Can only write to share when public write is enabled, why?

[chris.shelton]

Hi all,

I have created a directory called 'zen' and a share which links to that directory and is accessible only by me, using the valid users = chris.

I have visibility of the share and can access it, but cannot write to the share. The share has not been set up as readonly or as anything else that would restrict writing permissions.
I have solved this by navigating to the 'zen' directory using the File Manager and changing the permissions of the folder to allow a write by public; writes were already set for owner and groups.

I just want to know why the share is only write-able to, once the 'public' write is ticked, any ideas?

Thanks, Chris

[ChriZathens]

You mentioned that writes were enabled for owner and group...
Is the user you are trying to access the share, the owner of the directory?
Does the user belong to the same group as the owner of the directory?
Please post a screenshot of your samba config...

[chris.shelton]

You mentioned that writes were enabled for owner and group...
Is the user you are trying to access the share, the owner of the directory?
Does the user belong to the same group as the owner of the directory?
Please post a screenshot of your samba config...

Yes, the following permissions were set for the directory by default upon creation: drwxrwxr-x, so no public write which didn't allow the logged in user of the directory to write to it.

I'm not sure whether the user is the owner, as the directory was created through the file manager in the web gui - logged in as admin.
Who would the owner of the directory be if it was created through the web gui?

samba config:

[global]
server role = standalone
encrypt passwords = yes
netbios name = nas4free
workgroup = WORKGROUP
server string = NAS4Free Server
security = user
max protocol = SMB2
dns proxy = no
# Settings to enhance performance:
strict locking = no
read raw = yes
write raw = yes
oplocks = yes
max xmit = 65535
deadtime = 15
getwd cache = yes
socket options = TCP_NODELAY SO_SNDBUF=128480 SO_RCVBUF=128480
# End of performance section
unix charset = UTF-8
store dos attributes = yes
local master = no
domain master = no
preferred master = no
os level = 0
time server = no
guest account = ftp
map to guest = Bad User
max log size = 100
syslog only = yes
syslog = 1
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
log level = 1
dos charset = CP437
smb passwd file = /var/etc/private/smbpasswd
private dir = /var/etc/private
passdb backend = tdbsam
idmap config * : backend = tdb
idmap config * : range = 10000-39999
valid users = %U
force user = %U

[%U]
comment = user home directory
path = /mnt/pool1/data/home/%U
writeable = yes
printable = no
veto files = /.snap/.sujournal/
hide dot files = yes
guest ok = no
inherit permissions = yes
vfs objects = shadow_copy2 recycle
recycle:repository = .recycle/%U
recycle:keeptree = yes
recycle:versions = yes
recycle:touch = yes
recycle:directory_mode = 0777
recycle:subdir_mode = 0700
shadow:format = auto-%Y%m%d-%H%M%S
shadow:snapdir = .zfs/snapshot
shadow:sort = desc
shadow:localtime = yes
valid users = %U

[%U_training]
comment = personal training share
path = /mnt/pool1/data/training/%U_training
writeable = yes
printable = no
veto files = /.snap/.sujournal/
hide dot files = yes
guest ok = no
inherit permissions = yes
vfs objects = shadow_copy2 recycle
recycle:repository = .recycle/%U
recycle:keeptree = yes
recycle:versions = yes
recycle:touch = yes
recycle:directory_mode = 0777
recycle:subdir_mode = 0700
shadow:format = auto-%Y%m%d-%H%M%S
shadow:snapdir = .zfs/snapshot
shadow:sort = desc
shadow:localtime = yes
valid users = %U

[zfs]
comment = zfs
path = /mnt/pool1/data/.zfs
writeable = yes
printable = no
veto files = /.snap/.sujournal/
hide dot files = yes
guest ok = no
inherit permissions = yes
vfs objects = shadow_copy2 zfsacl recycle
recycle:repository = .recycle/%U
recycle:keeptree = yes
recycle:versions = yes
recycle:touch = yes
recycle:directory_mode = 0777
recycle:subdir_mode = 0700
shadow:format = auto-%Y%m%d-%H%M%S
shadow:snapdir = .zfs/snapshot
shadow:sort = desc
shadow:localtime = yes
veto files = /.zfs/
valid users = admin

[bfs]
comment = bfs
path = /mnt/pool1/data/bfs
writeable = yes
printable = no
veto files = /.snap/.sujournal/
hide dot files = yes
guest ok = no
inherit permissions = yes
vfs objects = shadow_copy2 zfsacl recycle
recycle:repository = .recycle/%U
recycle:keeptree = yes
recycle:versions = yes
recycle:touch = yes
recycle:directory_mode = 0777
recycle:subdir_mode = 0700
shadow:format = auto-%Y%m%d-%H%M%S
shadow:snapdir = .zfs/snapshot
shadow:sort = desc
shadow:localtime = yes
veto files = /.zfs/
valid users = @staff

[data]
comment = data
path = /mnt/pool1/data
writeable = yes
printable = no
veto files = /.snap/.sujournal/
hide dot files = no
guest ok = no
inherit permissions = yes
vfs objects = shadow_copy2 zfsacl recycle
recycle:repository = .recycle/%U
recycle:keeptree = yes
recycle:versions = yes
recycle:touch = yes
recycle:directory_mode = 0777
recycle:subdir_mode = 0700
shadow:format = auto-%Y%m%d-%H%M%S
shadow:snapdir = .zfs/snapshot
shadow:sort = desc
shadow:localtime = yes
veto files = /.zfs/
valid users = @admin

[home]
comment = home
path = /mnt/pool1/data/home
writeable = yes
printable = no
veto files = /.snap/.sujournal/
hide dot files = yes
guest ok = no
inherit permissions = yes
vfs objects = shadow_copy2 zfsacl recycle
recycle:repository = .recycle/%U
recycle:keeptree = yes
recycle:versions = yes
recycle:touch = yes
recycle:directory_mode = 0777
recycle:subdir_mode = 0700
shadow:format = auto-%Y%m%d-%H%M%S
shadow:snapdir = .zfs/snapshot
shadow:sort = desc
shadow:localtime = yes
veto files = /.zfs/
valid users = @admin

[nobackup]
comment = nobackup
path = /mnt/pool1/data/nobackup
writeable = yes
printable = no
veto files = /.snap/.sujournal/
hide dot files = yes
guest ok = no
inherit permissions = yes
vfs objects = shadow_copy2 zfsacl recycle
recycle:repository = .recycle/%U
recycle:keeptree = yes
recycle:versions = yes
recycle:touch = yes
recycle:directory_mode = 0777
recycle:subdir_mode = 0700
shadow:format = auto-%Y%m%d-%H%M%S
shadow:snapdir = .zfs/snapshot
shadow:sort = desc
shadow:localtime = yes
veto files = /.zfs/
valid users = @staff

[photos]
comment = photos
path = /mnt/pool1/data/photos
writeable = yes
printable = no
veto files = /.snap/.sujournal/
hide dot files = yes
guest ok = no
inherit permissions = yes
vfs objects = shadow_copy2 zfsacl recycle
recycle:repository = .recycle/%U
recycle:keeptree = yes
recycle:versions = yes
recycle:touch = yes
recycle:directory_mode = 0777
recycle:subdir_mode = 0700
shadow:format = auto-%Y%m%d-%H%M%S
shadow:snapdir = .zfs/snapshot
shadow:sort = desc
shadow:localtime = yes
veto files = /.zfs/
valid users = @staff

[public]
comment = public
path = /mnt/pool1/data/public
writeable = yes
printable = no
veto files = /.snap/.sujournal/
hide dot files = yes
guest ok = no
inherit permissions = yes
vfs objects = shadow_copy2 zfsacl recycle
recycle:repository = .recycle/%U
recycle:keeptree = yes
recycle:versions = yes
recycle:touch = yes
recycle:directory_mode = 0777
recycle:subdir_mode = 0700
shadow:format = auto-%Y%m%d-%H%M%S
shadow:snapdir = .zfs/snapshot
shadow:sort = desc
shadow:localtime = yes
veto files = /.zfs/
valid users = @staff

[readonly]
comment = readonly
path = /mnt/pool1/data/readonly
printable = no
veto files = /.snap/.sujournal/
hide dot files = yes
guest ok = no
inherit permissions = yes
vfs objects = shadow_copy2 zfsacl recycle
recycle:repository = .recycle/%U
recycle:keeptree = yes
recycle:versions = yes
recycle:touch = yes
recycle:directory_mode = 0777
recycle:subdir_mode = 0700
shadow:format = auto-%Y%m%d-%H%M%S
shadow:snapdir = .zfs/snapshot
shadow:sort = desc
shadow:localtime = yes
veto files = /.zfs/
valid users = @staff

[scanner]
comment = scanner
path = /mnt/pool1/data/scanner
writeable = yes
printable = no
veto files = /.snap/.sujournal/
hide dot files = yes
guest ok = no
inherit permissions = yes
vfs objects = shadow_copy2 zfsacl recycle
recycle:repository = .recycle/%U
recycle:keeptree = yes
recycle:versions = yes
recycle:touch = yes
recycle:directory_mode = 0777
recycle:subdir_mode = 0700
shadow:format = auto-%Y%m%d-%H%M%S
shadow:snapdir = .zfs/snapshot
shadow:sort = desc
shadow:localtime = yes
veto files = /.zfs/
valid users = @staff

[software]
comment = software
path = /mnt/pool1/data/software
writeable = yes
printable = no
veto files = /.snap/.sujournal/
hide dot files = yes
guest ok = no
inherit permissions = yes
vfs objects = shadow_copy2 zfsacl recycle
recycle:repository = .recycle/%U
recycle:keeptree = yes
recycle:versions = yes
recycle:touch = yes
recycle:directory_mode = 0777
recycle:subdir_mode = 0700
shadow:format = auto-%Y%m%d-%H%M%S
shadow:snapdir = .zfs/snapshot
shadow:sort = desc
shadow:localtime = yes
veto files = /.zfs/
valid users = @staff

[temp]
comment = temp
path = /mnt/pool1/data/temp
writeable = yes
printable = no
veto files = /.snap/.sujournal/
hide dot files = yes
guest ok = no
inherit permissions = yes
vfs objects = shadow_copy2 zfsacl recycle
recycle:repository = .recycle/%U
recycle:keeptree = yes
recycle:versions = yes
recycle:touch = yes
recycle:directory_mode = 0777
recycle:subdir_mode = 0700
shadow:format = auto-%Y%m%d-%H%M%S
shadow:snapdir = .zfs/snapshot
shadow:sort = desc
shadow:localtime = yes
veto files = /.zfs/
valid users = @staff

[training]
comment = training
path = /mnt/pool1/data/training
writeable = yes
printable = no
veto files = /.snap/.sujournal/
hide dot files = yes
guest ok = no
inherit permissions = yes
vfs objects = shadow_copy2 zfsacl recycle
recycle:repository = .recycle/%U
recycle:keeptree = yes
recycle:versions = yes
recycle:touch = yes
recycle:directory_mode = 0777
recycle:subdir_mode = 0700
shadow:format = auto-%Y%m%d-%H%M%S
shadow:snapdir = .zfs/snapshot
shadow:sort = desc
shadow:localtime = yes
veto files = /.zfs/
valid users = @training

[wiki]
comment = wiki
path = /mnt/pool1/data/wiki
writeable = yes
printable = no
veto files = /.snap/.sujournal/
hide dot files = yes
guest ok = no
inherit permissions = yes
vfs objects = shadow_copy2 zfsacl recycle
recycle:repository = .recycle/%U
recycle:keeptree = yes
recycle:versions = yes
recycle:touch = yes
recycle:directory_mode = 0777
recycle:subdir_mode = 0700
shadow:format = auto-%Y%m%d-%H%M%S
shadow:snapdir = .zfs/snapshot
shadow:sort = desc
shadow:localtime = yes
veto files = /.zfs/
valid users = @admin

Thanks, Chris.

[Nostalgist92]

Woah! Wall of text haha

An easy tool you can use to check owner/groups of the directories is WinSCP.
You said you added it via the webgui which would likely mean the folder was made with the owner as root and group as wheel.

I'd probably add a new group using the webgui, call it something like 'zen-writeaccess' or something. Whatever you like really. Then in the users group of the webgui just go in to each user you want to give write access to the folder to and add them to the 'zen-writeaccess' group.

Once you've done that fire up WinSCP, log in to the NAS, navigate to where said "zen" folder is, right click it and change the group to your newly made group. See how you go with that.

If you need to know anything about WinSCP/how to use it or whatever just let us know in a reply.
[Edit] You do have the right permissions though! rwxrwxr-x will stop anyone who is not the owner or part of the group from writing in to it but still allow read access.