samba - Apr 2022 - samba share not allowing owner of folder

How to allow the owner of a folder that is shared access to that share?

I have;

Samba version 4.13.13-Debian

# testparm -s
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Weak crypto is allowed
Server role: ROLE_STANDALONE

----------
# Global parameters
[global]
         log file = /var/log/samba/log.%m
         logging = file
         map to guest = Bad User
         max log size = 1000
         obey pam restrictions = Yes
         pam password change = Yes
         panic action = /usr/share/samba/panic-action %d
         passwd chat = *Enter\snew\s*\spassword:* %n\n 
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
         passwd program = /usr/bin/passwd %u
         server role = standalone server
         unix password sync = Yes
         usershare allow guests = Yes
         idmap config * : backend = tdb

[proxmox-trx40]
         comment = Aiii
         inherit permissions = Yes
         path = /{redacted}/hypervisors/proxmox/trx40_1
         read only = No
         valid users = proxmox

----------

ls -l /{redacted}/

drwxrwx---+  3 proxmox proxmox    3 Mar 24 18:04  hypervisors
all descendant files and folders have the same permissions as the 
hypervisors folder

when logged in as user proxmox

smb: \> ls

NT_STATUS_ACCESS_DENIED listing \*

The only way I can get it to work is to chmod -R 777 
/{redacted}/hypervisors
and I currently have 770 on all files and folders there in an effort 
maximizing security
774 and 776 also do not work and even if that did work I would not feel 
comfortable with that.

Any suggestions on how to proceed?

On Mon, 2022-04-11 at 12:30 +0200, maillists_samba--- via samba
wrote:
> How to allow the owner of a folder that is shared access to that
> share?
> 
> I have;
> 
> Samba version 4.13.13-Debian
> 
> # testparm -s
> Load smb config files from /etc/samba/smb.conf
> Loaded services file OK.
> Weak crypto is allowed
> Server role: ROLE_STANDALONE
> 
> ----------
> # Global parameters
> [global]
>          log file = /var/log/samba/log.%m
>          logging = file
>          map to guest = Bad User
>          max log size = 1000
>          obey pam restrictions = Yes
>          pam password change = Yes
>          panic action = /usr/share/samba/panic-action %d
>          passwd chat = *Enter\snew\s*\spassword:* %n\n 
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>          passwd program = /usr/bin/passwd %u
>          server role = standalone server
>          unix password sync = Yes
>          usershare allow guests = Yes
>          idmap config * : backend = tdb
> 
> [proxmox-trx40]
>          comment = Aiii
>          inherit permissions = Yes
>          path = /{redacted}/hypervisors/proxmox/trx40_1
>          read only = No
>          valid users = proxmox
> 
> ----------
> 
> ls -l /{redacted}/
> 
> drwxrwx---+  3 proxmox proxmox    3 Mar 24 18:04  hypervisors
On the face of it, only 'proxmox' and members of the 'proxmox'
group
can enter the hypervisors directory, but notice the '+' on the end of
the permissions, this means that you have extended ACLs set. However
you are missing a parameter in the smb.conf global section.

Add 'vfs objects = acl_xattr' to smb.conf, restart Samba and then read
up on 'setfacl' and 'getfacl'.

Rowland