Eric Michaelis
2005-Dec-07 20:27 UTC
[Samba] Strange behavior with file/directory permissions.
I am experiencing some odd behavior with a SAMBA server running on a
Red Hat Enterprise Linux 3 system.
Users are authenticating against a Windows domain, and then connecting
to their home directory shares, defined as:
[homes]
comment = Home Directories
hide unreadable = Yes
valid users = %S
read only = No
create mask = 0664
directory mask = 0775
locking = No
inherit permissions = Yes
If I connect to my home directory and inside there is a directory with
permissions of 0700, I can't see or access the directory.
If I change the permissions to 0750 or 0770, I'm able to see and write
to the directory (even if the group permissions forbid writing).
As far as I can tell, the SAMBA server is examining group permissions
to determine visibility, but using the user permissions to determine
actual read/write access.
I'm not sure I understand why the group is taking precendence over the
user permissions. If I log into the same Linux system and my
permissions on a given directory are 0700, I, as the user, have full
access to that directory. However, this is not the behavior I'm seeing
when I connect via SAMBA.
Can anyone shed some light on either 1) what I have misconfigured
that's triggering this behavior, or 2) why this is occurring and if
there is a workaround?
Thanks!
Eric
Adam Nielsen
2005-Dec-08 01:13 UTC
[Samba] Strange behavior with file/directory permissions.
> inherit permissions = YesWhat happens if you remove this?> If I change the permissions to 0750 or 0770, I'm able to see and write > to the directory (even if the group permissions forbid writing).If you create a new file in the directory here, is the new file owned by the expected user and group?> I'm not sure I understand why the group is taking precendence over the > user permissions. If I log into the same Linux system and my > permissions on a given directory are 0700, I, as the user, have full > access to that directory. However, this is not the behavior I'm seeing > when I connect via SAMBA.Are you sure you don't have any "map to guest" option that might be altering the username? Cheers, Adam.