Jump to content
Sign in to follow this  
johnsanc

SMB settings to force nobody:users

6 posts in this topic Last Reply

Recommended Posts

I have most of my SMB shares set to Private or Secure, and I access them generally from my Windows 10 machine with a login that is also a corresponding unraid user. I noticed that any changes I make to files from my windows machine changes ownership to "johnsanc:users" instead of keeping it as "nobody:users"

 

Ideally I would like to force the settings for most of my shares to something like this, while still having them only accessible by specific users.

 

[share_name]

force user = nobody

force group = users

force directory mode = 0777

force create mode = 0666

create mask = 0666

 

Now, I know I can add this kind of setting into [global] in the smb-extra.conf from the web UI, but I do not want it to apply globally (because I dont want to mess up any dockers). I'd rather define these extra parameters on a per-share level, but I don't see a way to do that in the web UI. If I add the configuration above into the smb-extra.conf I cannot access the share at all - so I assume it is overwriting that share configuration entirely instead of just appending the extra configurations.

 

So what is the recomended way to do this?

Do I have to manually edit the etc/samba/smb-shares.conf file to add in my extra settings? If so it would be great to allow this from the web UI.

 

 

Edited by johnsanc

Share this post


Link to post

Dockers don't use SMB / CIF, unless you're accessing them from an entirely different system.

Share this post


Link to post

So it would be considered safe to add the force user/group to global? I actually shyed away from that based on reading other posts and I believe you suggested that setting was a bad idea for a default configuration.

 

 

Share this post


Link to post

unRaid doesn't utilize users in the same manner as a true full blown linux install.

 

The ownership of the file(s) are irrelevant so long as the permissions are correct (0777 or 0666 eg)  Access permissions are handled via the individual share settings.  Why does it matter the owner?

Share this post


Link to post

Basically to maintain consistency I suppose. If the ownership doesn't matter then why does the Fix User Permissions tool reset everything back to nobody:users?

 

I suppose the bigger issue is having the permissions changed unintentionally, so either way I want to force the correct permissions but dont see a way to do that in the share settings. And maybe im doing something wrong, but just adding those lines to the smb-extras doesnt seem to work.

Share this post


Link to post
3 minutes ago, johnsanc said:

Fix User Permissions

In theory, the Permission fix tool is only for users who have upgraded from 4.x to 5.x or 6.x and only needs to be run once

 

In practice, a number of users have misconfigured a docker container that when it writes file(s) to a user share does not the file appropriate permissions (they'll apply 0700 or 0600) which means that only the applicable user will ever have access to the file - in this case the user "nobody" which doesn't even exist.  The tool is then used on a regular basis by those people to fix the problem, instead of simply telling the app to write the file(s) with correct permissions

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this