Hello,
Our samba fileserver is a member of a Windows 2008R2 domain, and has
different shares. These shares are set with a "read only = yes" and
have
an explicit "write list". This works as planned.
But when an "read only" user opens a pdf with Adobe acrobat, the file
gets DenyMode DENY_WRITE and the user who can edit the file can't save
the document anymore. After the readonly user closes the file, the file
can be saved again by the user who is allowed to edit it.
13007 23132 DENY_WRITE 0x120089 RDONLY NONE
/data/testshare file1.pdf Fri Dec 19 11:30:16 2014
As far as I can see Word, Excel or any other document don't have this
problem.
[global]
workgroup = DOMAIN
realm = DOMAIN.EU
server string = %h server
security = ADS
log file = /var/log/samba/log.%m
max log size = 1000
server max protocol = SMB2
load printers = No
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
idmap config DOMAINEU:backend = rid
idmap config DOMAINEU:range = 20000 - 49999
idmap config * : range = 2000-2999
idmap config * : backend = tdb
hide unreadable = Yes
[testshare]
path = /data/testshare
read only = Yes
write list = @"DOMAINEU+domain admins"
comment = testshare
create mask = 770
directory mask = 770
ea support = yes
map hidden = no
map system = no
map archive = no
map readonly = no
store dos attributes = yes
Is this behaviour of Samba as expected or am I missing something?
Because the way as I see it, the file shouldn't be locked by a readonly
user.
Regards,
Danny
Jeremy Allison
2014-Dec-19 18:10 UTC
[Samba] [samba 4.0] read only = yes + Denymode DENY_WRITE
On Fri, Dec 19, 2014 at 12:11:02PM +0100, danny wrote:> Hello, > > Our samba fileserver is a member of a Windows 2008R2 domain, and has > different shares. These shares are set with a "read only = yes" and > have an explicit "write list". This works as planned. > But when an "read only" user opens a pdf with Adobe acrobat, the > file gets DenyMode DENY_WRITE and the user who can edit the file > can't save the document anymore. After the readonly user closes the > file, the file can be saved again by the user who is allowed to edit > it. > > 13007 23132 DENY_WRITE 0x120089 RDONLY NONE > /data/testshare file1.pdf Fri Dec 19 11:30:16 2014 > > ... > Is this behaviour of Samba as expected or am I missing something? > Because the way as I see it, the file shouldn't be locked by a > readonly user.Yeah, we used to think so too :-). Unfortunately these are Windows semantics, so we have to match them.
Jeremy Allison wrote:> On Fri, Dec 19, 2014 at 12:11:02PM +0100, danny wrote: >> Hello, >> >> Our samba fileserver is a member of a Windows 2008R2 domain, and has >> different shares. These shares are set with a "read only = yes" and >> have an explicit "write list". This works as planned. >> But when an "read only" user opens a pdf with Adobe acrobat, the >> file gets DenyMode DENY_WRITE and the user who can edit the file >> can't save the document anymore. After the readonly user closes the >> file, the file can be saved again by the user who is allowed to edit >> it. >> >> 13007 23132 DENY_WRITE 0x120089 RDONLY NONE >> /data/testshare file1.pdf Fri Dec 19 11:30:16 2014 >> >> ... >> Is this behaviour of Samba as expected or am I missing something? >> Because the way as I see it, the file shouldn't be locked by a >> readonly user. > > Yeah, we used to think so too :-). Unfortunately these > are Windows semantics, so we have to match them.Thank you for your answer. Does anybody know a workaround or has some experience with this kind of setups? Regards, Danny
Jeremy Allison wrote:> On Fri, Dec 19, 2014 at 12:11:02PM +0100, danny wrote: >> Hello, >> >> Our samba fileserver is a member of a Windows 2008R2 domain, and has >> different shares. These shares are set with a "read only = yes" and >> have an explicit "write list". This works as planned. >> But when an "read only" user opens a pdf with Adobe acrobat, the >> file gets DenyMode DENY_WRITE and the user who can edit the file >> can't save the document anymore. After the readonly user closes the >> file, the file can be saved again by the user who is allowed to edit >> it. >> >> 13007 23132 DENY_WRITE 0x120089 RDONLY NONE >> /data/testshare file1.pdf Fri Dec 19 11:30:16 2014 >> >> ... >> Is this behaviour of Samba as expected or am I missing something? >> Because the way as I see it, the file shouldn't be locked by a >> readonly user. > > Yeah, we used to think so too :-). Unfortunately these > are Windows semantics, so we have to match them.Thank you for your answer. Does anybody know a workaround or has some experience with this kind of setups? Regards, Danny