Samba and file permissions under Linux

Hello everyone!

I turn to one of the more clever forums I know of in hopes of finally solving my network file sharing nightmares.

My situation:
I have a server running Linux Mint in my basement. This server does a lot of things (for a home user), it hosts my own Mumble server, it runs [email protected], it has a virtual server running ownCloud. This is all working as expected.

I recently got a hold of more storage space, and I was enthused to make my own home media sharing server; mainly for films through clients running Kodi, but also a music library.

I went online and did research and found that my options were either using Samba, or NFS (Network File System). Since my network has both Windows and Linux based clients in it, and for the seemingly easier setup, I ended up trying Samba first.

I downloaded the necessary server software onto my server machine, configured the "smb.conf" and "smbusers" files (Will post the config further down.), gave my testing account/smbgroup the permissions to the folder I wish to share.

My problem:
Now I could see the shared folder from my two client computers (Two laptops, one Linux Mint and one Windows 7). From the Windows 7 computer I can log in with the Samba username/password combination I set previously and I can see that folder's subfolders. However, with the account I set up, I cannot access the subfolders at all; Linux Mint gets stuck trying (And eventually times out), and Windows 7 tells me I don't have the permissions.

Using my Linux servers admin login/password combination on the other hand works perfectly in every scenario.

I have been trying for a good few weeks on and off with this problem, but both me and the little help I have gotten online have been unable to solve the problem.

P.S I even tried NFS shortly, just to see if it was less of a problem. The problem is I only get about 5 MB/s transfer speed, as opposed to Samba's 30-40 MB/s. Tested on Linux on both ends.

smb.conf:
[Filmer]
comment = Filmer till Kodi
path = /media/mint/Filmer/
writeable = yes
; browseable = yes
; guest ok = no
valid users = @smbgroup

[Musikdelning]
comment = Musik över nätverk
path = /media/mint/Musikdelning/Samba
writeable = yes
; browseable = yes
valid users = @smbsgroup

smbusers:
# Unix_name = SMB_Name1 SMB_Name2 ...
root = administrator
nobody = guest smbguest pcguest
smbuser = smbuser
mint = mint

Post the configs, then we can help.

Also, NFS should be way faster than SMB. 30MB/S is slow for SMB as well.

1 Like

Woops. I missed the copy-paste despite myself. Corrected now.

That smb.conf looks rather incomplete. No [global]?

Any guide I've read have not said anything about the [Global] part. If you have any suggestions, I am all willing to try!

And, well, it is all running on cat6 cables through gigabit network hardware. I really don't know what the cause would be. When I moved from cat5e to cat6 I saw a boost from about 10 MB/s to the 30 MB/s Samba is giving me now, so I assumed the rest was the infamous overhead that Samba is suffering from.

You should be able to get gigabit speeds with samba. I haven't seen any noticeable difference between samba and nfs but it may depend on your hardware.

I'm on my phone right now but when I get home I'll explain how I've set up my samba shares.

I think you may have a larger issue, because you should be getting max speeds... My router tops out at 940 Mbps so I usually get ~118 MB/s, this was true when I was using samba, and holds true using NFS.

1 Like

Samba on *nix has known performance issues with the default options. Here is some info about performance tuning: https://wiki.amahi.org/index.php/Make_Samba_Go_Faster

I'm getting a steady 124MB/s with default settings, while I'm sure there are performance issues they are not going to be as dramatic as 30MB/s. That is likely caused by another issue such as slow hardware.

Okay. So this is the way that I've set up my samba shares.

First you need to make sure you have a linux user and a samba user with the same name and password. You can use an existing user or create a new one. You also want to make a group for the samba users.

Firstly create the group. I will call this group samba

groupadd samba

Then create a linux user and add them to the group. I will call this user 'user'

useradd -G samba user

You can also add an existing user to the samba group

usermod -a -G samba user

then give the user a password

passwd user

Now add the same user to samba, for this use the same username and password

smbpasswd user

Now change the permissions for the doirectory you wish to share so that the samba group has read and write access

chown -R user:samba /path/to/share
chmod -R 775 /path/to/share

User in this case should be your default user account, or admin user, whatever applies. This will give the user and samba group read write and execute permission to the direcorty and read and execute permissions to other users. You can use 664 if you don't want execute permission or 770 or 660 if you don't want other users to have any access.

Now configure the share in smb.conf like this. This is how I do it and it has been working fine for me, there are probably other way that may be better.

[share]
comment = description of share
path = /path/to/share
guest ok = yes
writable = no
create mask = 0775
directory mask = 0775
force group = samba
write list @samba

where share is the name of your share, and samba is the group you created earlier. With this configuration only members of the samba group will have write access to the share. You should be able to control permissions by using the regular permission system for the file system.

1 Like

Thank you for the very well written guide! I followed it to the letter, the result is the same though. I can log in with the useraccount I added to the "samba" group from Windows 7, and I can see the [share] folder as we called it, but I cannot open it because I am lacking permissions it claims.

And the samba group has read and write permission for the directory of the share?

No, I really doubt there is a problem with the hardware. The server has 8 GBs of RAM (and free RAM left over), a Gigabyte 990FX UD5 together with an AMD Phenom II x6 processor, connected via cat6 cable to my Asus RT-N66U router, which then connects to my other devices via direct cat6 cables. The client devices are, among others, an MSI GE60 laptop and my desktop tower, housing an Asus Z97-A motherboard and an Intel 4790K processor.

This should hardly be a bottleneck, should it?

Doesn't sound like it. Could be a bad cable somewhere. I'm not really sure, but I doubt it's samba which is the problem.

Well, looking at the Terminal as I write the commands, there is no indication that the change failed. However, looking at my GUI file manager, it still claims the group ownership is to the previous group. Even if I change it in the GUI from the old to the new group, it reverts back to the old group ownership next time I open the same window.

This does not seem right.

Possible, but all the cables are less than a month old. I used to only use old cat5e patch cables before, and then the speed was even lower, about a tenth of the current speed or so. When I upgraded my network from the group and up I saw the improvement to what it is today...

You may need to make sure everything is in the same workgroup. You said earlier that you didn't have a global config in your smb.conf file? Try adding something like this at the start of the file.

[global]
workgroup = workgroup-name
server string = %h server (Samba)
dns proxy = no

These are basically just the default settings, but if you set workgroup-name to something, and set that same workgroup on your other machine syou may have more luck.

That is weird and probably the problem. When you run the chown -R command are you running it as root (or using sudo) if not try that.

How long are your cables? if any are over 100m (300 feet) that might be the problem.

I tried this, and I suppose I am supposed to modify the first setting line to correspond to what my actual workgroup name is, right? In my case it is "WORKGROUP", like the default seems to be.

I ran the command after having typed sudo -s
I suppose this is correct, right?

Good question. They are pretty long due to how we had to hide the wiring and the servers location. But I really doubt it is much more than 50 meters, if that.

Sidenote! I should probably clarify that logging in with my server's admin credentials on the clients works flawlessly every time, I can access all the shared folders I so far have tried to add.

Yeah

Yeah that should work. I'm really not sure why your permission settings are reverting, but this is likely the problem. Is it just the owner and group which are reverting? can you change other to read and write? if you can then you can atleast test if that's the problem. If other is set to read and write you should be able to access the samba share with any user.

This is just a guess but it seems to me that there is an issue with your cables. Even cat5e can do gigabit so the fact that you saw a significant improvement when replacing those cables with cat6 would indicate that something is going on with your cables. Do any of them run parallel to any mains power cables? or anything else which could cause EM interference?

This would indicate that it is an issue with the permissions, but I don't know why the changes aren't working.

Hmm, very strange behaviour. I can change the user owner, permissions all fine. Even changing the owner group actually works, as long as I set it to anything but "samba", as soon as I do that it reverts back to a group which no longer exists (I removed it earlier in my trials)

Nothing that should affect it. The patch connectors are near the fusebox of the house, but I really don't see this having much of an effect, especially since the patchcables I am using are of the STP kind.