samba - Jun 2008 - Samba 3 handles Linux permissions differently then Samba 2 ?

Hi,

we have a problem with permissions migrating from a custom 2.4 kernel Linux 
distro with Samba 2.2.5 to OpenSuSE 10.3 (with samba 3.0.26).

We used to have directories like this (relative to the Samba share):

/root/dir0/dir1/dir2/dir3/userdir1-1/userdir1-2

'root' and all it's parent directories have '0755' Linux
permission.

dir0-dir3 all have '0711' permissions and belong to USER0 / GROUP0.
USER0
doesn't exist in 'smbpasswd' - everybody should be able to
'CD' into this
directories, but shouldn't be able to list it's contents. These are
several
combinations of such directories on each samba server and we'd like to
'hide'
them from users.

'userdir1-1' has '3750' permission, but it belongs to a group
'USERGROUP1'.
USER1 belongs to this group and should be able to see what's in this
directory,
but nothing more.

'userdir1-2' has '3770' permissions and it also belongs to
'USERGROUP1'. USER1
should be able to create, change and delete files.

On Windows, we use 'NET USE Q: \\samba\share /USER:USER1 PASS' to map
the share.

Then we use a special program that runs in a 'CMD' prompt (it's a
DOS program)
and will access 'Q:\dir0\dir1\dir2\dir3\userdir1-1\userdir1-2' - it will
try to
create a file, then wait for server side program to process this file and create
a new response file. It will scan the directory periodically to detect the new 
file - then it will make a clean-up (remove all files that are related to this 
process).

This works perfectly on Samba 2.2.5 and has been in use for several years.

On Samba 3.0.26 it fails, the log reports "scan dir didn't open dir
'dir0'" -
the next line is 'ACCESS DENIED'. If we change permissions of
'dir0-dir3' to
'0755', it works - but it is desired to keep the structure from users.

Another weird thing is that when we use 'CMD' and 'CD' into each
of these
directories, it behaves as expected - for example:

If we do this:

 > Q:
 > CD \DIR0
 > CD DIR1
 > CD DIR2
 > DIR

we get a 'Path not found' message - that's correct - users shouldn
see what's in
there. They should know what belongs to them and go there directly.

We can do this:
> Q:
> CD \DIR0
> CD DIR1
> CD DIR2
> CD DIR3
> CD USERDIR1-1
> CD USERDIR1-2
> MKDIR TEST
> RMDIR TEST
This is basically what the DOS program does...


I don't understand why it would work for regular DOS commands, but not for
our
little DOS program (which, btw. is using DOS calls for file operations - the 
programmer told me he used '5B - create-new-file', but has also changed
this to
'3C - create-file' for testing - with the same result).

Any ideas?


  Thanks for listening, Danilo