问题[permissions](ubuntu)

在将其标记为重复之前，请注意我已经尝试了此线程中的所有解决方案

我的 /etc/samba/smb.conf

# Sample configuration file for the Samba suite for Debian GNU/Linux.
#
#
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options most of which 
# are not shown in this example
#
# Some options that are often worth tuning have been included as
# commented-out examples in this file.
#  - When such options are commented with ";", the proposed setting
#    differs from the default Samba behaviour
#  - When commented with "#", the proposed setting is the default
#    behaviour of Samba but the option is considered important
#    enough to be mentioned here
#
# NOTE: Whenever you modify this file you should run the command
# "testparm" to check that you have not made any basic syntactic 
# errors. 

#======================= Global Settings =======================

[global]

## Browsing/Identification ###

# Change this to the workgroup/NT-domain name your Samba server will part of
   workgroup = WORKGROUP

# server string is the equivalent of the NT Description field
   server string = %h server (Samba, Ubuntu)

#### Networking ####

# The specific set of interfaces / networks to bind to
# This can be either the interface name or an IP address/netmask;
# interface names are normally preferred
;   interfaces = 127.0.0.0/8 eth0

# Only bind to the named interfaces and/or networks; you must use the
# 'interfaces' option above to use this.
# It is recommended that you enable this feature if your Samba machine is
# not protected by a firewall or is a firewall itself.  However, this
# option cannot handle dynamic or non-broadcast interfaces correctly.
;   bind interfaces only = yes



#### Debugging/Accounting ####

# This tells Samba to use a separate log file for each machine
# that connects
   log file = /var/log/samba/log.%m

# Cap the size of the individual log files (in KiB).
   max log size = 1000

# We want Samba to only log to /var/log/samba/log.{smbd,nmbd}.
# Append syslog@1 if you want important messages to be sent to syslog too.
   logging = file

# Do something sensible when Samba crashes: mail the admin a backtrace
   panic action = /usr/share/samba/panic-action %d


####### Authentication #######

# Server role. Defines in which mode Samba will operate. Possible
# values are "standalone server", "member server", "classic primary
# domain controller", "classic backup domain controller", "active
# directory domain controller". 
#
# Most people will want "standalone server" or "member server".
# Running as "active directory domain controller" will require first
# running "samba-tool domain provision" to wipe databases and create a
# new domain.
   server role = standalone server

   obey pam restrictions = yes

# This boolean parameter controls whether Samba attempts to sync the Unix
# password with the SMB password when the encrypted SMB password in the
# passdb is changed.
   unix password sync = yes

# For Unix password sync to work on a Debian GNU/Linux system, the following
# parameters must be set (thanks to Ian Kahan <<[email protected]> for
# sending the correct chat script for the passwd program in Debian Sarge).
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .

# This boolean controls whether PAM will be used for password changes
# when requested by an SMB client instead of the program listed in
# 'passwd program'. The default is 'no'.
   pam password change = yes

# This option controls how unsuccessful authentication attempts are mapped
# to anonymous connections
   map to guest = bad user

########## Domains ###########

#
# The following settings only takes effect if 'server role = classic
# primary domain controller', 'server role = classic backup domain controller'
# or 'domain logons' is set 
#

# It specifies the location of the user's
# profile directory from the client point of view) The following
# required a [profiles] share to be setup on the samba server (see
# below)
;   logon path = \\%N\profiles\%U
# Another common choice is storing the profile in the user's home directory
# (this is Samba's default)
#   logon path = \\%N\%U\profile

# The following setting only takes effect if 'domain logons' is set
# It specifies the location of a user's home directory (from the client
# point of view)
;   logon drive = H:
#   logon home = \\%N\%U

# The following setting only takes effect if 'domain logons' is set
# It specifies the script to run during logon. The script must be stored
# in the [netlogon] share
# NOTE: Must be store in 'DOS' file format convention
;   logon script = logon.cmd

# This allows Unix users to be created on the domain controller via the SAMR
# RPC pipe.  The example command creates a user account with a disabled Unix
# password; please adapt to your needs
; add user script = /usr/sbin/useradd --create-home %u

# This allows machine accounts to be created on the domain controller via the 
# SAMR RPC pipe.  
# The following assumes a "machines" group exists on the system
; add machine script  = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u

# This allows Unix groups to be created on the domain controller via the SAMR
# RPC pipe.  
; add group script = /usr/sbin/addgroup --force-badname %g

############ Misc ############

# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
;   include = /home/samba/etc/smb.conf.%m

# Some defaults for winbind (make sure you're not using the ranges
# for something else.)
;   idmap config * :              backend = tdb
;   idmap config * :              range   = 3000-7999
;   idmap config YOURDOMAINHERE : backend = tdb
;   idmap config YOURDOMAINHERE : range   = 100000-999999
;   template shell = /bin/bash

# Setup usershare options to enable non-root users to share folders
# with the net usershare command.

# Maximum number of usershare. 0 means that usershare is disabled.
#   usershare max shares = 100

# Allow users who've been granted usershare privileges to create
# public shares, not just authenticated ones
   usershare allow guests = yes

#======================= Share Definitions =======================

# Un-comment the following (and tweak the other settings below to suit)
# to enable the default home directory shares. This will share each
# user's home directory as \\server\username
;[homes]
;   comment = Home Directories
;   browseable = no

# By default, the home directories are exported read-only. Change the
# next parameter to 'no' if you want to be able to write to them.
;   read only = yes

# File creation mask is set to 0700 for security reasons. If you want to
# create files with group=rw permissions, set next parameter to 0775.
;   create mask = 0700

# Directory creation mask is set to 0700 for security reasons. If you want to
# create dirs. with group=rw permissions, set next parameter to 0775.
;   directory mask = 0700

# By default, \\server\username shares can be connected to by anyone
# with access to the samba server.
# Un-comment the following parameter to make sure that only "username"
# can connect to \\server\username
# This might need tweaking when using external authentication schemes
;   valid users = %S

# Un-comment the following and create the netlogon directory for Domain Logons
# (you need to configure Samba to act as a domain controller too.)
;[netlogon]
;   comment = Network Logon Service
;   path = /home/samba/netlogon
;   guest ok = yes
;   read only = yes

# Un-comment the following and create the profiles directory to store
# users profiles (see the "logon path" option above)
# (you need to configure Samba to act as a domain controller too.)
# The path below should be writable by all users so that their
# profile directory may be created the first time they log on
;[profiles]
;   comment = Users profiles
;   path = /home/samba/profiles
;   guest ok = no
;   browseable = no
;   create mask = 0600
;   directory mask = 0700

[printers]
   comment = All Printers
   browseable = no
   path = /var/tmp
   printable = yes
   guest ok = no
   read only = yes
   create mask = 0700

# Windows clients look for this share name as a source of downloadable
# printer drivers
[print$]
   comment = Printer Drivers
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   guest ok = no
# Uncomment to allow remote administration of Windows print drivers.
# You may need to replace 'lpadmin' with the name of the group your
# admin users are members of.
# Please note that you also need to set appropriate Unix permissions
# to the drivers directory for these users to have write rights in it
;   write list = root, @lpadmin

[media]
    comment = Medias
    path = /home/vincent/Media
    read only = yes
    browsable = yes
    public = yes
    guest ok = yes
    guest only = yes
    mangled names = no 

/home/vincent/Media 和内容具有 755 权限

我重启了 samba 服务 sudo service smbd restart

然后，在另一台 Ubuntu 电脑上，我用 Nautilus 连接到网络，找到我的服务器，点击它并选择媒体共享。登录弹出窗口出现，我选择“以匿名方式连接”，然后点击“连接”。结果出现错误：“无法访问位置，无法挂载 Windows 共享：权限被拒绝”。

如果我尝试以注册用户身份连接，用户名为 guest，域为 WORKGROUP，密码为空，然后连接时会收到“无法访问位置，无法挂载 Windows 共享：无效参数”

我正在尝试通过打包程序安装 ubuntu 24.04。我已将用户数据和元数据放在 http 目录下，该目录与 ubuntu 模板位于同一父目录下。

     cd_files = [
    "${var.http_directory}/meta-data",
    "${var.http_directory}/user-data"
  ]
  cd_label = "cidata"
  boot_command = [
    "e<down><down><down><end>",
    " autoinstall ds=nocloud;s=file:///cidata/<wait>",
    "<F10>"
  ]
  ip_wait_timeout        = "20m"

它不会获取用户数据文件进行自动安装，但仍要求用户输入

示例用户数据

#cloud-config
autoinstall:
  version: 1
  early-commands:
    - sudo systemctl stop ssh
  locale: en_US
  identity:
    hostname: ubuntu-server
    username: ubuntu
    ```

Please help me for automatic installation.

这是我第一次使用 Ubuntu Server 或任何需要使用命令提示符的东西。我使用的是 Ubuntu Server 24.04。我在系统上设置了两个 Samba 共享驱动器。它们主要用于文档和照片存储。第一个工作正常，我可以从我的 Windows 机器上毫无问题地访问它及其内容。

我对第二个硬盘进行了相同的设置，我已对一个完整的硬盘进行了分区并将其安装为 fat32，文件系统为 vfat。我可以通过 Windows 查看驱动器并打开它，但我无法将任何东西保存到其中（而且由于它是空的，我不知道我是否可以从中提取任何东西）。我只是弹出一个“您需要权限”框。

我的问题在于/media一个。Ubuntu 安装在 120GB 驱动器上，这是 Samba 共享首次尝试使用的驱动器。/media一个是 1TB HDD 上的单个分区。鉴于我缺乏知识，我认为最好安装一个新的 SSD，开始全新安装并丢弃旧驱动器。

这是我的配置信息。我看不出这里有任何会引起问题的东西，但就像我说的，我对此很陌生。

[sambashare]
   comment = Samba on Ubuntu
   path = /home/ollie/sambashare
   read only = no
   browsable = yes
   public = yes

[bulk]
   comment = bulk
   path = /media
   read only = no
   browsable = yes
   public = yes

编辑：

已重新安装到希望更好的位置/home/ollie/storage。

我尝试使用下面建议的命令使该分区对所有人都可写入，但访问被拒绝。

/dev/sda1: UUID="033D-1E2C" BLOCK_SIZE="512" TYPE="vfat" PARTUUID="61dfcddd-01"
/dev/sdb1: PARTLABEL="Microsoft reserved partition" PARTUUID="c0258793-6786-4438-b8e2-dffa73ce487c"
/dev/sdc1: PARTUUID="3481976b-9b16-466a-879f-1117a8833016"
ollie@winchester:~$ UUID=033D-1E2C /home/ollie/storage vfat defaults,umask=000 0 0
-bash: /home/ollie/storage: Is a directory
ollie@winchester:~$ UUID=033D-1E2C /dev/sda1 vfat defaults,umask=000 0 0
-bash: /dev/sda1: Permission denied

编辑：

尝试添加权限以使分区可写。

sudo nano /etc/fstab显示：

/dev/disk/by-uuid/1d277102-f481-4f85-bdd3-b60a60f27b9f / ext4 defaults 0 1
/swap.img       none    swap    sw      0       0
/dev/sda1       /home/ollie/storage     vfat    conv=b  0       0

为什么除了 /root 之外还有另一个根文件夹？当我使用 root 权限编辑文件时是否会创建此文件夹sudo nvim /etc/sudoers？

pm-suspend 必须由 root 运行：

he@x22:~/hep/links$ /usr/sbin/pm-suspend
This utility may only be run by the root user.

我建了一个链接，pms：

he@x22:~/hep/links$ ls -l pms
lrwxrwxrwx 1 he he 20 dec 17 22:13 pms -> /usr/sbin/pm-suspend

和预期的一样：

he@x22:~/hep/links$ ./pms
This utility may only be run by the root user.

但如果我更改目录并将 ~/hep/links 添加到路径中，它对普通用户来说就可以工作：

he@x22:~$ pms
whoami root

为了查看有效用户是谁，我在 /usr/sbin/pm-suspend 的顶部插入了：

#!/bin/sh
echo whoami $(whoami)
.....

root@x22:/home/he/hep/scripts# type -a pms
pms är ett alias för ”sudo pm-suspend”
pms är /home/he/hep/scripts/pms
pms är /home/he/hep/links/pms

有人能解释一下这里发生了什么吗？

我想配置完整的每月备份设置以仅备份我的用户数据，而不是操作系统。如果我需要进行完整恢复，我会重新安装 Ubuntu，然后重新添加我的数据。/home 目录中是否包含所有特定于我的数据，包括我在各种应用程序（如 Tbird、Firefox 等）中所做的设置更改、配置文件等？（我更频繁地对最常用的文件夹进行增量备份。）我是这个系统 Ubuntu 22.04 上的唯一用户。

GParted 突然需要 root 权限。这是在我尝试打开加密 USB 上的“lost+found”文件夹后发生的，该文件夹两次要求 root 权限，但我最终在打开之前退出了，这可能与此有关？

输入 root 密码后，GParted 开始扫描位置，并且花了很长时间打开，所以我关闭了它，因为它以前从来没有这样做过。

我读到过 GUI 不应该以 root 权限运行，那么有没有办法可以恢复到不使用 root 权限的情况？

有人能告诉我以 root 身份使用 GParted 是否安全吗，或者我是否应该卸载并重新安装才能使其像以前一样工作？推荐的卸载/重新安装方法是什么？

我做了一件非常愚蠢的事。

在 SSD 卡的根目录下，我运行了：sudo chown -R root:root .当我应该运行：现在，当我以我的用户名sudo chown -R myusername:myusername .登录时，我无法访问整个 SSD 的文件/目录

进入终端sudo root并浏览 SSD 现在显示一个空目录。

结果sudo ls -al：

drwxrwxrwx    3 root root  4096 Feb 11  2023 foo
drwxrwxrwx    2 root root  4096 Nov 28 14:26 fii
drwxr-xr-x    5 root root  4096 Nov 28 14:26 thumb
drwxrwxrwx    2 root root  4096 Nov 28 14:26 fooder
-rwxr-xr-x    1 root root    69 Nov 18  2023 datab.vdf
drwx------    2 root root 16384 Dec  6 17:35 lost+found
drwxrwxrwx    2 root root  4096 Nov 28 14:26 meta
-rw-rw-rw-    1 root root  4656 Mar 23  2023 noob.out
drwxrwxrwx    2 root root  4096 Feb 10  2023 nerds

find . -type d -exec chmod +x {} \\;

我发现上述命令不是解决方案。

我无法更改到目录，但我可以用列出其内容ls -la，它看起来像这样。

d????????? ? ? ? ?            ?  .
d????????? ? ? ? ?            ?  ..
?????????? ? ? ? ?            ? '30drop - Tools For The Dimensional Step [2015] [FLAC]'
?????????? ? ? ? ?            ? 'Ada Kaleh - Zâna Zorilor'
?????????? ? ? ? ?            ? 'Aes Dana - Perimeters [2011] [FLAC]'
?????????? ? ? ? ?            ? 'After Hour - Feel It & Waterfalls [1991] [FLAC]'

我尝试更改所有者，并尝试将权限设置为 777，但都不起作用。要么这样，要么那样permission denied。operation not permitted文件肯定在那里，而且没有被删除，但我如何重新获得对它们的访问权限？

我真的不知道为什么chmod -x递归命令会如此危险，但它确实是如此。

我在 Ubuntu 20.04 上并尝试以 root 身份运行命令，但没有使用 sudo 而是使用粘滞位。

我已阅读过这个答案，但似乎无法让它发挥作用。

我创建了一个名为的脚本，whoami_root用于向用户显示它正在运行。

输出cat whoami_root：

#!/bin/bash
whoami

我已经跑sudo chown root whoami_root了sudo chmod u+s whoami_root

输出ll whoami_root：

-rwsr-xr-x 1 root root 20 Nov  6 23:33 whoami_root

输出./whoami_root

myuser

为什么它似乎忽略了 suid 位并以 myuser 而不是 root 身份运行？