How do I set permissions to Samba shares?


Please shareShare on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInShare on RedditDigg thisShare on StumbleUponShare on VKBuffer this page

What is samba?

Samba is essentially a TCP/IP file and print server for Microsoft Windows clients. In fact, it can support any SMB/CIFS-enabled client. One of Samba’s big strengths is that you can use it to blend your mix of Windows and Linux machines

together without requiring a separate Windows server. Samba includes support for Active Directory, unicode, new authentication and filename mangling systems, printing support, trust relationships, LDAP integration and loadable RPC modules.

How do I set permissions to Samba shares?

Samba Basic permissions are as follows (configuration file is smb.conf [/etc/samba/smb.conf]):

  • read only: This parameter controls whether an user has the ability to create or modify files within a share. This is default.
  • guest ok: Uf this parameter is set to yes, the users will have access to the share without having to enter a password. This can pose security risk.
  • writeable: Specifies users should have write access to the share.

You can create the share called secretfiles with read only permission

path = /usr/share/docs
read only = Yes

You can create the share called unixmendoc with write permission
path = /home/shared/unixmendocs
writeable = Yes

You can also create a list of users to give write access to the share with write list option. For example allow vlademir and unixmen to write to the share called goldoc:
path = /home/shared/goldoc
write list = vlademir unixmen

You can create a list of users to give read access to the share with read list option, , for example the folder name is “myfolder“, and the persons names names are unixmen and vlademir.


path = /home/shared/myfolder

read list = unixmen vlademir

You can use following options

read list: This option accepts a list of usernames or a group as its value. Users will be given read-only access to the share.

valid users: You can make a share available to specific users. Usernames or group names can be passed on as its value.

invalid users: Users or groups listed will be denied access to this share.

Samba mask permission

It is also possible to specify samba default file creation permission using mask.

  • create mask: This option is set using an octal value when setting permissions for files.
  • directory mask: Directories must have the execute bit for proper access. Default parameter is 0755.

path = /home/shared/sales
write list = rocky sys
create mask = 0775

And is done !

Reference :