I'm really confused about something. It seems like on my samba server the user AND GROUP permissions must match for me to access any files in my home directory. Here's an example of what I mean: ($ = at unix shell,> = in smbclient)$ mkdir ~dan/test1 $ chmod 700 ~dan/test1 $ smbclient -U dan //localhost/dan> cd test1 > put test1.txt(failure, NT_STATUS_ACCESS_DENIED)> quit$ chmod 070 ~dan/test1 $ smbclient -U dan //localhost/dan> cd test1 > put test1.txt(failure, NT_STATUS_ACCESS_DENIED)> quit$ chmod 770 ~dan/test1 $ smbclient -U dan //localhost/dan> cd test1 > put test.txt(SUCCESS) Why on earth would samba even CARE about group permissions when user permissions are perfectly fine? Help me fix this? -- Dan Egli On my Test server -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 495 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20201027/4a89becd/OpenPGP_signature.sig>
On 27/10/2020 18:35, Dan Egli via samba wrote:> I'm really confused about something. It seems like on my samba server > the user AND GROUP permissions must match for me to access any files in > my home directory. Here's an example of what I mean: ($ = at unix shell, >> = in smbclient) > $ mkdir ~dan/test1 > $ chmod 700 ~dan/test1 > $ smbclient -U dan //localhost/dan >> cd test1 >> put test1.txt > (failure, NT_STATUS_ACCESS_DENIED) >> quit > $ chmod 070 ~dan/test1 > $ smbclient -U dan //localhost/dan >> cd test1 >> put test1.txt > (failure, NT_STATUS_ACCESS_DENIED) >> quit > $ chmod 770 ~dan/test1 > $ smbclient -U dan //localhost/dan >> cd test1 >> put test.txt > (SUCCESS) > > > Why on earth would samba even CARE about group permissions when user > permissions are perfectly fine? Help me fix this?What OS ? What version of Samba ? Please post your smb.conf Rowland
On 10/27/2020 12:50 PM, Rowland penny via samba wrote:> On 27/10/2020 18:35, Dan Egli via samba wrote: >> I'm really confused about something. It seems like on my samba server >> the user AND GROUP permissions must match for me to access any files in >> my home directory. Here's an example of what I mean: ($ = at unix shell, >>> = in smbclient) >> $ mkdir ~dan/test1 >> $ chmod 700 ~dan/test1 >> $ smbclient -U dan //localhost/dan >>> cd test1 >>> put test1.txt >> (failure, NT_STATUS_ACCESS_DENIED) >>> quit >> $ chmod 070 ~dan/test1 >> $ smbclient -U dan //localhost/dan >>> cd test1 >>> put test1.txt >> (failure, NT_STATUS_ACCESS_DENIED) >>> quit >> $ chmod 770 ~dan/test1 >> $ smbclient -U dan //localhost/dan >>> cd test1 >>> put test.txt >> (SUCCESS) >> >> >> Why on earth would samba even CARE about group permissions when user >> permissions are perfectly fine? Help me fix this? > > What OS ? > > What version of Samba ? > > Please post your smb.conf > > Rowland > >Sorry, Samba? version 4.11.2-13 is running on CentOS? 8.? My smb.conf is shown below, sans comments: [global] ??????? workgroup = EgliFamily ??????? server string = Samba Server Version %v ??????? log file = /var/log/samba/log.%m ??????? max log size = 50 ??????? security = user ?? ???? passdb backend = tdbsam ??? ??? acl allow execute always =? true ??????? load printers = yes ??????? cups options = raw [homes] ??????? comment = Home Directories ??????? browseable = no ??????? writable = yes ??????? directory mask = 770 ??????? create mask = 660 ??????? acl check permissions = no [printers] ??????? comment = All Printers ??????? path = /var/spool/samba ??????? browseable = no ??????? guest ok = no ??????? writable = no ??????? printable = yes -- Dan Egli On my Test server -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 495 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20201027/46f51e32/OpenPGP_signature.sig>
Mandi! Dan Egli via samba In chel di` si favelave...> Why on earth would samba even CARE about group permissions when user > permissions are perfectly fine? Help me fix this?Consider that, if POSIX ACL are enabled on this FS, the group permission are considered as a 'mask' for all ACL, with unpredictable result (no, they are predictable, only very confusing ;-). Use 'getfacl' to look at ACL on dirs, and post here, please. Or try to remove ACLs (setfacl -bR) and retry. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bont?, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
On 10/28/2020 3:31 AM, Marco Gaiarin via samba wrote:> Mandi! Dan Egli via samba > In chel di` si favelave... > >> Why on earth would samba even CARE about group permissions when user >> permissions are perfectly fine? Help me fix this? > Consider that, if POSIX ACL are enabled on this FS, the group > permission are considered as a 'mask' for all ACL, with unpredictable > result (no, they are predictable, only very confusing ;-). > > Use 'getfacl' to look at ACL on dirs, and post here, please. > > Or try to remove ACLs (setfacl -bR) and retry. >I posted the getfacl output a minute or two ago. I tried killing any ACLs with setfacl -bR and the result was identical. NT_STATUS_ACCESS_DENIED Next idea? :) -- Dan Egli On my Test server -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 495 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20201028/df4b9862/OpenPGP_signature.sig>
Hm, samba 4.11.2-13 is running on CentOS? 8.
Im not really into CentOS/RH im more Debian/Ubuntu..
But I suggest you try this.
Remove [homes] ( or keep it but add a new one. )
Setup
[users]
Path = /home
browseable = yes
read only = no
Test again against that new share, but not with smbclient alone,
setup a cifs mount and test and/or use a windows client pc.
Preffered W10 or server 2016+
I think you hitted a bug here. In smbclient + [homes]
But not sure yet.
And increasing the loglevel might help in "seeing" where this is going
wrong.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Dan
> Egli via samba
> Verzonden: woensdag 28 oktober 2020 10:37
> Aan: Marco Gaiarin; samba at lists.samba.org
> Onderwerp: Re: [Samba] odd issue with permisions
>
> On 10/28/2020 3:31 AM, Marco Gaiarin via samba wrote:
> > Mandi! Dan Egli via samba
> > In chel di` si favelave...
> >
> >> Why on earth would samba even CARE about group permissions
> when user
> >> permissions are perfectly fine? Help me fix this?
> > Consider that, if POSIX ACL are enabled on this FS, the group
> > permission are considered as a 'mask' for all ACL, with
> unpredictable
> > result (no, they are predictable, only very confusing ;-).
> >
> > Use 'getfacl' to look at ACL on dirs, and post here, please.
> >
> > Or try to remove ACLs (setfacl -bR) and retry.
> >
> I posted the getfacl output a minute or two ago. I tried killing any
> ACLs with setfacl -bR and the result was identical.
> NT_STATUS_ACCESS_DENIED
>
> Next idea? :)
>
> --
> Dan Egli
> On my Test server
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>