How to set up guest access to a samba shared directory between two Linux computers

Question

Preface: I know that many people have asked similar questions over the years. I have read many responses to these questions, and blog entries on other sites, but I am still unable to configure samba to do what I want.

I have two Linux computers (running Fedora 37) on a local network, pw-tower and pw72. pw-tower has some data files that I want to be able to read (not write) from pw72. Because the data files are not sensitive, and because I am making the files read-only from pw72, I want the convenience of not having to type a password each time I want to mount the share.

pw-tower hosts a Samba server. Here are the relevant sections from /etc/samba/smb.conf:

[global]

workgroup = WORKGROUP
server string = Samba Server Version %v
netbios name = pw-tower
hosts deny = ALL
hosts allow = 192.168.1. 127.
interfaces = enp1s0 lo
guest account = repair
security = user
passdb backend = tdbsam

[data]
comment = Shared data stored on a large removeable drive
path = /run/media/david/D2T-07202016/data
browseable = yes
read only = yes
guest ok = yes
writable = no

There is a 'repair' account on both pw-tower and pw72. They each have the same password. Plus I used smbpasswd to set the same password for 'repair' on pw-tower.

I set the permissions for /run/media/david/D2T-07202016/data so that the 'repair' user can read this directory.

$ ls -ld /run/media/david/D2T-07202016/data
drwxrwxrwx. 14 david samba_file_readers 4096 Jun  3 09:32 /run/media/david/D2T-07202016/data

Both 'david' and 'repair' are members of the 'samba_file_readers' group.

Finally, I am trying to mount the 'data' share on pw72 with commands such as the following:

sudo mount -t cifs //pw-tower/data /mounts/pw-tower-data -o username=repair,sec=none,guest

I either get prompted for a password or I get a permission denied error (mount error(13): Permission denied).

The only way I have been able to log in without typing a password is by setting up a credentials file for 'david' on pw72. But this is not a permanent solution because I am not comfortable having my password in a plaintext file no matter what the file's permissions are. When I set up a similar credentials file for 'repair', I got permission denied. I would be OK with having the 'repair' password in a file although it is not ideal.

I know that Samba works slightly differently on some Linux computers. I know that guest access is supported and many people have gotten it to work. I am open to any suggestions.

Answer 1

You have done everything wrong. A Samba 'guest' user is supposed to be unknown to Samba, so delete the Samba users you have created. Add 'guest only = yes' to the share and 'map to guest = bad user' to the 'global]' part of your smb.conf Finally, Samba is suppose to work the same on all distros (provided they are using the same version).

Answer 2

I figured out what was wrong: one of the directories in the path that I wanted to share had permissions rwxr-x---.

$ ls -ld /run
drwxr-xr-x. 52 root root 1520 Jun  4 12:49 /run
$ ls -ld /run/media
drwxr-xr-x. 3 root root 60 Jun  3 01:51 /run/media
$ ls -ld /run/media/david
drwxr-x---+ 3 root root 60 Jun  3 01:51 /run/media/david

To fix the problem, I did this:

$ sudo chmod 755 /run/media/david
$ ls -ld /run/media/david
drwxr-xr-x+ 3 root root 60 Jun  3 01:51 /run/media/david

After that change, the mount command on pw72 (the client computer) worked.

I also followed Rowland Perry's advice, adding 'guest only = yes' to the [data] share and 'map to guest = bad user' to the [global] section of smb.conf. Then I ran testparm and restarted smb and nmb with sudo systemctl restart smb nmb. Next I issued the following mount command on the client machine:

sudo mount -t cifs //pw-tower/data /mounts/pw-tower-data -o guest

Here is the output of the above command (before I fixed the permissions issue on /run/media/david):

mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg)

And here is the output of dmesg:

[1184391.470699] CIFS: Attempting to mount \\pw-tower\data
[1184391.484290] CIFS: VFS: cifs_mount failed w/return code = -13

On the computer that hosts the Samba server, I ran sudo systemctl status smb and got this output:

Jun 04 11:54:03 pw-tower smbd[86079]: [2023/06/04 11:54:03.635577,  0] ../../source3/smbd/smb2_service.c:168(chdir_current_service)
Jun 04 11:54:03 pw-tower smbd[86079]:   chdir_current_service: vfs_ChDir(/run/media/david/D2T-07202016/data) failed: Permission denied. Current token: uid=99, gid=99, 1 groups: 99
Jun 04 11:54:03 pw-tower smbd[86079]: [2023/06/04 11:54:03.636304,  0] ../../source3/smbd/smb2_service.c:168(chdir_current_service)
Jun 04 11:54:03 pw-tower smbd[86079]:   chdir_current_service: vfs_ChDir(/run/media/david/D2T-07202016/data) failed: Permission denied. Current token: uid=99, gid=99, 1 groups: 99
Jun 04 11:54:03 pw-tower smbd[86079]: [2023/06/04 11:54:03.636968,  0] ../../source3/smbd/smb2_service.c:168(chdir_current_service)
Jun 04 11:54:03 pw-tower smbd[86079]:   chdir_current_service: vfs_ChDir(/run/media/david/D2T-07202016/data) failed: Permission denied. Current token: uid=99, gid=99, 1 groups: 99

Note that uid=99 is the user nobody.

Based on the Samba log file, it appears that the problem is with the permissions of the data directory. But the permissions are wide open.

$ ls -ld /run/media/david/D2T-07202016/data
drwxrwxrwx. 14 david samba_file_readers 4096 Jun  3 09:32 /run/media/david/D2T-07202016/data

For good measure, I added the user nobody to the group samba_file_readers but the result was the same.

Bottom line: the problem is now solved. Thanks to everyone's suggestions.