Rowland Penny
2024-Jan-16 09:46 UTC
[Samba] Share access permission errors after upgrade from 4.12.14
On Mon, 15 Jan 2024 21:00:21 +0000 unraidster via samba <samba at lists.samba.org> wrote:> - Test Outcome: Share access from the W10 client throws the > same error from the original post. Here is the latest log error: Jan > 14 22:07:13 UR-Lab smbd[9216]: [2024/01/14 22:07:13.202799, 0] > ../../source3/smbd/smb2_service.c:168(chdir_current_service) Jan 14 > 22:07:13 UR-Lab smbd[9216]: chdir_current_service: > vfs_ChDir(/mnt/user/PrivateShare) failed: Permission denied. Current > token: uid=1001106, gid=1000513, 11 groups: 1001106 1000513 1001119 > 1001111 1001115 1001113 1001124 3003 3004 3006 3001 > - Here is an id output of the rwuser (used for share access > in the tests): root at UR-Lab:~# id rwuser > uid=1001106(rwuser) gid=1000513(domain users) > groups=1000513(domain > users),1001106(rwuser),1001119(ur_users),1001111(ur-lab-privateshare-rw),1001115(b-rw),1001113(ur-lab-privateshare-a-rw),1001124(ubuntu_share_rw),3001(BUILTIN\users) >As far as I can see, unraid is based on slackware, so it should work. Is it possible to check the ownership & permissions set on /mnt/user/PrivateShare ? Is either apparmor or selinux running ? Rowland
unraidster
2024-Jan-16 23:28 UTC
[Samba] Share access permission errors after upgrade from 4.12.14
On Tuesday, 16 January 2024 at 09:46, Rowland Penny via samba <samba at lists.samba.org> wrote:> As far as I can see, unraid is based on slackware, so it should work. > Is it possible to check the ownership & permissions set on > /mnt/user/PrivateShare ? > > Is either apparmor or selinux running ? > > RowlandThanks for the reply, I have included some responses below: The permissions set to /mnt/user/PrivateShare is: drwxrwx---+ 1 ur_admin ur-lab_access 4.0K May 24 2023 PrivateShare/ There is an ACL set on that folder too: getfacl: Removing leading '/' from absolute path names # file: mnt/user/PrivateShare/ # owner: ur_admin # group: ur-lab_access user::rwx user:ur-lab_access:rwx user:ur-lab-privateshare-ro:r-x user:ur-lab-privateshare-rw:rwx group::rwx group:ur_admin:rwx group:ur-lab_access:rwx group:ur-lab-privateshare-ro:r-x group:ur-lab-privateshare-rw:rwx mask::rwx other::--- default:user::rwx default:user:ur_admin:rwx default:user:ur-lab-privateshare-ro:r-x default:user:ur-lab-privateshare-rw:rwx default:group::--- default:group:ur_admin:rwx default:group:ur-lab_access:--- default:group:ur-lab-privateshare-ro:r-x default:group:ur-lab-privateshare-rw:rwx default:mask::rwx default:other::--- The rwuser is a member of the ur-lab-privateshare-rw group. I noticed that there are two groups (ur-lab-privateshare-ro and ur-lab-privateshare-rw) setup with a user and a group permission in the ACL. I retested after removing both groups' user permission (leaving the intended group ACL entry for each group) and still received the same error. The non-updated-IDMAP configuration I started the thread with did not have a duplicate user ACL for the groups and therefore I suspect it isn?t contributing to this issue. apparmor: I tried the following commands to see if apparmor was enabled: cat /sys/module/apparmor/parameters/enabled sudo apparmor_status Neither returned a result. Selinux: I tried the following commands to see if selinux was enabled: sudo getenforce sudo sestatus Neither returned a result. Therefore, I suspect that apparmor and selinux are not installed/enabled. Best Regards, Unraidster
Possibly Parallel Threads
- Share access permission errors after upgrade from 4.12.14
- Share access permission errors after upgrade from 4.12.14
- Share access permission errors after upgrade from 4.12.14
- Share access permission errors after upgrade from 4.12.14
- Share access permission errors after upgrade from 4.12.14