samba - Jul 2006 - Permission Denied when "all" bits not set to r/w

Hello,

I'm having trouble with permissions on Samba 3.0.21.  It almost seems  
that the "all" bits are the only ones that Samba is obeying.  For  
instance, I created this file remotely over a samba share:

brandon.dimcheff@unity ~/untitled folder $ ls -als
total 17
0 drwx--S---   3 brandon.dimcheff westpole  160 Jul  3 15:51 .
1 drwx------  12 brandon.dimcheff westpole  816 Jul  3 15:51 ..
4 -rw-rw----   1 brandon.dimcheff westpole    4 Apr 12 17:41 test2

But when I try to access it, I get a permissions denied error and the  
logs produce the following.  If I set the permissions of the file to  
666, I can use the file just fine:

[2006/07/03 15:51:45, 3] smbd/process.c:process_smb(1194)
   Transaction 321 of length 134
[2006/07/03 15:51:45, 3] smbd/process.c:switch_message(993)
   switch message SMBntcreateX (pid 22541) conn 0x803b73f8
[2006/07/03 15:51:45, 3] smbd/dosmode.c:unix_mode(121)
   unix_mode(untitled folder/test2) returning 0764
[2006/07/03 15:51:45, 3] smbd/open.c:open_file(276)
   Error opening file untitled folder/test2 (Permission denied)  
(local_flags=0) (flags=0)
[2006/07/03 15:51:45, 3] smbd/error.c:unix_error_packet(90)
   unix_error_packet: error string = Permission denied
[2006/07/03 15:51:45, 3] smbd/error.c:error_packet(146)
   error packet at smbd/trans2.c(2632) cmd=162 (SMBntcreateX)  
NT_STATUS_ACCESS_DENIED

I'm running Samba with an LDAP backend and have ACL support compiled  
in, and the filesystem has ACLs enabled.  Samba is serving as the PDC.

I appreciate any suggestions.  My smb.conf is attached.
-- 
Brandon Dimcheff
IT Consultant
West Pole, Inc. - http://www.westpole.com
201 Nickels Arcade, Ann Arbor, MI 48104 - 734.995.6390 x21

-------------- next part --------------

... Or my smb.conf is pasted here, since attachments are removed  
automatically ...

[global]
	log level = 3
	workgroup = WESTPOLE_BETA
	server string = Unity
	map to guest = Bad User
	smb passwd file = /etc/samba/private/smbpasswd
	passdb backend = ldapsam:ldap://unity.westpole.com/
	log file = /var/log/samba3/log.%m
	max log size = 5000
	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
	printcap name = cups
	dns proxy = No
	add user script = /usr/sbin/smbldap-useradd -m "%u"
	ldap delete dn = Yes
	#delete user script = /usr/sbin/smbldap-userdel "%u"
	add machine script = /usr/sbin/smbldap-useradd -w "%u"
	add group script = /usr/sbin/smbldap-groupadd -p "%g"
	#delete group script = /usr/sbin/smbldap-groupdel "%g"
	add user to group script = /usr/sbin/smbldap-groupmod -m "%u"
"%g"
	delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
"%g"
	set primary group script = /usr/sbin/smbldap-usermod -g "%g"
"%u"
	ldap admin dn = cn=Manager,dc=westpole,dc=com
	ldap delete dn = Yes
	ldap group suffix = ou=Group
	ldap idmap suffix = ou=People
	ldap machine suffix = ou=Computers
	ldap passwd sync = Yes
	ldap suffix = dc=westpole,dc=com
	ldap ssl = start tls
	ldap user suffix = ou=People
	printer admin = @adm
	create mask = 0774
	directory mask = 0775
	domain logons = yes
	preferred master = yes
	domain master = yes
	os level = 65
	hide dot files = yes
	load printers = yes
	printing = cups
	printcap name = cups
	security = user
	guest ok = no
	use client driver = no
	# For Samba 3.x. This enables ClamAV on access scanning.
	vfs object = vscan-clamav
	vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
	wins support = yes
	name resolve order = wins lmhosts host bcast
	dns proxy = no
					

[homes]
	comment = Home Directories
	read only = No
	browseable = No

[printers]
	comment = All Printers
	path = /var/spool/samba
	create mask = 0700
	guest ok = Yes
	printable = Yes
	browseable = No
	writeable = No

[brother_hl_2700cn]
	comment = Brother HL2700cn Network Printer
	printable = yes
	path = /var/spool/samba
	public = yes
	guest ok = yes
	printer admin = root

[hp_laserjet_4000]
	comment = HP LaserJet 4000 Network Printer
	printable = yes
	path = /var/spool/samba
	public = yes
	guest ok = yes
	printer admin = root
# Now we setup our print drivers information!
[print$]
	comment = Printer Drivers
	path = /etc/samba/printer
	guest ok = yes
	browseable = yes
	read only = yes
	# Modify this to "username,root" if you don't want root to
	# be the only printer admin)
	write list = @adm,root

[fileserver]
	comment = West Pole File Server
	path = /mnt/fileserver
	read only = No
	hide dot files = yes

[backups]
	comment = West Pole File Server Daily Backups
	path = /mnt/dailies
	read only = Yes
	hide dot files = yes

[netlogon]
	path = /var/lib/samba/netlogon
	guest ok = no
	read only = yes
	browseable = no


[profiles]
	path = /var/lib/samba/profiles
	browseable = no
	writeable = yes
	default case = lower
	preserve case = no
	short preserve case = no
	case sensitive = no
	hide files = /desktop.ini/ntuser.ini/NTUSER.*/
	write list = @smbusers @root @westpole
	create mask = 0600
	directory mask = 0700
	profile acls = no


Thanks,
-- 
Brandon Dimcheff
IT Consultant
West Pole, Inc. - http://www.westpole.com
201 Nickels Arcade, Ann Arbor, MI 48104 - 734.995.6390 x21


On Jul 5, 2006, at 10:11, Brandon Dimcheff wrote:
> Hello,
>
> I'm having trouble with permissions on Samba 3.0.21.  It almost  
> seems that the "all" bits are the only ones that Samba is
obeying.
> For instance, I created this file remotely over a samba share:
>
> brandon.dimcheff@unity ~/untitled folder $ ls -als
> total 17
> 0 drwx--S---   3 brandon.dimcheff westpole  160 Jul  3 15:51 .
> 1 drwx------  12 brandon.dimcheff westpole  816 Jul  3 15:51 ..
> 4 -rw-rw----   1 brandon.dimcheff westpole    4 Apr 12 17:41 test2
>
> But when I try to access it, I get a permissions denied error and  
> the logs produce the following.  If I set the permissions of the  
> file to 666, I can use the file just fine:
>
> [2006/07/03 15:51:45, 3] smbd/process.c:process_smb(1194)
>   Transaction 321 of length 134
> [2006/07/03 15:51:45, 3] smbd/process.c:switch_message(993)
>   switch message SMBntcreateX (pid 22541) conn 0x803b73f8
> [2006/07/03 15:51:45, 3] smbd/dosmode.c:unix_mode(121)
>   unix_mode(untitled folder/test2) returning 0764
> [2006/07/03 15:51:45, 3] smbd/open.c:open_file(276)
>   Error opening file untitled folder/test2 (Permission denied)  
> (local_flags=0) (flags=0)
> [2006/07/03 15:51:45, 3] smbd/error.c:unix_error_packet(90)
>   unix_error_packet: error string = Permission denied
> [2006/07/03 15:51:45, 3] smbd/error.c:error_packet(146)
>   error packet at smbd/trans2.c(2632) cmd=162 (SMBntcreateX)  
> NT_STATUS_ACCESS_DENIED
>
> I'm running Samba with an LDAP backend and have ACL support  
> compiled in, and the filesystem has ACLs enabled.  Samba is serving  
> as the PDC.
>
> I appreciate any suggestions.  My smb.conf is attached.
> -- 
> Brandon Dimcheff
> IT Consultant
> West Pole, Inc. - http://www.westpole.com
> 201 Nickels Arcade, Ann Arbor, MI 48104 - 734.995.6390 x21
>
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba