samba - Aug 2011 - Problem with samba share file permissions: Write protection is not working as expected

From: raj kernel <raj.kernel at gmail.com>
Date: Wed, 3 Aug 2011 18:35:16 +0530
> I have configured samba server on a Linux machine. My smb.conf for the
samba
> share is as follows:
> 
> [data1]
> path = /mnt/data1
> guest ok = yes
> public = yes
> writable  = yes
> read only = no
> create mode = 0777
> directory mode = 0777
> printable = no
> 
> I have created two subdir's 'private' and 'public'
under /mnt/data1. public
> has all access permissions '777', but private has only read
permissions.
> I am able to write/create files to both 'public' as well as
'private'
> directory when these shares are accessed from Windows7 machine.
Write/create
> operation has to be denied for 'private' dir as it only has
'read'
> permission enabled, but it's not denied, file write/create operation
still
> succeeds :(
> 
> Could someone help me what am I missing?
> Do I need to add ACL support to my file system and samba for the
> directory/read permissions to work?
It seems that your "data1" configuration is not bad.
Show the result of "ls -la /mnt/data1" and your global section.

---
TAKAHASHI Motonobu <monyo at samba.gr.jp>

Dear TAKAHASHI Motonobu,

Thanks for the reply. Here is the info you have requested for.

cat /usr/local/samba/lib/smb.conf
-------------------------------------------------
[global]
server string = Star's 9100 Samba TEST Server
security = share
socket options = TCP_NODELAY IPTOS_LOWDELAY
max xmit = 65535
read size = 65535
interfaces = eth0
dns proxy = no
guest account = root
use mmap = yes
large readwrite = yes

ls output
--------------
# ls -la /mnt/data1
total 1
drwxr-xr-x    4 root     root            33 Jan  1 05:09 .
drwxr-xr-x   12 root     root          1024 Jan  1 00:26 ..
dr--------    2 root     root            21 Jan  1 05:11 private
drwxr-xr-x    2 root     root            21 Jan  1 05:11 public
#

Please let me know if you need any additional information.




On Wed, Aug 3, 2011 at 7:54 PM, TAKAHASHI Motonobu <monyo at monyo.com>
wrote:
> From: raj kernel <raj.kernel at gmail.com>
> Date: Wed, 3 Aug 2011 18:35:16 +0530
>
> > I have configured samba server on a Linux machine. My smb.conf for the
> samba
> > share is as follows:
> >
> > [data1]
> > path = /mnt/data1
> > guest ok = yes
> > public = yes
> > writable  = yes
> > read only = no
> > create mode = 0777
> > directory mode = 0777
> > printable = no
> >
> > I have created two subdir's 'private' and 'public'
under /mnt/data1.
> public
> > has all access permissions '777', but private has only read
permissions.
> > I am able to write/create files to both 'public' as well as
'private'
> > directory when these shares are accessed from Windows7 machine.
> Write/create
> > operation has to be denied for 'private' dir as it only has
'read'
> > permission enabled, but it's not denied, file write/create
operation
> still
> > succeeds :(
> >
> > Could someone help me what am I missing?
> > Do I need to add ACL support to my file system and samba for the
> > directory/read permissions to work?
>
> It seems that your "data1" configuration is not bad.
> Show the result of "ls -la /mnt/data1" and your global section.
>
> ---
> TAKAHASHI Motonobu <monyo at samba.gr.jp>
>

From: raj kernel <raj.kernel at gmail.com>
Date: Wed, 3 Aug 2011 20:11:20 +0530
> Thanks for the reply. Here is the info you have requested for.
> 
> cat /usr/local/samba/lib/smb.conf
> -------------------------------------------------
> [global]
(snip)
> security = share
(snip)
> guest account = root
(snip)
>[data1]
> path = /mnt/data1
> guest ok = yes
(snip)
> I have created two subdir's 'private' and 'public'
under /mnt/data1.
> public has all access permissions '777', but private has only read
> permissions.
> I am able to write/create files to both 'public' as well as
> 'private' directory when these shares are accessed from Windows7
> machine.
You set "guest account = root" and "guest ok = yes", so all
accesses
are made as root.

Thus you can always access every files regardless of permissions.

---
TAKAHASHI Motonobu <monyo at samba.gr.jp>