On 10/27/2020 12:50 PM, Rowland penny via samba wrote:> On 27/10/2020 18:35, Dan Egli via samba wrote: >> I'm really confused about something. It seems like on my samba server >> the user AND GROUP permissions must match for me to access any files in >> my home directory. Here's an example of what I mean: ($ = at unix shell, >>> = in smbclient) >> $ mkdir ~dan/test1 >> $ chmod 700 ~dan/test1 >> $ smbclient -U dan //localhost/dan >>> cd test1 >>> put test1.txt >> (failure, NT_STATUS_ACCESS_DENIED) >>> quit >> $ chmod 070 ~dan/test1 >> $ smbclient -U dan //localhost/dan >>> cd test1 >>> put test1.txt >> (failure, NT_STATUS_ACCESS_DENIED) >>> quit >> $ chmod 770 ~dan/test1 >> $ smbclient -U dan //localhost/dan >>> cd test1 >>> put test.txt >> (SUCCESS) >> >> >> Why on earth would samba even CARE about group permissions when user >> permissions are perfectly fine? Help me fix this? > > What OS ? > > What version of Samba ? > > Please post your smb.conf > > Rowland > >Sorry, Samba? version 4.11.2-13 is running on CentOS? 8.? My smb.conf is shown below, sans comments: [global] ??????? workgroup = EgliFamily ??????? server string = Samba Server Version %v ??????? log file = /var/log/samba/log.%m ??????? max log size = 50 ??????? security = user ?? ???? passdb backend = tdbsam ??? ??? acl allow execute always =? true ??????? load printers = yes ??????? cups options = raw [homes] ??????? comment = Home Directories ??????? browseable = no ??????? writable = yes ??????? directory mask = 770 ??????? create mask = 660 ??????? acl check permissions = no [printers] ??????? comment = All Printers ??????? path = /var/spool/samba ??????? browseable = no ??????? guest ok = no ??????? writable = no ??????? printable = yes -- Dan Egli On my Test server -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 495 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20201027/46f51e32/OpenPGP_signature.sig>
On 10/27/2020 1:08 PM, Dan Egli via samba wrote:> >> What version of Samba ? >> >> Please post your smb.conf >> >> Rowland >> >> > Sorry, Samba? version 4.11.2-13 is running on CentOS? 8.? My smb.conf is > shown below, sans comments: > > > [global] > > ??????? workgroup = EgliFamily > ??????? server string = Samba Server Version %v > ??????? log file = /var/log/samba/log.%m > ??????? max log size = 50 > ??????? security = user > ?? ???? passdb backend = tdbsam > ??? ??? acl allow execute always =? true > ??????? load printers = yes > ??????? cups options = raw > > [homes] > ??????? comment = Home Directories > ??????? browseable = no > ??????? writable = yes > ??????? directory mask = 770 > ??????? create mask = 660 > ??????? acl check permissions = no > > [printers] > ??????? comment = All Printers > ??????? path = /var/spool/samba > ??????? browseable = no > ??????? guest ok = no > ??????? writable = no > ??????? printable = yes > >It's been over 24 hours and no one has even touched this. I could really use a bit of help. Yes, it works when I create the files/dirs in samba because of the masks I set, but that's just a kludge. It shouldn't matter that the GROUP permissions are if the USER permissions allow access and the file is owned by the current user. Help? -- Dan Egli On my Test server -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 495 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20201028/fb5ffb3e/OpenPGP_signature.sig>
> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Dan > Egli via samba > Verzonden: woensdag 28 oktober 2020 9:01 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] odd issue with permisions > > On 10/27/2020 1:08 PM, Dan Egli via samba wrote: > > > >> What version of Samba ? > >> > >> Please post your smb.conf > >> > >> Rowland > >> > >> > > Sorry, Samba? version 4.11.2-13 is running on CentOS? 8.? > My smb.conf is > > shown below, sans comments: > > > > > > [global] > > > > ??????? workgroup = EgliFamily > > ??????? server string = Samba Server Version %v > > ??????? log file = /var/log/samba/log.%m > > ??????? max log size = 50 > > ??????? security = user > > ?? ???? passdb backend = tdbsam > > ??? ??? acl allow execute always =? true > > ??????? load printers = yes > > ??????? cups options = raw > > > > [homes] > > ??????? comment = Home Directories > > ??????? browseable = no > > ??????? writable = yes > > ??????? directory mask = 770 > > ??????? create mask = 660 > > ??????? acl check permissions = no > > > > [printers] > > ??????? comment = All Printers > > ??????? path = /var/spool/samba > > ??????? browseable = no > > ??????? guest ok = no > > ??????? writable = no > > ??????? printable = yes > > > > > > It's been over 24 hours and no one has even touched this. I > could really use a bit of help. Yes, it works when I create the files/dirs in samba > because of the masks I set, but that's just a kludge. > It shouldn't matter that the GROUP permissions are if the USER permissions allow > access and the file is owned by the current user.Offcourse this does matter. You can set a deny on the group and the user cant write, thats simple. And if your in a rush with this, You can get paid support at samba, plain and simple. Also, Its not 24hours.. 19:51 first post yesterday. Now its 09:00, so relax we always try to help but we do also sleep. I guess you do sleep also sometimes.. Remove this part in the home dirs.> > ??????? directory mask = 770 > > ??????? create mask = 660 > > ??????? acl check permissions = noRun : getfacl /home getfacl /home/username Post the outputs. And what is set on the share for security rights, just the defaults? Did you change anything there? And run : chmod 1770 /home/username Then test again. (1 Creator Owner) chmod 3770 /home/username Test again. (3 Creator Group ) chmod 4770 /home/username Test again. (4 Both above ) Last question, how did you create or are the user homedirs created? Greetz, Louis
On 28/10/2020 08:00, Dan Egli via samba wrote:> It's been over 24 hours and no one has even touched this. I could really > use a bit of help. Yes, it works when I create the files/dirs in samba > because of the masks I set, but that's just a kludge. It shouldn't > matter that the GROUP permissions are if the USER permissions allow > access and the file is owned by the current user.Hi, no one on this list gets paid to help, you certainly haven't paid anyone for support, so you have no right to moan about not getting help within 24hrs. The problem is that it works for myself, but I am in a domain and may in fact be using the group as well, I would need to do more testing to see if this is the case, so it needs to go on my to-do list, which is lengthy. You are using a standalone server, so do your users exist as Unix and Samba users ? Rowland
On 10/28/2020 2:16 AM, L.P.H. van Belle via samba wrote:> >> -----Oorspronkelijk bericht----- >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Dan >> Egli via samba >> Verzonden: woensdag 28 oktober 2020 9:01 >> Aan: samba at lists.samba.org >> Onderwerp: Re: [Samba] odd issue with permisions >> >> On 10/27/2020 1:08 PM, Dan Egli via samba wrote: >>>> What version of Samba ? >>>> >>>> Please post your smb.conf >>>> >>>> Rowland >>>> >>>> >>> Sorry, Samba? version 4.11.2-13 is running on CentOS? 8.? >> My smb.conf is >>> shown below, sans comments: >>> >>> >>> [global] >>> >>> ??????? workgroup = EgliFamily >>> ??????? server string = Samba Server Version %v >>> ??????? log file = /var/log/samba/log.%m >>> ??????? max log size = 50 >>> ??????? security = user >>> ?? ???? passdb backend = tdbsam >>> ??? ??? acl allow execute always =? true >>> ??????? load printers = yes >>> ??????? cups options = raw >>> >>> [homes] >>> ??????? comment = Home Directories >>> ??????? browseable = no >>> ??????? writable = yes >>> ??????? directory mask = 770 >>> ??????? create mask = 660 >>> ??????? acl check permissions = no >>> >>> [printers] >>> ??????? comment = All Printers >>> ??????? path = /var/spool/samba >>> ??????? browseable = no >>> ??????? guest ok = no >>> ??????? writable = no >>> ??????? printable = yes >>> >>> >> It's been over 24 hours and no one has even touched this. I >> could really use a bit of help. Yes, it works when I create the files/dirs in samba >> because of the masks I set, but that's just a kludge. >> It shouldn't matter that the GROUP permissions are if the USER permissions allow >> access and the file is owned by the current user. > Offcourse this does matter. > You can set a deny on the group and the user cant write, thats simple. > > And if your in a rush with this, You can get paid support at samba, plain and simple. > Also, Its not 24hours.. 19:51 first post yesterday. Now its 09:00, > so relax we always try to help but we do also sleep. > I guess you do sleep also sometimes.. > > Remove this part in the home dirs. > >>> ??????? directory mask = 770 >>> ??????? create mask = 660 >>> ??????? acl check permissions = no > Run : > getfacl /home > getfacl /home/username# getfacl /home getfacl: Removing leading '/' from absolute path names # file: home # owner: root # group: root user::rwx group::r-x other::r-x # getfacl /home/dan getfacl: Removing leading '/' from absolute path names # file: home/dan # owner: dan # group: dan user::rwx group::rwx other::---> And what is set on the share for security rights, just the defaults? > Did you change anything there?Nothing changed on rights. The ONLY changes I made from the default file are adding the create mask and directory mask lines to the [homes] share and adding the acl that allows programs to be executed.> And run : > chmod 1770 /home/username > Then test again. (1 Creator Owner) > > chmod 3770 /home/username > Test again. (3 Creator Group ) > > chmod 4770 /home/username > Test again. (4 Both above ) >I just tried that, same result each time. When the directory gets created with 755 mode (system default) I can't write to it. NT_STATUS_ACCESS_DENIED every time. By the way, how do I take those items back off? The sticky bit seems to be STUCK. I tried chmod 0770, chmod ug=rwx, regardless the sticky bit stays set for both user and group> Last question, how did you create or are the user homedirs created? >The user homedirs are created by useradd. I'm still open to ideas. -- Dan Egli On my Test server -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 495 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20201028/4d8240b0/OpenPGP_signature.sig>