How to setup samba share to be mounted as specific user?

Solution 1:

ok, i've re-read your question and have another answer.

when you mount it in /etc/fstab or with sudo mount from the command line, you need to set the uid and gid and optionally the umask too (file_mode and dir_mode) so that local users on the client can use the share. otherwise, it will default to being owned by root and W only by root. and it probably doesn't hurt to explicitly mount it as RW.

sudo mount -t cifs //myserver/myshare /media/remote-share \
  -o rw,user=henry,uid=xxx,gid=yyy

where xxx and yyy are the local (local to the client, that is) user and group that should "own" the share when it is mounted. if it's only one local user that needs access, the gid probably doesn't matter. if multiple local users need access, then the gid has to be set and every local user who needs access has to be a member of that gid.

there are other options that may need to be set, depending on your network setup (e.g. you may need to specify the domain). see the manpage for mount.cifs(8) for more details.

BTW, see the notes about credentials file if you're mounting it from /etc/fstab. fstab is world-readable so not a good place to put passwords. a credentials file can be owned by root, mode 600.

Solution 2:

the mount command is on the client side and doesn't control what the server allows.

you need to set up the share on the server so that anyone in a particular group ("valid users = groupname") can connect to the share, and then force the connection to be as user henry ("force user = henry"), regardless of what username/password they actually logged in with.

on ubuntu, as on debian, henry probably already has his own dedicated group (adduser on debian defaults to making a group for each user), but don't use that, unless you want everyone in that group to have access to all of henry's files rather than just those in the share.

e.g. make a unix (or ldap or Active Directory) group called "henry-share-g", and add anyone who needs access to the share to that group.

then configure the share in samba to set the permissions so that files are created RW by user & group, and directories are created RWX by user & group AND setgid (so that new files/dirs are created with group 'henry-share-g').

e.g. something like this:

[myshare]
    path = /home/henry
    force security mode = 0664
    force directory security mode = 2775
    force create mode = 0664
    force directory mode = 2775
    read only = No
    browseable = Yes
    force user = henry
    force group = henry-share-g
    valid users = +henry-share-g

this example makes the files and directories world-readable as well as RW by user & group. if you don't want that, then use 0660 for files and 2770 for directories.

BTW, the above is roughly what i do on my samba server at work whenever one of the professors wants a group share for everyone in his research group to be able to use.

the only real difference is that i don't use an existing user account. I create a dedicated user in AD for the share as well as a dedicated group, because there needs to be a separation between the prof's personal files and his/her research group's files. i also set a quota for that user & group, which is separate from the user's personal quota. i.e. i'd create and use something like "henry-share-u" rather than use the existing "henry" account.

Solution 3:

This depends on the passdb backend you chose in your smb.conf.

If you use the tdbsam backend (recommended by samba) and set security to user:

security = user
passdb backend = tdbsam

You can use /usr/bin/smbpasswd to add samba users:

  1. Add a UNIX user using /usr/sbin/useradd
  2. Add samba user using smbpasswd -L -a <user> (-L: local mode, -a: add user)
  3. Map your users using /etc/samba/smbusers [Syntax: <unix-user> = <smb-user1> <smb-user2> <smb-userN>]

The paths may defer in your GNU/Lunux distribution.