samba - Sep 2009 - Share Permission Issue

I have some strange behavior with a samba share that I have been unable to
explain.  The system is joined to an AD domain and configured to use winbind
and ldap.  I can login to the system with a domain user and filesystem
permissions function as expected.  When I create a samba share I can create
files but only delete if the user account is the owner of the parent folder
or other has write permission.  Granting permission via group will permit me
read and create but not delete.  

[data01]
        comment = data01 share
        path = /shared/data01
        browseable = yes
        guest ok = no
        writable = yes
        valid users = +Domain\IT
        inherit permissions = yes

When connected from an XP system with user user the following happens.

Can create but not delete from directory:
d---rwx--- 2 root         IT   3896 Sep  5 00:05 data01

Can create and delete from directory:
d---rwx-w- 2 root         IT   3896 Sep  5 00:05 data01

Can delete but can't create in directory:
d---r-x-w- 2 root         IT   3896 Sep  5 00:19 test

Can't see directory contents:
d------rwx 2 root         IT   3896 Sep  5 00:05 data01

Create and delete files as expected:
drwx------ 2 user         IT   3896 Sep  5 00:32 test

g+w gives the ability to create files within a directory and o+w grants the
ability to delete from directory.

I do not want to grant other write access but that seems to be the only way
I can maintain the ability to remove files from the share.

CentOS release 5.3 (Final)
Samba Version 3.0.33-3.7.el5_3.1


Any assistance would be greatly appreciated.

Thanks,
Dave




-- 
View this message in context:
http://www.nabble.com/Share-Permission-Issue-tp25305061p25305061.html
Sent from the Samba - General mailing list archive at Nabble.com.

> I do not want to grant other write access but that seems to be the only way
> I can maintain the ability to remove files from the share.
> 
> CentOS release 5.3 (Final)
> Samba Version 3.0.33-3.7.el5_3.1
It is recommended to update samba to latest stable (3.4.x) series. rpms 
are available from sernet.de

You can avoid this permission issue using acls on filesystem with 
setfacl and getfacl commands and see tutorial at:

http://www.vanemery.com/Linux/ACL/linux-acl.html

--
Eero,
RHCE

>         inherit permissions = yes
I've never used "inherit permissions" but I do have "inherit
owner" set
and I don't have any problems with delete access.

I did have a problem like this when I first set Samba up, but I can't
remember what the solution was.  I *think* it had something to do with
Samba checking access instead of letting the filesystem do it.  When it
was changed to allow everything and rely on the filesystem to block
access everything worked fine.  Maybe that's what "public=yes" and
"writable=yes" are doing on that share...
> g+w gives the ability to create files within a directory and o+w grants the
> ability to delete from directory.
> 
> I do not want to grant other write access but that seems to be the only way
> I can maintain the ability to remove files from the share.
Well a workaround would be to create a folder higher up as 0070, which
would mean only people of that group could see inside it.  Then it
doesn't really matter whether "others" can write into your real
folders,
because they won't be able to get past the 0070 folder.
> CentOS release 5.3 (Final)
> Samba Version 3.0.33-3.7.el5_3.1
Maybe try a new version?

Cheers,
Adam.