Best practice for shared directory on server (samba windows 10 clients)

Edit the samba configuration file.

sudo nano /etc/samba/smb.conf

Add this to the end of the file:

[Public Directory]
comment = Contents are read/write by all.
path = /home/user/directory-to-be-shared
read only = no
guest ok = yes
create mask = 0666
force create mode = 0666
directory mask = 0777
force directory mode = 0777

Then restart samba.

sudo service smbd restart

Notes:

  1. The string within brackets (Public Directory in the example above) is what users will see when accessing the shared folder from other systems.
  2. Files created within this directory by users on other systems will be owned by nobody:nogroup, with read and write permissions for owner, group, and other.
  3. Directories created in this directory by users on other systems will be owned by nobody:nogroup, with read, write, and directory traversal permissions for owner, group, and other.
  4. The masks and modes in the configuration file apply to files and directories created by users on other systems. These masks and modes are ignored when creating files as a user on the server. Or, to put it another way, if you are user on the server, make sure that each file and directory that you create within /home/user/directory-to-be-shared has 666 and 777 permissions respectively.
  5. If you have enabled a firewall on the server, you will need to open port 445 for tcp. For example, if you use ufw (uncomplicated firewall) to configure the firewall:

    sudo ufw allow in 445/tcp
    sudo ufw reload
    sudo ufw status verbose
    

It's not clear to me if you want a share accessible to everyone or only a group of client users so this is a template for the latter.

Note: This will only work as described if the default umask of your system is 0002 so it will not work for Ubuntu Desktop 17/18 but it will work for Xubuntu Desktop and Ubuntu Server.

In this template it is required that all users you want to have access become members of the "users" group. It will assign the setgid bit on the shared directory and any future subdirectories which forces anything new added to them to inherit the group of it's parent folder.

sudo mkdir /path
sudo chown root:users /path
sudo chmod 2775 /path

The share would look like this:

[UsersShare]
path = /path
valid users = @users
force group = users
read only = no
create mask = 0664
force directory mode = 2775

When bob - who was made a member of the "users" group - logs in with his samba username/password and adds a file to the [UsersShare] share it will have owner = bob, group = users, mode = 664 files / 2775 folders.

All other client users who are members of the users group who sign in will have full access to whatever bob did.

Any local users - those on the server itself - who add or modify files who are also members of the users group will all have the same ability and newly created files/folders will have the same 664/2775 mode and all will have as group: "users". The one exception to all this is root - as in when you use sudo - since it's default umask is 022 unlike a regular user his files will inherit the "users" group but will have a mode of 644.

If you truly want a pure public share where everyone has access replace "valid users = @users" with "guest ok = yes". For this to work locally on the server you would still need to add those users to the "users" group.