A big change for Samba in Ubuntu 22.04 and how to get around it

A big change for Samba in Ubuntu 22.04 and how to get around it

If you’re having trouble sharing out your ~Public directory in Ubuntu 22.04, Jack Wallen has the fix for you.

Tired woman working on laptop at home during night time
Image: rh2010/Adobe Stock

With the release of Ubuntu 22.04, several changes occurred under the hood to make this latest LTS release one of the best in the history of the Canonical-backed Linux distribution. But there’s one change that has caused a bit of a stir. That problem is the default permissions of the user’s home directories.

Previously, the user’s home directory permission was set to 755, which allowed other users to view the directory as well as the containing files and sub-directories. To avoid such a security issue, the developers have set the permission to the home directories as 750, which means only the owner of the home directory can view the contents.

If you tend to share out your ~/Public folder, this causes a big problem with Samba, in that the owner of the home directory is the only one who can access or traverse the folder either locally or across your LAN. This change was done purely for security reasons, and I believe it was the right way to go, as there is no reason why other users should be able to view the content of each other’s home directory.

With Samba, even if you use public = yes, only the owner of that home directory can see the share. That means even if you specifically allow others to create and delete files in this folder via the Nautilus Public Properties window (Figure A), it will not work.

Figure A

Image: Jack Wallen/TechRepublic. I’ve set the permissions such that anyone with an account should be able to access the Public folder.

What do you do? I have two possible fixes for this. Let’s dig in.

SEE: 40+ open source and Linux terms you need to know (TechRepublic Premium)

What you’ll need

The only things you need to follow along are a running instance of Ubuntu Linux 22.04 and a user with sudo privileges. With those two things at the ready, let’s get our Samba on.

The easiest but less secure fix

This particular fix is the easiest method of getting around the problem. However – and this is a big however – by using this option, you’re circumventing the security that was added by stripping others of the right to view your home directory.

If you’re okay with that, you could get around the update by changing the permission of your home directory back to 755 with the command:

chmod o+rx /home/USER

Where USER is your username.

That alone should solve your problem, but it’s not exactly the most secure fix.

The less easy but more secure fix

Should that not be an option, you could always use the Samba force user directive, which forces the guest user to masquerade as you. This retains the security measure but allows other users to browse the contents of your ~/Public directory.

To use this method, open the Samba configuration file with:

sudo nano /etc/samba/smb.conf

You should find at the bottom of that file the entry for your Public share, which might look something like this:

[Public]
path = /home/jack/Public
public = yes
guest only = yes
browsable = yes
writable = no
read only = no
force create mode = 0666
force directory mode = 0777

At the bottom of that section, add the following line:

force user = USER

Where USER is your username. Save and close the file. Restart Samba with:

sudo systemctl restart smbd

At this point, any user on your Linux system will be able to view the contents of the ~/Public share by using their login credentials when they connect to Samba.

The challenging but most secure fix

The best option would be to share a directory outside of your home because it avoids the entire permissions issue. Let’s create a new directory with the command:

sudo mkdir /data

Change the permission of that directory with:

sudo chmod -R ugo+rw /data

Now, let’s create the share. Open the Samba configuration with:

sudo nano /etc/samba/smbd.conf

At the bottom of that file, paste the following:

[data]
path = /data
guest only = yes
browsable = yes
writable = no
read only = no
force create mode = 0666
force directory mode = 0777

Save and close the file. Restart Samba with:

sudo systemctl restart smbd

Now, you should see the new data share, which any user with an account on the system should be able to access. You could also add public = yes to give anonymous access to the share.

And that’s all there is to helping Samba get around the new home directory permissions in Ubuntu Linux 22.04. If you’re unsure which solution to use, I’d go with the final option, as it’s more secure. Either way, you go, you’ll be able to give those users access to the content of your Samba shares, whether they are in your home directory or not.

Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.

Source of Article