mostlyhappy
2008-Aug-21 13:25 UTC
[Samba] Group member can not delete files - only dir (775) owner can
Hi there, I have a problem I can not solve myself. I have samba 3.0.28 installed on a Ubuntu 8.0.4 server. Samba is a member of AD. Authentication is kerberos, user- / group ids are handled by nis (Windows 2008 SFU / NIS Server). My Samba config: [global] write list = admin,rado,@Administratoren deny hosts = 0.0.0.0/0.0.0.0 client schannel = No allow hosts = localhost, 192.168.1.0/255.255.252.0 netbios name = HORST printing = bsd delete readonly = yes invalid users = root local master = No workgroup = COCON debug level = 3 os level = 10 printcap name = /dev/null security = ads usershare allow guests = Yes disable spoolss = yes max log size = 1000 directory mode = 775 log level = 2 log file = /var/log/samba/log.%m load printers = no profile acls = Yes socket options = TCP_NODELAY SO_SNDBUF=16384 SO_RCVBUF=16384 wins server = 192.168.1.112 client use spnego = yes interfaces = 192.168.1.0/255.255.252.0 eth0 idmap backend = ad realm = COCON.INT server string = %h server (Samba, Ubuntu) wide links = no password server = 192.168.1.112 valid users = @sambauser,@Administratoren create mode = 664 syslog = 0 preferred master = no panic action = /usr/share/samba/panic-action %d bind interfaces only = Yes dos filemode = yes nt acl support = yes map acl inherit = yes [homes] browseable = yes writeable = yes path = /home/%U create mask = 0600 comment = Home Shares directory mask = 0700 valid users = %S,@chef available = yes force user = %S [SVS] comment = SVS packages path = /opt/svs Everything works well except for the fact, that group members who are not the owner of a folder can not delete/rename files in that folder. root@horst:/opt# ls -l ... drwxrwxr-x 10 admin Administratoren 12288 2008-08-21 14:49 svs ... root@horst:/opt/svs# ls -l ... -rw-rw-rw- 1 rado Administratoren 77 2008-08-17 18:05 test.txt ... root@horst:/var/log/samba# getent group | grep rado Administratoren::10001:scense,rado,Administrator,admin sambauser::10004:ute,rado,jutta,connyie,bernd,anne chef::10005:rado,connyie Although /opt/svs has the dir mask of 775 and I (rado) am a member of Administratoren I can not rename/delete test.txt. I can create new files/folders and edit files owned by admin, so the group mapping (AD to Samba) works. The logfile says 'NT_STATUS_ACCESS_DENIED' but I don't know why. Maybe the AD-Server only shows the first group (sambauser) membership when asked for the file deletion ? How can I investigate this ? Can anybody pls help ? Thanks, Rado Logfile: ... [2008/08/21 15:15:56, 3] smbd/process.c:switch_message(927) switch message SMBtrans2 (pid 26522) conn 0x84cb358 [2008/08/21 15:15:56, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (10000, 10004) - sec_ctx_stack_ndx = 0 [2008/08/21 15:15:56, 3] smbd/trans2.c:call_trans2qfilepathinfo(3304) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2008/08/21 15:15:56, 3] smbd/vfs.c:reduce_name(821) reduce_name [test.txt] [/opt/svs] [2008/08/21 15:15:56, 3] smbd/vfs.c:reduce_name(922) reduce_name: test.txt reduced to /opt/svs/test.txt [2008/08/21 15:15:56, 3] smbd/trans2.c:call_trans2qfilepathinfo(3355) call_trans2qfilepathinfo test.txt (fnum = -1) level=1004 call=5 total_data=0 [2008/08/21 15:15:56, 3] smbd/process.c:process_smb(1069) Transaction 59067 of length 108 [2008/08/21 15:15:56, 3] smbd/process.c:switch_message(927) switch message SMBntcreateX (pid 26522) conn 0x84cb358 [2008/08/21 15:15:56, 3] smbd/vfs.c:reduce_name(821) reduce_name [test.txt] [/opt/svs] [2008/08/21 15:15:56, 3] smbd/vfs.c:reduce_name(922) reduce_name: test.txt reduced to /opt/svs/test.txt [2008/08/21 15:15:56, 3] smbd/dosmode.c:unix_mode(142) unix_mode(test.txt) returning 0664 [2008/08/21 15:15:56, 3] smbd/vfs.c:reduce_name(821) reduce_name [test.txt] [/opt/svs] [2008/08/21 15:15:56, 3] smbd/vfs.c:reduce_name(922) reduce_name: test.txt reduced to /opt/svs/test.txt [2008/08/21 15:15:56, 2] smbd/open.c:open_file(391) rado opened file test.txt read=No write=No (numopen=1) [2008/08/21 15:15:56, 3] smbd/process.c:process_smb(1069) Transaction 59068 of length 76 [2008/08/21 15:15:56, 3] smbd/process.c:switch_message(927) switch message SMBtrans2 (pid 26522) conn 0x84cb358 [2008/08/21 15:15:56, 3] smbd/trans2.c:call_trans2qfilepathinfo(3244) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1006 [2008/08/21 15:15:56, 3] smbd/trans2.c:call_trans2qfilepathinfo(3355) call_trans2qfilepathinfo test.txt (fnum = 6669) level=1006 call=7 total_data=0 [2008/08/21 15:15:56, 3] smbd/process.c:process_smb(1069) Transaction 59069 of length 120 [2008/08/21 15:15:56, 3] smbd/process.c:switch_message(927) switch message SMBtrans2 (pid 26522) conn 0x84cb358 [2008/08/21 15:15:56, 3] smbd/trans2.c:call_trans2setfilepathinfo(5831) call_trans2setfilepathinfo(8) test.txt (fnum 6669) info_level=1004 totdata=40 [2008/08/21 15:15:56, 3] smbd/process.c:process_smb(1069) Transaction 59070 of length 45 [2008/08/21 15:15:56, 3] smbd/process.c:switch_message(927) switch message SMBclose (pid 26522) conn 0x84cb358 [2008/08/21 15:15:56, 3] smbd/reply.c:reply_close(3338) close fd=-1 fnum=6669 (numopen=1) [2008/08/21 15:15:56, 2] smbd/close.c:close_normal_file(406) rado closed file test.txt (numopen=0) NT_STATUS_OK [2008/08/21 15:15:56, 3] smbd/process.c:process_smb(1069) Transaction 59071 of length 108 [2008/08/21 15:15:56, 3] smbd/process.c:switch_message(927) switch message SMBntcreateX (pid 26522) conn 0x84cb358 [2008/08/21 15:15:56, 3] smbd/vfs.c:reduce_name(821) reduce_name [test.txt] [/opt/svs] [2008/08/21 15:15:56, 3] smbd/vfs.c:reduce_name(922) reduce_name: test.txt reduced to /opt/svs/test.txt [2008/08/21 15:15:56, 3] lib/util_seaccess.c:se_access_check(250) [2008/08/21 15:15:56, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-22-1-10000 se_access_check: also S-1-22-2-10004 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-22-2-10001 se_access_check: also S-1-22-2-10005 [2008/08/21 15:15:56, 3] smbd/error.c:error_packet_set(106) error packet at smbd/nttrans.c(697) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED [2008/08/21 15:15:56, 3] smbd/process.c:process_smb(1069) Transaction 59072 of length 108 [2008/08/21 15:15:56, 3] smbd/process.c:switch_message(927) switch message SMBntcreateX (pid 26522) conn 0x84cb358 [2008/08/21 15:15:56, 3] smbd/vfs.c:reduce_name(821) reduce_name [test.txt] [/opt/svs] [2008/08/21 15:15:56, 3] smbd/vfs.c:reduce_name(922) reduce_name: test.txt reduced to /opt/svs/test.txt [2008/08/21 15:15:56, 3] lib/util_seaccess.c:se_access_check(250) [2008/08/21 15:15:56, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-22-1-10000 se_access_check: also S-1-22-2-10004 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-22-2-10001 se_access_check: also S-1-22-2-10005 [2008/08/21 15:15:56, 3] smbd/error.c:error_packet_set(106) error packet at smbd/nttrans.c(697) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED [2008/08/21 15:15:56, 3] smbd/process.c:process_smb(1069) Transaction 59073 of length 104 [2008/08/21 15:15:56, 3] smbd/process.c:switch_message(927) switch message SMBtrans2 (pid 26522) conn 0x84cb358 [2008/08/21 15:15:56, 3] smbd/trans2.c:call_trans2findfirst(1704) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 2 requires_resume_key = 4 level = 0x104, max_data_bytes = 16384 [2008/08/21 15:15:56, 3] smbd/vfs.c:reduce_name(821) reduce_name [test.txt] [/opt/svs] [2008/08/21 15:15:56, 3] smbd/vfs.c:reduce_name(922) reduce_name: test.txt reduced to /opt/svs/test.txt [2008/08/21 15:15:56, 3] smbd/vfs.c:reduce_name(821) reduce_name [./] [/opt/svs] [2008/08/21 15:15:56, 3] smbd/vfs.c:reduce_name(922) reduce_name: ./ reduced to /opt/svs [2008/08/21 15:15:56, 3] smbd/dir.c:dptr_create(515) creating new dirptr 256 for path ./, expect_close = 1 [2008/08/21 15:15:56, 3] smbd/process.c:process_smb(1069) Transaction 59074 of length 108 [2008/08/21 15:15:56, 3] smbd/process.c:switch_message(927) switch message SMBntcreateX (pid 26522) conn 0x84cb358 [2008/08/21 15:15:56, 3] smbd/vfs.c:reduce_name(821) reduce_name [test.txt] [/opt/svs] [2008/08/21 15:15:56, 3] smbd/vfs.c:reduce_name(922) reduce_name: test.txt reduced to /opt/svs/test.txt [2008/08/21 15:15:56, 3] smbd/dosmode.c:unix_mode(142) unix_mode(test.txt) returning 0664 [2008/08/21 15:15:56, 3] smbd/vfs.c:reduce_name(821) reduce_name [test.txt] [/opt/svs] [2008/08/21 15:15:56, 3] smbd/vfs.c:reduce_name(922) reduce_name: test.txt reduced to /opt/svs/test.txt [2008/08/21 15:15:56, 2] smbd/open.c:open_file(391) rado opened file test.txt read=Yes write=No (numopen=1) [2008/08/21 15:15:56, 3] smbd/oplock_linux.c:linux_set_kernel_oplock(180) linux_set_kernel_oplock: got kernel oplock on file test.txt, dev = ca03, inode = 8650754, file_id = 4069 [2008/08/21 15:15:57, 3] smbd/process.c:process_smb(1069) Transaction 59075 of length 148 [2008/08/21 15:15:57, 3] smbd/process.c:switch_message(927) switch message SMBtrans2 (pid 26522) conn 0x8480850 [2008/08/21 15:15:57, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (10000, 10004) - sec_ctx_stack_ndx = 0 [2008/08/21 15:15:57, 3] smbd/trans2.c:call_trans2findfirst(1704) ... -- View this message in context: http://www.nabble.com/Group-member-can-not-delete-files---only-dir-%28775%29-owner-can-tp19088730p19088730.html Sent from the Samba - General mailing list archive at Nabble.com.
Reasonably Related Threads
Wisdom of the Ancients
