samba - Jun 2005 - Unusual permissions problem

Hello,

I have an issue with samba-3.0.10-1.fc3 permissions.

The situation is this:

I have a client that wants one user to have write permission to a directory, but
a GROUP of users to have read access.  Simple,
right?  First, I set up the directory structure per Linux:

(According to the samba guide, it's more efficient to use sticky bits on the
directory instead of using the force user clause in the
smb.conf file.)

drwsr-s---   2 tcuser tcgroup 8.0K Jun 10 08:06 timecards

Testing:
	Log in as a user who is a member of the tcgroup, can read all files in the
tree:  Success
	Log in as tcuser, can read, write, and delete all files in the tree:  Success

So I'm feeling pretty good about the Linux permissions.  Now time to create
the share:


[timecards]
   comment = Timecards
   path = /timecards
   create mask = 0640
   write list = tcuser
   valid users = tcuser, @tcgroup

If I understand correctly, and obviously I don't, the write list and valid
users lines are redundant, as Samba is supposed to use
the file system permissions.

Now the issue:

I log in (via smbclient) as tcuser:  Success

Put a file into the share:  Success

Rename the file:  Success

Get the file back:  Access Denied.

So this user can put files but cannot read them back.  (!)

The really strange thing is if I set the world read bit to the file, then tcuser
can read the file just fine, but from a Linux file
permission perspective, that's a really bad thing, right?

Any advice for this?

Many thanks in advance,

-=Ray

Replying to my own message.	

It turns out the I have samba-vscan-clamav installed, and it WAS running as
clamav, which of course couldn't read the file.  I have
the access such that vscan failure = access denied, so changed the running user
to root for the clamav service and life is good.

Thanks,

-=Ray
> -----Original Message-----
> From: samba-bounces+rsa=rb-com.com@lists.samba.org 
> [mailto:samba-bounces+rsa=rb-com.com@lists.samba.org] On 
> Behalf Of Ray Anderson
> Sent: Friday, June 10, 2005 8:23 AM
> To: samba@lists.samba.org
> Subject: [Samba] Unusual permissions problem
> 
> Hello,
> 
> I have an issue with samba-3.0.10-1.fc3 permissions.
> 
> The situation is this:
> 
> I have a client that wants one user to have write permission 
> to a directory, but a GROUP of users to have read access.  Simple,
> right?  First, I set up the directory structure per Linux:
> 
> (According to the samba guide, it's more efficient to use 
> sticky bits on the directory instead of using the force user 
> clause in the
> smb.conf file.)
> 
> drwsr-s---   2 tcuser tcgroup 8.0K Jun 10 08:06 timecards
> 
> Testing:
> 	Log in as a user who is a member of the tcgroup, can 
> read all files in the tree:  Success
> 	Log in as tcuser, can read, write, and delete all files 
> in the tree:  Success
> 
> So I'm feeling pretty good about the Linux permissions.  Now 
> time to create the share:
> 
> 
> [timecards]
>    comment = Timecards
>    path = /timecards
>    create mask = 0640
>    write list = tcuser
>    valid users = tcuser, @tcgroup
> 
> If I understand correctly, and obviously I don't, the write 
> list and valid users lines are redundant, as Samba is supposed to use
> the file system permissions.
> 
> Now the issue:
> 
> I log in (via smbclient) as tcuser:  Success
> 
> Put a file into the share:  Success
> 
> Rename the file:  Success
> 
> Get the file back:  Access Denied.
> 
> So this user can put files but cannot read them back.  (!)
> 
> The really strange thing is if I set the world read bit to 
> the file, then tcuser can read the file just fine, but from a 
> Linux file
> permission perspective, that's a really bad thing, right?
> 
> Any advice for this?
> 
> Many thanks in advance,
> 
> -=Ray
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>