have to manually edit the etc/samba/smb-shares.conf file to add in my extra settings? If so it would be great to allow this from the web UI.

 

 

Edited by johnsanc
  • Like 1
Link to comment

unRaid doesn't utilize users in the same manner as a true full blown linux install.

 

The ownership of the file(s) are irrelevant so long as the permissions are correct (0777 or 0666 eg)  Access permissions are handled via the individual share settings.  Why does it matter the owner?

Link to comment

Basically to maintain consistency I suppose. If the ownership doesn't matter then why does the Fix User Permissions tool reset everything back to nobody:users?

 

I suppose the bigger issue is having the permissions changed unintentionally, so either way I want to force the correct permissions but dont see a way to do that in the share settings. And maybe im doing something wrong, but just adding those lines to the smb-extras doesnt seem to work.

  • Like 1
Link to comment
3 minutes ago, johnsanc said:

Fix User Permissions

In theory, the Permission fix tool is only for users who have upgraded from 4.x to 5.x or 6.x and only needs to be run once

 

In practice, a number of users have misconfigured a docker container that when it writes file(s) to a user share does not the file appropriate permissions (they'll apply 0700 or 0600) which means that only the applicable user will ever have access to the file - in this case the user "nobody" which doesn't even exist.  The tool is then used on a regular basis by those people to fix the problem, instead of simply telling the app to write the file(s) with correct permissions

Link to comment
  • 3 years later...
On 11/9/2019 at 2:44 PM, Squid said:

In theory, the Permission fix tool is only for users who have upgraded from 4.x to 5.x or 6.x and only needs to be run once

 

In practice, a number of users have misconfigured a docker container that when it writes file(s) to a user share does not the file appropriate permissions (they'll apply 0700 or 0600) which means that only the applicable user will ever have access to the file - in this case the user "nobody" which doesn't even exist.  The tool is then used on a regular basis by those people to fix the problem, instead of simply telling the app to write the file(s) with correct permissions

 

Hi Squid,

 

You mentioend that users have misconfigured containers. I run mine direct from trhe devleopers on Community apps as such i am not aware of any special way to run them coudl you provide any guidance or point me to docuemtnation that I can look at to help me make those required changes? Much appreciated! 

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.