Samba: Write access rights without read access rights possible

samba

Is it possible on samba to have only write access, but no read access and no browsing rights?

I'm trying to solve the this access problem:

A windows XP or windows7 machine running within a VM is connected to a samba share.

This machine has to write a text file to a shared directory.

(It is acceptable for the machine to write the file locally
and later copy this file to the network.)

The machine may not have rights to read any other files in the shared directory.

It has to give up access to the file it is writing/copying once the file saved fully.

How do I achive this?

Best Answer

TL;DR: Yes, it is possible. On Linux side, give your parent directory permission 300.

Longer explanation:

Note that for files, typical rwx triplet means permission to r = read, w = write and x = execute.

But for directories, such permissions have different meaning: r = browse directory, w = create or delete files, x = descend to directory or below it to access files or directories.

In other words, if you create directory without r permission, then user will not be able to browse it, however he will be able to access files or directories under that directory provided that filename is known beforehand (access means read or write files according to permissions assigned to files themselves).

Keep in mind that Linux permissions work on level lower than Samba permissions, and even if you edit your smb.conf to give apparently wider permissions, Linux level permissions will win if they are stricter than Samba permissions.

For example, this scheme allows to create directory that allows to create files and write to them, but not be able to browse list of those files or read from them:

mkdir dir
chmod 300 dir         # 300 = -wx------

Note that this directory must be created on Linux side - Windows client may not be able to create it with appropriate permissions.

Related Solutions

Ubuntu – Creating a samba share where everyone has write access

In smb.conf, in the shared directory section, place:

create mask = 0644
directory mask = 2777

Initially, use g+s permission on all directories and chown them for the sambashare group. The s bit will keep the group of the files created the same as the directory group (and 2777 will take care of the s bit on the new directories).

How to configure Samba to share (read/write) any folder with root permissions

I am able to do this. For comparison, here is an entry of one of my shares:

[Music] ; user="jlacroix"
force user = jlacroix
path = /home/jlacroix/Music
writable = no
public = yes

Be sure to replace "jlacroix" with the username you use. It should force it to use that user despite what user is actually using the file. So you may need to change "jlacroix" to root. However, I don't advise sharing in this way because you should be careful about what can access root permissive files.

Best Answer

Related Solutions

Ubuntu – Creating a samba share where everyone has write access

How to configure Samba to share (read/write) any folder with root permissions

Related Question