UM 22.04 Can not access shared folder

Support & Help Requests
#1

Hi,
Today, with the system upgrade, the error 255 sharing folders dissapears and now I can share folders normally with caja-share in GUI. But now I am stuck with another problem. I put my shared folder with guest access, but when I try to go to my shared folder from other PC, I got the message:
Permission Denied.

I have done different tests and I have verified that it fails when the folder is inside the user's folder in /home/user/. If I do it in a folder in the root of the system it works (for example /scan)

Any clues on this?

#2

Not being sure how familiar you are with the command line, here are a couple of things that have tripped me up in the past. If you need commands, we can do that also.

(And I'm not using caja share or SMB, but rather sftp/ssh and NFS.)

Look at the permissions on the user's home directory. Some permissions will prevent anyone from seeing any subdirectory inside. And that is normally the default: no other regular user on the system has any access inside another's home directory,

Also look at the numerical userid and groupid (on both computers). The names associated are only local to a single host. From computer to computer, what matters for looking at permissions is matching up numerical userid and groupid.

(edited to clarify)

#3

OMG! What a shame, I had forgotten to check the permissions of the user folder! It is exactly that. In the previous versions the user folders had 755 permissions, but in this version they come as 750. If i change the /home/user folder permissions to 755 I can reach the shared folder!

Can anyone think of a way to be able to share a folder within the user's folder with samba without altering the permissions?

Thank you very very much for the clue charles-nix!!!

#4

You're most welcome. I spent a day with nfs years ago on a similar problem.

Again, I don't know Samba for sure, but this is how I do it on a small network on nfs. I doubt samba would be different.

The key is knowing who has to access the shared directory. Possibly opening up any data directory completely to world with 0755 might be a security issue. Depends on your setup and connection to WAN.

So how I do it is simply be sure that User1 on all machines has the same numeric userid and groupid. And the same with User2 and so on. Then User1 can reach any shared folder on any machine from any other. But the numeric ids have to match, not the usernames. They can be manually set with "vipw". You should not need to also run "vipw -s" because the shadow file doesn't have the name to id references. You may need to match up the user's personal group numeric ids as well.

Here's the rub: changing the userid number on an existing machine leaves all files previously owned by the user now owned by the previous number. Those have to be also corrected to the new number with "find --exec ' ' " with "chown" in the --exec or some other method. And you may need to match up groupids for each user's personal group as well. It is simple (for a handful of users and machines) when staging a new machine to match up to an existing file server. Not so simple with a network of existing machines.

I purposely am not giving exact commands. You can seriously break your system if you don't know and watch what you are doing. Again, I don't know what your comfort level with command line and internals is.

Now, if you aren't setting this up as a central file server, but only need convenient periodic access from one machine to another, I'd suggest the "File > Connect to server" option on Caja. The connections can use a variety of protocols, and can stay in the bookmarks. For this casual access, when you know the user password of the computer you are connecting to, I use port 22, protocol SSH, enter username and password on the computer you're connecting to, and usually the home directory of the user you want to access. Check the box if you will want to keep the connection in Bookmarks. This requires no fiddling with permissions or ownership because OpenSSH is doing the permission checking.

4 Likes
#5

Hi Chrales!

In my case, I want a public shared folder for guest users in samba for a net scanner. This scanner uses windows file sharing system, this is the reason to use samba to share the public folder. In other cases, I use NFS for sharing folders between diferent ubuntu PCs. My WAN configs are the standard config, I have no ports open or redirected. I know that using 750 in users home directory is a security issue and I want to keep it like that, thats why I was asking if anyone knows a trick to share a public folder at users home directory in samba keeping the permissions in 750. I will do more research in the forum and google, but if anyone knows how to do it, it will be wellcome!!

Thank you very much for your time and help charles!

P.D. For now, the only way I found to do share is using the smb.conf file, adding the force user = USER ,

Caja-share creates the config file at /var/lib/sambashare/FOLDER, but I added the line force user = USER, force_user=USER and force user=USER, without luck for now....

#6

I have a thought for you to explore. What about bind mounting only that shared directory to another more public location, such as a directory you create under /mnt? (e.g. /mnt/shared)

something like
$ sudo mkdir /mnt/shared
$ sudo chmod 0777 /mnt/shared
$ sudo mount --bind /home//shared /mnt/shared (You may need to check the syntax)

It occurs to me that if Guest is to be able to write scanned files to the directory, /mnt/shared would need world-writable permissions.

But stepping back a little, is there any reason the scans need to reside inside the user's home directory? Why not make the public directory directly somewhere else in the tree, such as /home/shared, or /mnt/shared/ or if you don't need to retain the information, /tmp/shared or /var/shared? Of those, I think you could make a case for any of them fitting in the FHS, depending on how long you retain the files. All of those locations are already 0755, and can certainly safely house a 0777 underneath.

#7

And, maybe leaving the user's directory at 0755 is not too bad if that is really the best solution for you. That was the default (on Ubuntu, at least) until 22.04

#8

I'm going to leave the user folders as 755 for now, while I figure out a way to be able to share with the permissions set to 750.

I'm also considering what you said about creating a folder in /home and scanning into it as a fix.

Thank you so much for everything