I live in Italy and my internet service provider is TIM. I've got the "TIM HUB" as router, which is a branded product from Technicolor (product name: AGHP, software version: AGTHP_1.0.5). I've plugged an external hard drive to a USB port of the router. I suppose the resource is shared via Samba Filesharing (but I'm not an expert). Anyway, I can access the HD, I see the files, I can create, modify and delete many of them, but sometimes I can't delete the file and I get a permission error. If I look at permissions in Windows I see there are two users named "S-1-22-1-0" and "S-1-22-2-0" with full control, and my user doesn't have full control. I can't change this permission and if I try I get an error "failed to enumerate objects in the container. Access is denied". What should I do?
Samba – TIM Router and USB Device Permissions
permissionsroutersambausb
Related Solutions
- Open a Command Prompt with administrative privileges.
Run following commands, one at a time (change "Z:\Program Files" with folder you want to delete):
takeown /F "Z:\Program Files" /A /R /D Y icacls "Z:\Program Files" /T /grant administrators:F rd /s /q "Z:\Program Files"
Note 1 - OS Language: takeown ... /D Y The input Y stands for 'Yes' and will be different depending on OS Language. Program Files folder may also be named differently.
Note 2 - Older versions of Windows: If icacls and rd are not supported then try use cacls and rmdir instead
Explanation and documentation:
The issue might be that you do not have the correct permissions in the discretionary access control lists (DACLs) for the folder and its content. DACLs identifies the trustees that are allowed or denied access to a securable object. So simply giving the ownership to the folder might not be enough, but you also needs to grant permission in the DACLs. You can grant permission using the icacls command as shown as example above. Access Control Lists and DACLs explained
takeown takeown documentation Administrator recovers access to a directories and it's content that previously was denied, by making the administrators group the owner. /F [directory] specifies which directory, /A gives ownership to administrators group, /R performs it as recursive operation on directory, all files and sub-directories, /D suppresses confirmation prompts when user does not have "List Folder" permission with following Y option which take ownership of the directory. (Note: The Y option may be different depending on OS language).
icacls icacls documentation Grants the administrators group full access DAC permissions to directory. [directory] specify which directory, /T performs the operation on all specified files in directory and sub-directories, /grant grants specified user access rights with :F which gives full access. (Note: The group name administrators may be different depending on OS language)
rd rd documentation Deletes the directory with all its sub-directories and files. /s deletes the specified directory and its sub-directories including all files, /q specifies quiet mode so you get no prompt for confirmation, [directory] specify which directory to delete.
Try this config (for share sections):
[Share]
path = /var/samba
valid users = @everybody
force group = +everybody
writeable = yes
create mask = 0660
force create mode = 0110
directory mask = 0770
[folderA]
path = /var/samba/folderA
valid users = @users_folderA
force group = +users_folderA
browseable = no
[folderB]
path = /var/samba/folderB
valid users = @users_folderB
force group = +users_folderB
browseable = no
[folderC]
path = /var/samba/folderC
valid users = @users_folderC
force group = +users_folderC
browseable = no
[folderD]
path = /var/samba/folderD
valid users = @users_folderD
force group = +users_folderD
browseable = no
Do not forget to check the config and restart samba:
# testparm
# service smbd restart
# service nmbd restart
Set permissions:
chown root:everybody /var/samba
chmod 770 /var/samba
chown root:users_folderA /var/samba/folderA
chmod 2770 /var/samba/folderA
chown root:users_folderB /var/samba/folderB
chmod 2770 /var/samba/folderB
chown root:users_folderC /var/samba/folderC
chmod 2770 /var/samba/folderC
chown root:users_folderD /var/samba/folderD
chmod 2770 /var/samba/folderD
This way direct access to internal folders is not allowed. Moreover, they are not visible at all and can only be accessed through the parent folder.
Best Answer
An explanation for these SIDs is found in the notes Samba 3 User and Group Changes :
The problem you are experiencing is then explained:
The solution that is proposed is as follows:
Therefore, your choices as I see them are :
S-1-22the necessary "everyone" permissions. This will require good knowledge about the router's Linux and Samba versions, and a mistake is certainly possible.