Configuring Samba Share Mount with Specific User Permissions in Linux


3 views

When mounting a Samba share via CIFS, the default behavior often leads to permission conflicts between the client and server. The key problem occurs because:

  • The CIFS client defaults to root ownership
  • Server-side permissions are enforced by Samba
  • UID/GID mapping isn't automatically synchronized

First, ensure your Samba configuration has proper user mapping and permissions:

[myshare]
  path = /home/henry
  valid users = henry @smbgroup
  browsable = yes
  writable = yes
  create mask = 0775
  directory mask = 0775
  force user = henry
  force group = smbgroup

The critical mount options needed for proper user access:

sudo mount -t cifs //myserver/myshare /media/remote-share \
-o username=henry,password=yourpassword,uid=$(id -u henry),gid=$(id -g henry),file_mode=0775,dir_mode=0775

For permanent mounts, add to /etc/fstab:

//myserver/myshare  /media/remote-share  cifs  credentials=/etc/samba/henry_credentials,uid=1000,gid=1000,file_mode=0775,dir_mode=0775  0  0

Create credentials file securely:

chmod 600 /etc/samba/henry_credentials
cat << EOF > /etc/samba/henry_credentials
username=henry
password=yourpassword
EOF

If you still encounter permission problems:

  1. Verify user IDs match on both systems: id henry
  2. Check Samba logs: tail -f /var/log/samba/log.smbd
  3. Test with simpler permissions first

For more complex setups consider:

  • Using Active Directory integration
  • Implementing ACLs with nfs4_acl_xattr
  • Setting up Samba as a domain controller

When setting up a Samba share that needs to be mounted by specific users, we encounter permission challenges. The key is configuring both the Samba server and CIFS mount options correctly.


# Example smb.conf configuration
[henry_share]
  path = /home/henry
  browsable = yes
  read only = no
  guest ok = no
  valid users = henry
  create mask = 0664
  directory mask = 0775
  force user = henry
  force group = henry

Before configuring Samba, ensure proper filesystem permissions:


sudo chown -R henry:henry /home/henry
sudo chmod -R 775 /home/henry

The crucial part is the mount command with appropriate options:


sudo mount -t cifs //server_ip/henry_share /mnt/henry_share \
-o username=henry,password=yourpassword,uid=$(id -u henry),gid=$(id -g henry),file_mode=0664,dir_mode=0775

For automatic mounting at boot, add to /etc/fstab:


//server_ip/henry_share  /mnt/henry_share  cifs  credentials=/etc/samba/henry_credentials,uid=1000,gid=1000,file_mode=0664,dir_mode=0775  0  0

Create credentials file (/etc/samba/henry_credentials):


username=henry
password=yourpassword

If you still face permission problems:

  • Verify Samba user exists: sudo pdbedit -L
  • Check effective permissions: getfacl /home/henry
  • Test SMB access directly: smbclient //server_ip/henry_share -U henry

For more complex scenarios:


# Multiple users with different permissions
[department_share]
  path = /shared/department
  valid users = @marketing
  write list = @managers
  read list = @employees
  create mask = 0660
  directory mask = 2770
  force group = marketing