gac
2019-Sep-06 09:34 UTC
[Samba] Change in behaviour for the "%U" substitution in 4.10.8?
No problem -?https://pastebin.com/G8pa3bdE <https://pastebin.com/G8pa3bdE> 6 Sep 2019, 10:28 by samba at lists.samba.org:> On 06/09/2019 09:47, gac wrote: > >> I opted for 'remove the SERVER lines' (since I don't remember why they are in there) - but this hasn't changed the behaviour. The log file contains a different error message, but still refers to the incorrect path >> >> --- >> [2019/09/06 09:43:14.955067,? 0] ../../source3/smbd/service.c:784(make_connection_snum) >> ? make_connection_snum: canonicalize_connect_path failed for service username, path /shares/DOMAIN/domain_username >> --- >> > OK, can you post the ouput of the following commands: > > ls -lad /shares > > ls -lad /shares/DOMAIN > > ls -lad /shares/DOMAIN/<a username> > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Rowland penny
2019-Sep-06 09:52 UTC
[Samba] Change in behaviour for the "%U" substitution in 4.10.8?
On 06/09/2019 10:34, gac wrote:> No problem - https://pastebin.com/G8pa3bdE >Please just post things like this in line ;-) root at server:/var/log/samba# ls -lad /shares drwxr-xr-x 9 root root 4096 Jan 16? 2019 /shares # Owner:Group is root:root, but anybody can enter root at server:/var/log/samba# ls -lad /shares/DOMAIN drwxr-xr-x+ 16 1106001204 employees 4096 Sep? 6 09:43 /shares/DOMAIN Why a number and not a username ? only the number can write, but anybody can enter and read But there are ACLs set, so what does 'getfacl /shares/DOMAIN' return ? root at server:/var/log/samba# ls -lad /shares/DOMAIN/username drwxr-x---+ 32 username domain users 4096 Sep? 6 08:34 /shares/DOMAIN/username Only the user has full access, but Domain Users can enter and read, access from anyone else is denied But there are ACLs set, so what does 'getfacl /shares/DOMAIN/username' return ? I think your problem has a lot to do with '1106001204' not being resolved to a name, so who is it ? Can you check with 'wbinfo -R 1204' Rowland
gac
2019-Sep-06 10:12 UTC
[Samba] Change in behaviour for the "%U" substitution in 4.10.8?
I imagine the numeric UID is my old boss who left the company a few years ago, and by this point his account has been removed, not just disabled. The only thing contained by the DOMAIN directory is a home directory for each user, which is owned by them. So I don't _think_ this is the problem. The command you suggested returns: winbind_lookup_rids failed: WBC_ERR_DOMAIN_NOT_FOUND The ACLs are to allow --x access for the 'www-data' into users home directories for use with Apache+mod_userdir, and then r-x access for their www directory 6 Sep 2019, 10:52 by samba at lists.samba.org:> On 06/09/2019 10:34, gac wrote: > >> No problem - https://pastebin.com/G8pa3bdE >> > Please just post things like this in line ;-) > > root at server:/var/log/samba# ls -lad /shares > drwxr-xr-x 9 root root 4096 Jan 16? 2019 /shares # > > Owner:Group is root:root, but anybody can enter > > root at server:/var/log/samba# ls -lad /shares/DOMAIN > drwxr-xr-x+ 16 1106001204 employees 4096 Sep? 6 09:43 /shares/DOMAIN > > Why a number and not a username ? only the number can write, but anybody can enter and read > > But there are ACLs set, so what does 'getfacl /shares/DOMAIN' return ? > > root at server:/var/log/samba# ls -lad /shares/DOMAIN/username > drwxr-x---+ 32 username domain users 4096 Sep? 6 08:34 /shares/DOMAIN/username > > Only the user has full access, but Domain Users can enter and read, access from anyone else is denied > > But there are ACLs set, so what does 'getfacl /shares/DOMAIN/username' return ? > > I think your problem has a lot to do with '1106001204' not being resolved to a name, so who is it ? > > Can you check with 'wbinfo -R 1204' > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Reasonably Related Threads
- Change in behaviour for the "%U" substitution in 4.10.8?
- Change in behaviour for the "%U" substitution in 4.10.8?
- Change in behaviour for the "%U" substitution in 4.10.8?
- Change in behaviour for the "%U" substitution in 4.10.8?
- Change in behaviour for the "%U" substitution in 4.10.8?