samba - Jul 2004 - Permissions problem...I must be overlooking *something*...

I have a share I can't seem to create files on, and I can't figure out
why.
I get "Access denied" from Windows, and the samba log shows this:

[2004/07/13 10:52:26, 2] smbd/open.c:open_directory(1293)
  open_directory: failing create on read-only share
[2004/07/13 10:52:26, 2] smbd/open.c:open_directory(1293)
  open_directory: failing create on read-only share

The share has the following definition:

[webfiles]
        path = /var/www
        force group = "INTERCLEAN+Domain Admins"
        valid users = @"INTERCLEAN+Domain Admins"
        writable = yes
        read only = no

Here are the permissions on /var/www:

# file: www
# owner: root
# group: INTERCLEAN+Domain Admins
user::rwx
group::rwx
other::r-x

I'm in the Domain Admins group.  Why doesn't this work?  I'm sure
there's
something silly I'm overlooking, but I can't see what it is right now.

---

David Brodbeck, System Administrator
InterClean Equipment, Inc.
3939 Bestech Drive Suite B
Ypsilanti, MI 48197
(734) 975-2967 x221
(734) 975-1646 (fax)

Hi David,

First of all I'll suggest the obvious (probably not your problem here,
but it's worth a shot).

You've probably only put them in because of the problem you're having,
but "writeable/writable" and "read only" are actually the
same setting
but reversed.  E.g. "writeable/writable = yes" is the same as
"read only
= no".  Therefore you only need to put one or the other.  If you stick
to only using one it can make your smb.conf easier to read.  This won't
be causing the problem, it's just a bit of "config file snobbery" 
;)

Anyway, onto my suggestion.  Have you restarted samba since you made the
share writeable?

Also, if you're forcing group "INTERCLEAN+Domain Admins" and
setting
"valid users" to the same, won't everyone be able to write to the
share
as a domain admin?  Seems a bit like a security risk to me, but then I'm
sure you've a good reason why you've done this.

I hope this helps,

Mark Lidstone
IT and Network Support Administrator

BMT SeaTech Ltd
Grove House, Meridians Cross, 7 Ocean Way
Ocean Village, Southampton.  SO14 3TJ. UK
Tel: +44 (0)23 8063 5122         
Fax: +44 (0)23 8063 5144

E-Mail:  mailto:mark.lidstone@bmtseatech.co.uk
Website: www.bmtseatech.co.uk
========================================================================Confidentiality
Notice and Disclaimer:
The contents of this e-mail and any attachments are intended only for
the
use of the e-mail addressee(s) shown. If you are not that person, or one
of those persons, you are not allowed to take any action based upon it
or
to copy it, forward, distribute or disclose the contents of it and you
should please delete it from your system. BMT SeaTech Limited does not
accept liability for any errors or omissions in the context of this
e-mail
or its attachments which arise as a result of Internet transmission, nor
accept liability for statements which are those of the author and not
clearly made on behalf of BMT SeaTech Limited.
========================================================================  

-----Original Message-----
From: David Brodbeck [mailto:DavidB@mail.interclean.com] 
Sent: 13 July 2004 15:56
To: 'samba@lists.samba.org'
Subject: [Samba] Permissions problem...I must be overlooking
*something*...


I have a share I can't seem to create files on, and I can't figure out
why. I get "Access denied" from Windows, and the samba log shows this:

[2004/07/13 10:52:26, 2] smbd/open.c:open_directory(1293)
  open_directory: failing create on read-only share
[2004/07/13 10:52:26, 2] smbd/open.c:open_directory(1293)
  open_directory: failing create on read-only share

The share has the following definition:

[webfiles]
        path = /var/www
        force group = "INTERCLEAN+Domain Admins"
        valid users = @"INTERCLEAN+Domain Admins"
        writable = yes
        read only = no

Here are the permissions on /var/www:

# file: www
# owner: root
# group: INTERCLEAN+Domain Admins
user::rwx
group::rwx
other::r-x

I'm in the Domain Admins group.  Why doesn't this work?  I'm sure
there's something silly I'm overlooking, but I can't see what it is
right now.

---

David Brodbeck, System Administrator
InterClean Equipment, Inc.
3939 Bestech Drive Suite B
Ypsilanti, MI 48197
(734) 975-2967 x221
(734) 975-1646 (fax)
 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Hi,

I nearly have the same problem as David.

I have a share:

[forall]
   path = /home/data/forall
   read only   = yes
   write list  = Administrator, @lehrer, @domadm, @verwaltung
   force user  = root
   force group = staff
   create mask = 0664
   directory mask = 0775

and

rwxrwxr-x    9 root     staff       4096 Jul 27 12:42 forall

Neither Administrator nor any of the given group members are allowed to
create any files in this path.

But, when I remove the "force *" attributes everything works like
expected... except the owner/group is not set, of course.

I could be wrong, but this problems occurs firstly when I
started to migrate to samba 3.0.4 (and now 3.0.5). In an environment with
samba 3.0.2a (and below) this is working.

The logs only tell me, that this is a read-only share and it is not
possible to write to.

I use Samba as PDC with LDAP backend also for posix accounts.

David, did you solve your problem already?

Thanks for any help,

Patrick