samba - Oct 2005 - [Possible BUG] Samba v3.0.20b and permissions POSIX/Samba

hi list,

i experienced a weird behaviour of samba in the latest versions 
(3.0.20[a,b]) on XFS:

directory:

/data (owner=iso,group=edv)
permissions: 2770

if i put a file in there with permissions 644 (owner=root,group=edv) i 
cannot delete it. windows tells even tells me, that it's readonly (read 
only bit set). and that's the only difference: 3.0.14a doesn't show the 
file as read only.

filer:/usr/local/samba/sbin # l /data/
insgesamt 0
drwxrws---  2 iso  edv      72 2005-10-20 12:53 ./
drwxr-xr-x  8 root root    200 2005-10-20 11:24 ../
-rw-r--r--  1 root edv       0 2005-10-20 12:53 testfile

i can delete the file directly in the filesystem as user iso or with 
samba v3.0.14a, which seems to be normal.

there's a new parameter since 3.0.20 "acl check permissions". i
played
around with this but it didn't change anything. what does it mean by the 
way?

my smb.conf:
[global]
         workgroup = DOMAIN
         printing = cups
         printcap name = cups
         load printers = yes

         security = domain
         guest account = gast
         guest ok = no

         host msdfs = yes

         local master = no
         domain master = no

         acl check permissions = yes  # no matter if on or off
         store dos attributes = yes

         map archive = no
         map system = no
         map hidden = no
         unix extensions = no

         idmap backend = idmap_rid:DOMAIN=10000-20000
         idmap uid = 10000-20000
         idmap gid = 10000-20000
         winbind enum users = no
         winbind enum groups = no
         template shell = /bin/bash
         allow trusted domains = no
         winbind trusted domains only =no
         winbind use default domain = yes


[test]
    path = /data/
    browseable = no
    writeable = yes
    force create mode = 0660
    force directory mode = 770

    inherit permissions = yes
    force group = edv
    force user = iso
    valid users = @edv DOMAIN\iso
    vfs object = netatalk
    delete veto files = yes


thx in advance!!!


-- 
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution (IT)
Deutscher Platz 6
D-04103 Leipzig
Germany

Phone: 49 (0)341 - 3550 137

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Michael Gasch wrote:
> hi list,
> 
> i experienced a weird behaviour of samba in the latest versions
> (3.0.20[a,b]) on XFS:
> 
> directory:
> 
> /data (owner=iso,group=edv)
> permissions: 2770
> 
> if i put a file in there with permissions 644 (owner=root,group=edv) i
> cannot delete it. windows tells even tells me, that it's readonly (read
> only bit set). and that's the only difference: 3.0.14a doesn't show
the
> file as read only.
This has been a debated issues on the technical list.  There's a
new parameter in 3.0.21pre1 called 'map read only'.  Let me summarize
it like this.

In the absence of 'store dos attributes = yes' and the ability
to represent DOS attribute bits separately from permission bits,
we have two choices.

(a) May the read only DOS attrib bit to the inverse of the
user write bit (this is what we did prior to the 3.0.20 series),
or

(b) represent the read only attribute based on whether the
user can actually write to the file.

If the 'R' DOS attribute is set, Windows will not allow you
to delete the file IIRC which is probably what you are hitting.
In 3.0.21pre1 'map read only = yes' should give you 3.0.14a behavior.

The problem in the current 3.0.20 behavior (which might be
considered a bug) is that we do not take the parent directory
permissions into account when determining whether the user
has write  access or not to a given file.  And hence this is
another argument to stay away from user space access checks.
But we have no choice with the changes in WinXP sp2 and file
deletion.

Does this help explain the behavior?





cheers, jerry
====================================================================Alleviating
the pain of Windows(tm)      ------- http://www.samba.org
GnuPG Key                ----- http://www.plainjoe.org/gpg_public.asc
"There's an anonymous coward in all of us."              
--anonymous
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDV6kVIR7qMdg1EfYRAlfkAJ9lTSgNasw6zs9QhxfNWCe4s8vuYgCfZBTc
d3C1mpsyuyqN23QBSfEavs4=rUnL
-----END PGP SIGNATURE-----