krs
Cadet
- Joined
- Jun 27, 2012
- Messages
- 7
Wrong permissions - Public (guest) CIFS share for Mac, Win and Linux users
Hello,
I read many forum and blog posts these past days about the subject but I'm not able to find a solution by myself, so I try here.
I have repurposed an old machine with freenas, 2x2TB in zfs mirroring.
Here are the steps I followed :
- I made a volume (dataset) called "share" for the Cifs share (/mnt/backup/share)
- Create a guest user, checked "Disable password logins", and set /mnt/backup/share as home directory
- For my volume, I set Guest as owner and Guest as group, set read/write/execute permission for everybody, type of ACL: Unix
- Create a Cifs share, name "share", path /mnt/backup/share, checked Allow Guest Access and Only Allow Guest Access.
- Cifs service : Authentication Model: Anonymous, netbios name: freenas, Guest Account: guest, Allow guest access and Only allow guest access, File and directory mask :0777, Allow Empty Password and Enable Home Directories, Home Directories: /mnt/backup/share
- Started the Cifs service.
I have mainly Mac users in my lan, also windows and Ubuntu users. Erverbody can see and access the Cifs share, everybody can write in it, but for some reasons, some mac users are writing files with the following permissions :
-rw-r--r-- guest guest
The others users cant modify or delete these files. Despite the fact that everybody are connected as guest.
I must have missed something about the permissions, thank you for your help.
Here is the resulting smb.conf :
cat /etc/local/smb.conf
[global]
encrypt passwords = yes
dns proxy = no
strict locking = no
read raw = yes
write raw = yes
oplocks = yes
max xmit = 65535
deadtime = 15
display charset = LOCALE
max log size = 10
syslog only = yes
syslog = yes
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
smb passwd file = /var/etc/private/smbpasswd
private dir = /var/etc/private
getwd cache = yes
guest account = guest
map to guest = Bad Password
obey pam restrictions = Yes
guest ok = yes
guest only = yes
netbios name = freenas
workgroup = WORKGROUP
server string = FreeNAS Share
use sendfile = yes
large readwrite = no
local master = yes
time server = yes
security = share
force user = guest
force group = guest
passdb backend = tdbsam:/var/etc/private/passdb.tdb
create mask = 0777
directory mask = 0777
client ntlmv2 auth = yes
dos charset = CP437
unix charset = UTF-8
log level = 1
force create mode = 0776
force directory mode = 0777
[homes]
comment = Home Directories
valid users = %U
writable = yes
browseable = no
path = /mnt/backup/share/%U
[share]
path = /mnt/backup/share
printable = no
veto files = /.snap/.windows/
writeable = yes
browseable = yes
inherit owner = yes
inherit permissions = yes
recycle:repository = .recycle/%U
recycle:keeptree = yes
recycle:versions = yes
recycle:touch = yes
recycle:directory_mode = 0777
recycle:subdir_mode = 0700
vfs objects = recycle zfsacl
guest ok = yes
guest only = yes
inherit acls = Yes
map archive = No
map readonly = no
nfs4:mode = special
nfs4:acedup = merge
nfs4:chown = yes
force create mode = 0776
force directory mode = 0777
Hello,
I read many forum and blog posts these past days about the subject but I'm not able to find a solution by myself, so I try here.
I have repurposed an old machine with freenas, 2x2TB in zfs mirroring.
Here are the steps I followed :
- I made a volume (dataset) called "share" for the Cifs share (/mnt/backup/share)
- Create a guest user, checked "Disable password logins", and set /mnt/backup/share as home directory
- For my volume, I set Guest as owner and Guest as group, set read/write/execute permission for everybody, type of ACL: Unix
- Create a Cifs share, name "share", path /mnt/backup/share, checked Allow Guest Access and Only Allow Guest Access.
- Cifs service : Authentication Model: Anonymous, netbios name: freenas, Guest Account: guest, Allow guest access and Only allow guest access, File and directory mask :0777, Allow Empty Password and Enable Home Directories, Home Directories: /mnt/backup/share
- Started the Cifs service.
I have mainly Mac users in my lan, also windows and Ubuntu users. Erverbody can see and access the Cifs share, everybody can write in it, but for some reasons, some mac users are writing files with the following permissions :
-rw-r--r-- guest guest
The others users cant modify or delete these files. Despite the fact that everybody are connected as guest.
I must have missed something about the permissions, thank you for your help.
Here is the resulting smb.conf :
cat /etc/local/smb.conf
[global]
encrypt passwords = yes
dns proxy = no
strict locking = no
read raw = yes
write raw = yes
oplocks = yes
max xmit = 65535
deadtime = 15
display charset = LOCALE
max log size = 10
syslog only = yes
syslog = yes
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
smb passwd file = /var/etc/private/smbpasswd
private dir = /var/etc/private
getwd cache = yes
guest account = guest
map to guest = Bad Password
obey pam restrictions = Yes
guest ok = yes
guest only = yes
netbios name = freenas
workgroup = WORKGROUP
server string = FreeNAS Share
use sendfile = yes
large readwrite = no
local master = yes
time server = yes
security = share
force user = guest
force group = guest
passdb backend = tdbsam:/var/etc/private/passdb.tdb
create mask = 0777
directory mask = 0777
client ntlmv2 auth = yes
dos charset = CP437
unix charset = UTF-8
log level = 1
force create mode = 0776
force directory mode = 0777
[homes]
comment = Home Directories
valid users = %U
writable = yes
browseable = no
path = /mnt/backup/share/%U
[share]
path = /mnt/backup/share
printable = no
veto files = /.snap/.windows/
writeable = yes
browseable = yes
inherit owner = yes
inherit permissions = yes
recycle:repository = .recycle/%U
recycle:keeptree = yes
recycle:versions = yes
recycle:touch = yes
recycle:directory_mode = 0777
recycle:subdir_mode = 0700
vfs objects = recycle zfsacl
guest ok = yes
guest only = yes
inherit acls = Yes
map archive = No
map readonly = no
nfs4:mode = special
nfs4:acedup = merge
nfs4:chown = yes
force create mode = 0776
force directory mode = 0777
