samba - May 2006 - Cannot delete files from samba share

Hi all,

Following an upgrade from samba 2.2.8a to 3.0.22 we have been unable to 
delete files on a samba share using an XP client.  We were previously able 
to delete these files when using 2.2.8a. 

The problem occurs when we have a particular sub-set of permissions. 
Directory permissions on UNIX are set to 775 and ownerhips to usera : 
group1.  This should mean that either usera  or anyone who belongs to 
group1 should  be able to delete any file within the directory 
irrespective of what the file permissions and ownerships are.  From UNIX 
this is the case.  Using an XP client on samba 2.2.8a this is the case. On 
samba 3.0.22 this is not the case. 

 We have an application which writes files into the top level directory of 
the samba directory with permissions 544.The ownerships of the file are 
userb (i.e. different from the directory owner). group1 (i.e. the same as 
the directory).  If a third user, userc  who is a member of group1 (there 
is a force group directive on the share as well) comes along and attempts 
to delete the file through the samba share, the delete fails. 
Experimentation has shown the delete works if the file is writable by the 
user (e.g 744 cf  544) or the file is owned by the user trying to delete 
it.

 We have upgraded only a few of our servers to 3.0.22 and we have been 
able to reproduce the problem.    I have attached a script which run as 
root on UNIX  sets up a test share and appropriated file/dir permissions. 
Other details about are installation are given below

UNIX OS: Solaris 8, Solaris 9
PDC: Windows 2003

If anyone has any suggestions as to how this issue can be resolved, I 
would be grateful to hear from them

cheers

Neil

#!/bin/ksh

# TEST_DIR = UNIX directory being shared out ( The 'samba dir')
TEST_DIR=/smb_debug
# TEST_FILE = file used to demonstrate the problem
export TEST_FILE=${TEST_DIR}/test
# SMB_CONF = path to smb.conf
SMB_CONF=/path/to/your/smb.conf
# SHARENAME = the name for the samba share
SHARENAME=neil
# GROUP =  the group ownership on the 'samba dir'.  Membership of this 
group
# should permit files to be deleted from this directory.
GROUP=group1
# USER1 = the username attempting to delete files from the samba share. 
They
# must belong to ${GROUP}
USER1=usera
# USER2 = The user ownership on the 'samba dir'
USER2=userb
# USER3 = The user ownership on ${TEST_FILE}
USER3=userc

# On UNIX, make the directory shared out by samba if it does not exist
[[ ! -d ${TEST_DIR} ]] && mkdir ${TEST_DIR}

# Create the samba share if required
egrep \\[${SHARENAME}\\] ${SMB_CONF} >&- 2>&- || {
cat <<_EOT1__ >> ${SMB_CONF}
[${SHARENAME}]
        path = ${TEST_DIR}
        comment = "Test share for permissions issue"
        valid users = @${GROUP} 
        read only = no
        create mask = 755
        force group = ${GROUP}
_EOT1__
}

# Make the 'samba directory' owned by an account other than that which 
deletes
# the file.  Make the group ownership ${GROUP}.  Make the permissions such 
that
# members of ${GROUP} can delete (and create) files within ${TEST_DIR}.
chown ${USER2}:${GROUP} ${TEST_DIR}
chmod 775 ${TEST_DIR}

# Create the file we want to delete
touch ${TEST_FILE}

# Set file ownerships & perms so it is not writable
chmod 544 ${TEST_FILE}
chown ${USER3}:${GROUP} ${TEST_FILE}

# Show the permissions
echo "Initial permissions are as follows\n"
ls -ld ${TEST_DIR} ${TEST_FILE}

# As $USER1 show that we can delete the file from UNIX
echo "\n Deleting ${TEST_FILE}"
su - ${USER1} -c "rm -f ${TEST_FILE}" >&- 2>&-
if [[ ! -f ${TEST_FILE} ]];then
   echo "Test file deleted\n"
else
   echo "Failed to delete test file\n"
fi

# Re-create the file again
touch ${TEST_FILE}
chmod 544 ${TEST_FILE}
chown ${USER3}:${GROUP} ${TEST_FILE}

# Show the permissions
echo "Permissions following file re-creation are as follows\n"
ls -ld ${TEST_DIR} ${TEST_FILE}

echo "\nNow attempt to delete the file using a windows client" 



The information contained in this message may be CONFIDENTIAL and is intended
for the addressee only.  Any unauthorised use, dissemination of the information,
or copying of this message is prohibited. If you are not the addressee, please
notify the sender immediately by return e-mail and delete this message. Although
this e-mail and any attachments are believed to be free of any virus, or other
defect which might affect any computer or system into which they are received
and opened, it is the responsibility of the recipient to ensure that they are
virus free and no responsibility is accepted by M&G for any loss or damage
from receipt or use thereof.
Please note that all e-mail messages are subject to interception for lawful
business purposes.

sounds like you're hitting "map readonly"
please play with it and see man smb.conf

greez

Neil.Macoustra@MandG.co.uk wrote:
> Hi all,
> 
> Following an upgrade from samba 2.2.8a to 3.0.22 we have been unable to 
> delete files on a samba share using an XP client.  We were previously able 
> to delete these files when using 2.2.8a. 
> 
> The problem occurs when we have a particular sub-set of permissions. 
> Directory permissions on UNIX are set to 775 and ownerhips to usera : 
> group1.  This should mean that either usera  or anyone who belongs to 
> group1 should  be able to delete any file within the directory 
> irrespective of what the file permissions and ownerships are.  From UNIX 
> this is the case.  Using an XP client on samba 2.2.8a this is the case. On 
> samba 3.0.22 this is not the case. 
> 
>  We have an application which writes files into the top level directory of 
> the samba directory with permissions 544.The ownerships of the file are 
> userb (i.e. different from the directory owner). group1 (i.e. the same as 
> the directory).  If a third user, userc  who is a member of group1 (there 
> is a force group directive on the share as well) comes along and attempts 
> to delete the file through the samba share, the delete fails. 
> Experimentation has shown the delete works if the file is writable by the 
> user (e.g 744 cf  544) or the file is owned by the user trying to delete 
> it.
> 
>  We have upgraded only a few of our servers to 3.0.22 and we have been 
> able to reproduce the problem.    I have attached a script which run as 
> root on UNIX  sets up a test share and appropriated file/dir permissions. 
> Other details about are installation are given below
> 
> UNIX OS: Solaris 8, Solaris 9
> PDC: Windows 2003
> 
> If anyone has any suggestions as to how this issue can be resolved, I 
> would be grateful to hear from them
> 
> cheers
> 
> Neil
> 
> #!/bin/ksh
> 
> # TEST_DIR = UNIX directory being shared out ( The 'samba dir')
> TEST_DIR=/smb_debug
> # TEST_FILE = file used to demonstrate the problem
> export TEST_FILE=${TEST_DIR}/test
> # SMB_CONF = path to smb.conf
> SMB_CONF=/path/to/your/smb.conf
> # SHARENAME = the name for the samba share
> SHARENAME=neil
> # GROUP =  the group ownership on the 'samba dir'.  Membership of
this
> group
> # should permit files to be deleted from this directory.
> GROUP=group1
> # USER1 = the username attempting to delete files from the samba share. 
> They
> # must belong to ${GROUP}
> USER1=usera
> # USER2 = The user ownership on the 'samba dir'
> USER2=userb
> # USER3 = The user ownership on ${TEST_FILE}
> USER3=userc
> 
> # On UNIX, make the directory shared out by samba if it does not exist
> [[ ! -d ${TEST_DIR} ]] && mkdir ${TEST_DIR}
> 
> # Create the samba share if required
> egrep \\[${SHARENAME}\\] ${SMB_CONF} >&- 2>&- || {
> cat <<_EOT1__ >> ${SMB_CONF}
> [${SHARENAME}]
>         path = ${TEST_DIR}
>         comment = "Test share for permissions issue"
>         valid users = @${GROUP} 
>         read only = no
>         create mask = 755
>         force group = ${GROUP}
> _EOT1__
> }
> 
> # Make the 'samba directory' owned by an account other than that
which
> deletes
> # the file.  Make the group ownership ${GROUP}.  Make the permissions such 
> that
> # members of ${GROUP} can delete (and create) files within ${TEST_DIR}.
> chown ${USER2}:${GROUP} ${TEST_DIR}
> chmod 775 ${TEST_DIR}
> 
> # Create the file we want to delete
> touch ${TEST_FILE}
> 
> # Set file ownerships & perms so it is not writable
> chmod 544 ${TEST_FILE}
> chown ${USER3}:${GROUP} ${TEST_FILE}
> 
> # Show the permissions
> echo "Initial permissions are as follows\n"
> ls -ld ${TEST_DIR} ${TEST_FILE}
> 
> # As $USER1 show that we can delete the file from UNIX
> echo "\n Deleting ${TEST_FILE}"
> su - ${USER1} -c "rm -f ${TEST_FILE}" >&- 2>&-
> if [[ ! -f ${TEST_FILE} ]];then
>    echo "Test file deleted\n"
> else
>    echo "Failed to delete test file\n"
> fi
> 
> # Re-create the file again
> touch ${TEST_FILE}
> chmod 544 ${TEST_FILE}
> chown ${USER3}:${GROUP} ${TEST_FILE}
> 
> # Show the permissions
> echo "Permissions following file re-creation are as follows\n"
> ls -ld ${TEST_DIR} ${TEST_FILE}
> 
> echo "\nNow attempt to delete the file using a windows client" 
> 
> 
> 
> The information contained in this message may be CONFIDENTIAL and is
intended for the addressee only.  Any unauthorised use, dissemination of the
information, or copying of this message is prohibited. If you are not the
addressee, please notify the sender immediately by return e-mail and delete this
message. Although this e-mail and any attachments are believed to be free of any
virus, or other defect which might affect any computer or system into which they
are received and opened, it is the responsibility of the recipient to ensure
that they are virus free and no responsibility is accepted by M&G for any
loss or damage from receipt or use thereof.
> Please note that all e-mail messages are subject to interception for lawful
business purposes.
>

Hi Neil,
> Following an upgrade from samba 2.2.8a to 3.0.22 we have been unable
> to delete files on a samba share using an XP client.  We were
> previously able to delete these files when using 2.2.8a. 
This sounds remarkably similar to the problem I was having, where I
could create files, modify them, but not delete them:

http://lists.samba.org/archive/samba/2006-May/120521.html

If you work out a way to fix this, do let me know!

Cheers,
Adam.

On Wed, May 31, 2006 at 02:06:53PM +0100, Neil.Macoustra@MandG.co.uk
wrote:
> 
> Following an upgrade from samba 2.2.8a to 3.0.22 we have been unable to 
> delete files on a samba share using an XP client.  We were previously able 
> to delete these files when using 2.2.8a. 
> 
> The problem occurs when we have a particular sub-set of permissions. 
> Directory permissions on UNIX are set to 775 and ownerhips to usera : 
> group1.  This should mean that either usera  or anyone who belongs to 
> group1 should  be able to delete any file within the directory 
> irrespective of what the file permissions and ownerships are.  From UNIX 
> this is the case.  Using an XP client on samba 2.2.8a this is the case. On 
> samba 3.0.22 this is not the case. 
> 
>  We have an application which writes files into the top level directory of 
> the samba directory with permissions 544.The ownerships of the file are 
> userb (i.e. different from the directory owner). group1 (i.e. the same as 
> the directory).  If a third user, userc  who is a member of group1 (there 
> is a force group directive on the share as well) comes along and attempts 
> to delete the file through the samba share, the delete fails. 
> Experimentation has shown the delete works if the file is writable by the 
> user (e.g 744 cf  544) or the file is owned by the user trying to delete 
> it.
> 
>  We have upgraded only a few of our servers to 3.0.22 and we have been 
> able to reproduce the problem.    I have attached a script which run as 
> root on UNIX  sets up a test share and appropriated file/dir permissions. 
> Other details about are installation are given below
> 
> UNIX OS: Solaris 8, Solaris 9
> PDC: Windows 2003
> 
> If anyone has any suggestions as to how this issue can be resolved, I 
> would be grateful to hear from them
Can you send me a debug level 10 log from the smbd when you attempt to
delete the file along with the name of the file you're trying to delete.

Thanks,

	Jeremy.