Marc Schiffbauer
2010-Jun-13 22:59 UTC
[Samba] group permissions broken after upgrade 3.2.5 -> 3.4.8: deleting of files denied
Hi, I am having a problem with group permissions after Samba upgrade. On one share there are several directorries owned by different users. No posix acl or user_xattr on the filesystem so far. Samba is configured so that directory permission is always 0770 and file permission is always 0660: any user in the domain can do anything with the files and directories (all users have the same primary group which is the same as the file and dir group). That worked very well until the upgrade. Users could do anything within the share: create, modify and delete files and directories. Now after the upgrade delete operations on files do not work anymore until a user owns the parent directory or has world write access to it (windows client (XP SP2) gets a permission denied error). This is strange because a user can still create files within a dir that he does not own, so this can only be permitted by group permission, but deleting the same file gives a permission denied. What might cause this? Is this a known bug in samba 3.4.8? Any idea someone? TIA -Marc PS: some details: share: -------------------------- [userdata] comment = User Data path = /home/userdata read only = No create mode = 0660 directory mode = 0770 force create mode = 0660 force directory mode = 0770 -------------------------- filesystem: samba-server:/home/userdata/Temp# ls -la total 68 drwxrwx--- 4 user1 domusr 4096 2010-06-13 19:28 . drwxrwxr-x 10 root domusr 4096 2010-06-11 11:36 .. -rw-rw---- 1 user2 domusr 24064 2010-06-10 15:39 Liste.doc -rw-rw---- 1 user2 domusr 0 2010-06-12 14:32 Liste mit Preisen.doc drwxrwx--- 2 user1 domusr 4096 2010-06-12 02:47 Neuer Ordner -rw-rw---- 1 user1 domusr 20480 2010-06-11 17:44 Rechnungen.doc drwxrwx--- 2 user3 domusr 8192 2010-05-31 21:20 Schriftarten (here user2 cannot delete "Liste.doc" for example although he could create it) -- 8AAC 5F46 83B4 DB70 8317 3723 296C 6CCA 35A6 4134
Christian PERRIER
2010-Jun-14 05:15 UTC
[Samba] group permissions broken after upgrade 3.2.5 -> 3.4.8: deleting of files denied
Quoting Marc Schiffbauer (marc at schiffbauer.net):> Now after the upgrade delete operations on files do not work anymore > until a user owns the parent directory or has world write access to > it (windows client (XP SP2) gets a permission denied error). > > This is strange because a user can still create files within a dir > that he does not own, so this can only be permitted by group permission, > but deleting the same file gives a permission denied. > > What might cause this? Is this a known bug in samba 3.4.8?How about looking in log files, preferrably after raising the log level to 3?
Marc Schiffbauer
2010-Jun-14 09:12 UTC
[Samba] group permissions broken after upgrade 3.2.5 -> 3.4.8: deleting of files denied
* Christian PERRIER schrieb am 14.06.10 um 07:15 Uhr:> Quoting Marc Schiffbauer: > > > Now after the upgrade delete operations on files do not work anymore > > until a user owns the parent directory or has world write access to > > it (windows client (XP SP2) gets a permission denied error). > > > > This is strange because a user can still create files within a dir > > that he does not own, so this can only be permitted by group permission, > > but deleting the same file gives a permission denied. > > > > What might cause this? Is this a known bug in samba 3.4.8? > > > How about looking in log files, preferrably after raising the log > level to 3? >Hi Christian, sorry, I did not mention this: I already had a look at the log, which shows nothing special ate log level 2 and this on log level 3. Do you see anything special here? [2010/06/14 11:08:18, 3] smbd/process.c:1459(process_smb) Transaction 40241 of length 142 (0 toread) [2010/06/14 11:08:18, 3] smbd/process.c:1273(switch_message) switch message SMBntcreateX (pid 24750) conn 0xb8628478 [2010/06/14 11:08:18, 3] smbd/vfs.c:865(check_reduced_name) reduce_name [Temp/Neu Textdokument.txt] [/home/userdata] [2010/06/14 11:08:18, 3] smbd/vfs.c:974(check_reduced_name) reduce_name: Temp/Neu Textdokument.txt reduced to /home/userdata/Temp/Neu Textdokument.txt [2010/06/14 11:08:18, 3] smbd/error.c:60(error_packet_set) error packet at smbd/nttrans.c(563) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED [2010/06/14 11:08:18, 3] smbd/process.c:1459(process_smb) Transaction 40242 of length 142 (0 toread) [2010/06/14 11:08:18, 3] smbd/process.c:1273(switch_message) switch message SMBntcreateX (pid 24750) conn 0xb8628478 [2010/06/14 11:08:18, 3] smbd/vfs.c:865(check_reduced_name) reduce_name [Temp/Neu Textdokument.txt] [/home/userdata] [2010/06/14 11:08:18, 3] smbd/vfs.c:974(check_reduced_name) reduce_name: Temp/Neu Textdokument.txt reduced to /home/userdata/Temp/Neu Textdokument.txt [2010/06/14 11:08:18, 3] smbd/error.c:60(error_packet_set) error packet at smbd/nttrans.c(563) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED [2010/06/14 11:08:18, 3] smbd/process.c:1459(process_smb) Transaction 40243 of length 132 (0 toread) [2010/06/14 11:08:18, 3] smbd/process.c:1273(switch_message) switch message SMBtrans2 (pid 24750) conn 0xb8628478 [2010/06/14 11:08:18, 3] smbd/trans2.c:3956(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2010/06/14 11:08:18, 3] smbd/vfs.c:865(check_reduced_name) reduce_name [Temp/Neu Textdokument.txt] [/home/userdata] [2010/06/14 11:08:18, 3] smbd/vfs.c:974(check_reduced_name) reduce_name: Temp/Neu Textdokument.txt reduced to /home/userdata/Temp/Neu Textdokument.txt [2010/06/14 11:08:18, 3] smbd/trans2.c:4070(call_trans2qfilepathinfo) call_trans2qfilepathinfo Temp/Neu Textdokument.txt (fnum = -1) level=1004 call=5 total_data=0 [2010/06/14 11:08:18, 3] smbd/process.c:1459(process_smb) Transaction 40244 of length 132 (0 toread) [2010/06/14 11:08:18, 3] smbd/process.c:1273(switch_message) switch message SMBtrans2 (pid 24750) conn 0xb8628478 [2010/06/14 11:08:18, 3] smbd/trans2.c:3956(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2010/06/14 11:08:18, 3] smbd/vfs.c:865(check_reduced_name) reduce_name [Temp/Neu Textdokument.txt] [/home/userdata] [2010/06/14 11:08:18, 3] smbd/vfs.c:974(check_reduced_name) reduce_name: Temp/Neu Textdokument.txt reduced to /home/userdata/Temp/Neu Textdokument.txt [2010/06/14 11:08:18, 3] smbd/trans2.c:4070(call_trans2qfilepathinfo) call_trans2qfilepathinfo Temp/Neu Textdokument.txt (fnum = -1) level=1004 call=5 total_data=0 [2010/06/14 11:08:18, 3] smbd/process.c:1459(process_smb) Transaction 40245 of length 80 (0 toread) [2010/06/14 11:08:18, 3] smbd/process.c:1273(switch_message) switch message SMBtrans2 (pid 24750) conn 0xb8628478 [2010/06/14 11:08:18, 3] smbd/trans2.c:3956(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2010/06/14 11:08:18, 3] smbd/vfs.c:865(check_reduced_name) reduce_name [.] [/home/userdata] [2010/06/14 11:08:18, 3] smbd/vfs.c:974(check_reduced_name) reduce_name: . reduced to /home/userdata [2010/06/14 11:08:18, 3] smbd/trans2.c:4070(call_trans2qfilepathinfo) call_trans2qfilepathinfo . (fnum = -1) level=1004 call=5 total_data=0 [2010/06/14 11:08:18, 3] smbd/process.c:1459(process_smb) Transaction 40246 of length 74 (0 toread) [2010/06/14 11:08:18, 3] smbd/process.c:1273(switch_message) switch message SMBtrans2 (pid 24750) conn 0xb8628478 [2010/06/14 11:08:18, 3] smbd/trans2.c:2600(call_trans2qfsinfo) call_trans2qfsinfo: level = 258 [2010/06/14 11:08:18, 3] smbd/process.c:1459(process_smb) Transaction 40247 of length 74 (0 toread) [2010/06/14 11:08:18, 3] smbd/process.c:1273(switch_message) switch message SMBtrans2 (pid 24750) conn 0xb8628478 [2010/06/14 11:08:18, 3] smbd/trans2.c:2600(call_trans2qfsinfo) call_trans2qfsinfo: level = 261 [2010/06/14 11:08:18, 3] smbd/process.c:1459(process_smb) Transaction 40248 of length 74 (0 toread) [2010/06/14 11:08:18, 3] smbd/process.c:1273(switch_message) switch message SMBtrans2 (pid 24750) conn 0xb8628478 [2010/06/14 11:08:18, 3] smbd/trans2.c:2600(call_trans2qfsinfo) call_trans2qfsinfo: level = 261 [2010/06/14 11:08:19, 3] smbd/process.c:1459(process_smb) Transaction 40249 of length 80 (0 toread) [2010/06/14 11:08:19, 3] smbd/process.c:1273(switch_message) switch message SMBtrans2 (pid 24750) conn 0xb85cc6e8 [2010/06/14 11:08:19, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (1010, 1006) - sec_ctx_stack_ndx = 0 [2010/06/14 11:08:19, 3] smbd/trans2.c:3956(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2010/06/14 11:08:19, 3] smbd/vfs.c:865(check_reduced_name) reduce_name [.] [/home/user2] [2010/06/14 11:08:19, 3] smbd/vfs.c:974(check_reduced_name) reduce_name: . reduced to /home/user2 [2010/06/14 11:08:19, 3] smbd/trans2.c:4070(call_trans2qfilepathinfo) call_trans2qfilepathinfo . (fnum = -1) level=1004 call=5 total_data=0 [2010/06/14 11:08:19, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/06/14 11:08:36, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 -- 8AAC 5F46 83B4 DB70 8317 3723 296C 6CCA 35A6 4134
Marc Schiffbauer
2010-Jun-14 09:59 UTC
[Samba] group permissions broken after upgrade 3.2.5 -> 3.4.8: deleting of files denied
This is part of the log with log level = 10: Here you can see that the "open for delete" is being denied, but why? (If I do "chmod o+w ." in the dir, deletion of files is permitted...) Group "domusr" (1006) has rwx permission on the directory which is the primary group of the users and which is mapped to the "Domain Users" group as well. user1 (1001) is the owner of the parent dir (".") user2 (1010) is the owner of the file "Neu Textdokument.txt" domusr (1006) is the group of both, "." and the file user2 wants to delete the file perms of "." is 0770 perms of the file is 0660 --------------------------------------------------------------------------------------- [2010/06/14 11:43:21, 4] smbd/uid.c:256(change_to_user) change_to_user: Skipping user change - already user [2010/06/14 11:43:21, 10] smbd/nttrans.c:484(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x10, access_mask = 0x10080 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x200040 root_dir_fid = 0x0, fname = Temp/Neu Textdokument.txt [2010/06/14 11:43:21, 10] smbd/open.c:3365(create_file_default) create_file: access_mask = 0x10080 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x200040 oplock_request = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), create_file_flags = 0x1, fname = Temp/Neu Textdokument.txt [2010/06/14 11:43:21, 5] smbd/filename.c:148(unix_convert) unix_convert called on file "Temp/Neu Textdokument.txt" [2010/06/14 11:43:21, 10] smbd/statcache.c:274(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [TEMP/NEU TEXTDOKUMENT.TXT] -> [Temp/Neu Textdokument.txt] [2010/06/14 11:43:21, 3] smbd/vfs.c:865(check_reduced_name) reduce_name [Temp/Neu Textdokument.txt] [/home/userdata] [2010/06/14 11:43:21, 10] smbd/vfs.c:937(check_reduced_name) reduce_name realpath [Temp/Neu Textdokument.txt] -> [/home/userdata/Temp/Neu Textdokument.txt] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ This is the file I want to delete. [2010/06/14 11:43:21, 3] smbd/vfs.c:974(check_reduced_name) reduce_name: Temp/Neu Textdokument.txt reduced to /home/userdata/Temp/Neu Textdokument.txt [2010/06/14 11:43:21, 10] smbd/open.c:2896(create_file_unixpath) create_file_unixpath: access_mask = 0x10080 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x200040 oplock_request = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = Temp/Neu Textdokument.txt [2010/06/14 11:43:21, 10] smbd/posix_acls.c:3372(posix_get_nt_acl) posix_get_nt_acl: called for file Temp [2010/06/14 11:43:21, 10] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = IDMAP/UID2SID/1001, value = S-1-5-21-623575250-3528882096-2388268162-3002, timeout = Sat Jun 19 02:37:36 2010 [2010/06/14 11:43:21, 10] passdb/lookup_sid.c:1333(uid_to_sid) uid 1001 -> sid S-1-5-21-623575250-3528882096-2388268162-3002 [2010/06/14 11:43:21, 10] smbd/posix_acls.c:2522(canonicalise_acl) canonicalise_acl: Access ace entries before arrange : [2010/06/14 11:43:21, 10] smbd/posix_acls.c:2535(canonicalise_acl) canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- [2010/06/14 11:43:21, 10] smbd/posix_acls.c:2535(canonicalise_acl) canon_ace index 1. Type = allow SID = S-1-5-32-545 gid 1006 (domusr) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx [2010/06/14 11:43:21, 10] smbd/posix_acls.c:2535(canonicalise_acl) canon_ace index 2. Type = allow SID = S-1-5-32-544 uid 1001 (user1) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx [2010/06/14 11:43:21, 10] smbd/posix_acls.c:838(print_canon_ace_list) print_canon_ace_list: canonicalise_acl: ace entries after arrange canon_ace index 0. Type = allow SID = S-1-5-32-544 uid 1001 (user1) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx canon_ace index 1. Type = allow SID = S-1-5-32-545 gid 1006 (domusr) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- [2010/06/14 11:43:21, 10] smbd/posix_acls.c:1116(map_canon_ace_perms) map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff [2010/06/14 11:43:21, 10] smbd/posix_acls.c:1116(map_canon_ace_perms) map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff [2010/06/14 11:43:21, 10] smbd/posix_acls.c:1116(map_canon_ace_perms) map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 [2010/06/14 11:43:21, 10] smbd/posix_acls.c:3045(add_or_replace_ace) Replacing ACE 1 with SID S-1-5-32-545 and flags 00 [2010/06/14 11:43:21, 10] smbd/posix_acls.c:3007(merge_default_aces) merge_default_aces: Merging ACE 3 onto ACE 1. [2010/06/14 11:43:21, 10] smbd/posix_acls.c:3372(posix_get_nt_acl) posix_get_nt_acl: called for file Temp/Neu Textdokument.txt [2010/06/14 11:43:21, 10] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = IDMAP/UID2SID/1010, value = S-1-5-21-623575250-3528882096-2388268162-3020, timeout = Sat Jun 19 02:39:58 2010 [2010/06/14 11:43:21, 10] passdb/lookup_sid.c:1333(uid_to_sid) uid 1010 -> sid S-1-5-21-623575250-3528882096-2388268162-3020 [2010/06/14 11:43:21, 10] smbd/posix_acls.c:2522(canonicalise_acl) canonicalise_acl: Access ace entries before arrange : [2010/06/14 11:43:21, 10] smbd/posix_acls.c:2535(canonicalise_acl) canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- [2010/06/14 11:43:21, 10] smbd/posix_acls.c:2535(canonicalise_acl) canon_ace index 1. Type = allow SID = S-1-5-32-545 gid 1006 (domusr) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rw- [2010/06/14 11:43:21, 10] smbd/posix_acls.c:2535(canonicalise_acl) canon_ace index 2. Type = allow SID = S-1-5-32-544 uid 1010 (user2) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rw- [2010/06/14 11:43:21, 10] smbd/posix_acls.c:838(print_canon_ace_list) print_canon_ace_list: canonicalise_acl: ace entries after arrange canon_ace index 0. Type = allow SID = S-1-5-32-544 uid 1010 (user2) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rw- canon_ace index 1. Type = allow SID = S-1-5-32-545 gid 1006 (domusr) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rw- canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- [2010/06/14 11:43:21, 10] smbd/posix_acls.c:1116(map_canon_ace_perms) map_canon_ace_perms: Mapped (UNIX) 180 to (NT) 12019f [2010/06/14 11:43:21, 10] smbd/posix_acls.c:1116(map_canon_ace_perms) map_canon_ace_perms: Mapped (UNIX) 180 to (NT) 12019f [2010/06/14 11:43:21, 10] smbd/posix_acls.c:1116(map_canon_ace_perms) map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 [2010/06/14 11:43:21, 10] smbd/posix_acls.c:3045(add_or_replace_ace) Replacing ACE 1 with SID S-1-5-32-545 and flags 00 [2010/06/14 11:43:21, 10] smbd/posix_acls.c:3007(merge_default_aces) merge_default_aces: Merging ACE 3 onto ACE 1. [2010/06/14 11:43:21, 10] smbd/open.c:2952(create_file_unixpath) create_file_unixpath: open file Temp/Neu Textdokument.txt for delete ACCESS_DENIED ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Why is this being denied? [2010/06/14 11:43:21, 10] smbd/open.c:3218(create_file_unixpath) create_file_unixpath: NT_STATUS_ACCESS_DENIED [2010/06/14 11:43:21, 10] smbd/open.c:3497(create_file_default) create_file: NT_STATUS_ACCESS_DENIED [2010/06/14 11:43:21, 3] smbd/error.c:60(error_packet_set) error packet at smbd/nttrans.c(563) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED --------------------------------------------------------------------------------------- -- 8AAC 5F46 83B4 DB70 8317 3723 296C 6CCA 35A6 4134
Marc Schiffbauer
2010-Jun-14 21:25 UTC
[Samba] UPDATE: group permissions broken after upgrade 3.2.5 -> 3.4.8: deleting of files denied
Update: I tested some other samba versions now: Samba 3.5.3 has the same problem, it does not work here but: Samba 3.3.12 works just fine as 3.2.5 did This error definitely depends on the samba version that is being used. I have no clue what might cause this... Anybody else? -Marc -- 8AAC 5F46 83B4 DB70 8317 3723 296C 6CCA 35A6 4134
Alberto Moreno
2010-Jun-14 21:48 UTC
[Samba] UPDATE: group permissions broken after upgrade 3.2.5 -> 3.4.8: deleting of files denied
On Mon, Jun 14, 2010 at 2:25 PM, Marc Schiffbauer <marc at schiffbauer.net> wrote:> > Update: > > I tested some other samba versions now: > > ?Samba 3.5.3 has the same problem, it does not work here > > but: > > ?Samba 3.3.12 works just fine as 3.2.5 did > > > This error definitely depends on the samba version that is being > used. > > I have no clue what might cause this... > > Anybody else? > > -Marc > -- > 8AAC 5F46 83B4 DB70 8317 ?3723 296C 6CCA 35A6 4134 > -- > To unsubscribe from this list go to the following URL and read the > instructions: ?https://lists.samba.org/mailman/options/samba >Hi. Looks like u just want to have a share where any user could do what ever she/he wants, I was thinking in add public =Yes guest ok = Yes Or if u have a issues: Create a group: mygroup. Public =No guest ok = No force group = @mygroup add all your users u need to that group, change the rights for the folder: chgrp -R mygroup /path/toyour/share chmod -R 774 /path/toyour/share reload samba, test!!! smbclient \\\\yoursamba\\yourshare -U username psw: My 2 cents. -- LIving the dream...
Jeremy Allison
2010-Jun-14 22:00 UTC
[Samba] group permissions broken after upgrade 3.2.5 -> 3.4.8: deleting of files denied
On Mon, Jun 14, 2010 at 12:59:54AM +0200, Marc Schiffbauer wrote:> Hi, > > I am having a problem with group permissions after Samba upgrade. > > On one share there are several directorries owned by different > users. > > No posix acl or user_xattr on the filesystem so far. > > Samba is configured so that directory permission is always 0770 and > file permission is always 0660: any user in the domain can do > anything with the files and directories (all users have the same > primary group which is the same as the file and dir group). > > That worked very well until the upgrade. Users could do anything > within the share: create, modify and delete files and directories. > > Now after the upgrade delete operations on files do not work anymore > until a user owns the parent directory or has world write access to > it (windows client (XP SP2) gets a permission denied error). > > This is strange because a user can still create files within a dir > that he does not own, so this can only be permitted by group permission, > but deleting the same file gives a permission denied. > > What might cause this? Is this a known bug in samba 3.4.8?Log a bug and post a debug level 10 log of the delete operation. Internally smbd now converts the POSIX ACL into a Windows ACL and tests for DELETE access availability for the logged in user and group list. Jeremy.
Marc Schiffbauer
2010-Jun-16 21:20 UTC
[Samba] UPDATE: group permissions broken after upgrade 3.2.5 -> 3.4.8: deleting of files denied
* Alberto Moreno schrieb am 14.06.10 um 23:48 Uhr:> > Hi.Hi Alberto, thanks for your answer.> > Looks like u just want to have a share where any user could do what > ever she/he wants, I was thinking in > add > > public =Yes > guest ok = YesNo, this is not what I want. My config worked like it should do for years until the upgrade. -Marc -- 8AAC 5F46 83B4 DB70 8317 3723 296C 6CCA 35A6 4134
Marc Schiffbauer
2010-Jun-16 22:40 UTC
[Samba] group permissions broken after upgrade 3.2.5 -> 3.4.8: deleting of files denied
* Jeremy Allison schrieb am 15.06.10 um 00:00 Uhr:> On Mon, Jun 14, 2010 at 12:59:54AM +0200, Marc Schiffbauer wrote: > > Hi, > > > > I am having a problem with group permissions after Samba upgrade. > > > > On one share there are several directorries owned by different > > users. > > > > No posix acl or user_xattr on the filesystem so far. > > > > Samba is configured so that directory permission is always 0770 and > > file permission is always 0660: any user in the domain can do > > anything with the files and directories (all users have the same > > primary group which is the same as the file and dir group). > > > > That worked very well until the upgrade. Users could do anything > > within the share: create, modify and delete files and directories. > > > > Now after the upgrade delete operations on files do not work anymore > > until a user owns the parent directory or has world write access to > > it (windows client (XP SP2) gets a permission denied error). > > > > This is strange because a user can still create files within a dir > > that he does not own, so this can only be permitted by group permission, > > but deleting the same file gives a permission denied. > > > > What might cause this? Is this a known bug in samba 3.4.8? > > Log a bug and post a debug level 10 log of the delete operation. > Internally smbd now converts the POSIX ACL into a Windows ACL > and tests for DELETE access availability for the logged in user > and group list.Hi Jeremy, thanks. -> I have filed bug 7521 -Marc -- 8AAC 5F46 83B4 DB70 8317 3723 296C 6CCA 35A6 4134