samba - Feb 2012 - A windows user can create a file, but cannot delete

Colleagues,

I have encountered a weird problem (FreeBSD 8.2, samba34-3.4.14). 
A user can create files in a samba share but cannot delete files from
it (unless she is the owner of the file).

The user is a member of a group with rwx permissions on this directory
granted by a Posix ACL entry. The user can create and delete files in
the directory from the shell on the file server (which is correct
according to Unix logic), but only create from the Windows client.

smbd seems to be interfering somehow with unlink(). If I make the user
the owner of the file, or a member of the file's primary group, now
the user can delete the file. If a user is a member of some other
group which has rwx permissions on the directory, the user can only
create files but not delete them.

Certainly it's not a Unix permission issue. There is no "read
only"
attribute on the files, no sticky bit on the directory, no weird
UFS file flags and attributes.

I have tried "acl check permissions" both yes and no with no effect.

TIA for any ideas. I have seen people with similar problems, like
http://lists.samba.org/archive/samba/2006-May/120521.html
but never a solution.

-- 
Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
sip:sudakov at sibptus.tomsk.ru

Hi!

Are you using security=share? We have issues there right now
that need resolving.

With best regards,

Volker Lendecke

On Tue, Feb 21, 2012 at 12:43:14PM +0700, Victor Sudakov
wrote:
> Colleagues,
> 
> I have encountered a weird problem (FreeBSD 8.2, samba34-3.4.14). 
> A user can create files in a samba share but cannot delete files from
> it (unless she is the owner of the file).
> 
> The user is a member of a group with rwx permissions on this directory
> granted by a Posix ACL entry. The user can create and delete files in
> the directory from the shell on the file server (which is correct
> according to Unix logic), but only create from the Windows client.
> 
> smbd seems to be interfering somehow with unlink(). If I make the user
> the owner of the file, or a member of the file's primary group, now
> the user can delete the file. If a user is a member of some other
> group which has rwx permissions on the directory, the user can only
> create files but not delete them.
> 
> Certainly it's not a Unix permission issue. There is no "read
only"
> attribute on the files, no sticky bit on the directory, no weird
> UFS file flags and attributes.
> 
> I have tried "acl check permissions" both yes and no with no
effect.
> 
> TIA for any ideas. I have seen people with similar problems, like
> http://lists.samba.org/archive/samba/2006-May/120521.html
> but never a solution.
> 
> -- 
> Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
> sip:sudakov at sibptus.tomsk.ru
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 G?ttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG G?ttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de

Volker Lendecke wrote:
> 
> Are you using security=share? We have issues there right now that need
resolving.
No, security = domain.

-- 
Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
sip:sudakov at sibptus.tomsk.ru

On Tue, Feb 21, 2012 at 12:43:14PM +0700, Victor Sudakov
wrote:
> Colleagues,
> 
> I have encountered a weird problem (FreeBSD 8.2, samba34-3.4.14). 
> A user can create files in a samba share but cannot delete files from
> it (unless she is the owner of the file).
> 
> The user is a member of a group with rwx permissions on this directory
> granted by a Posix ACL entry. The user can create and delete files in
> the directory from the shell on the file server (which is correct
> according to Unix logic), but only create from the Windows client.
> 
> smbd seems to be interfering somehow with unlink(). If I make the user
> the owner of the file, or a member of the file's primary group, now
> the user can delete the file. If a user is a member of some other
> group which has rwx permissions on the directory, the user can only
> create files but not delete them.
> 
> Certainly it's not a Unix permission issue. There is no "read
only"
> attribute on the files, no sticky bit on the directory, no weird
> UFS file flags and attributes.
> 
> I have tried "acl check permissions" both yes and no with no
effect.
> 
> TIA for any ideas. I have seen people with similar problems, like
> http://lists.samba.org/archive/samba/2006-May/120521.html
> but never a solution.
> 
> -- 
> Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
> sip:sudakov at sibptus.tomsk.ru
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
Sorry, I'm not a Samba-expert, but as far as I know, the following
parameter(s?) in smb.conf take care of this in our config
(samba-3.0.9-1.3E.5 on an older linux machine):
inherit permission = yes

As far as we tested it, Linux-ACLs are working as expected with this.

One more question: You put default permissions on your ACL-entries (setfacl ...
-m -d ... here) to define what permissions the directory passes on?
Or are you talking of normal UNIX-Permissions not ACLs?

Cheers
Michael
-- 
Michael P. Demelbauer
Systemadministration
WSR
Arsenal, Objekt 20
1030 Wien
--------------------------------------------------------------------------------------------------------------
/earth is 98% full ... please delete anyone you can.

Victor Sudakov wrote:
> 
> I have encountered a weird problem (FreeBSD 8.2, samba34-3.4.14). 
> A user can create files in a samba share but cannot delete files from
> it (unless she is the owner of the file).
Recompiling samba --with-acl-support solved the problem. Many thanks
to Adam Nielsen <adam.nielsen AT uq.edu.au> for the advice.

-- 
Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
sip:sudakov at sibptus.tomsk.ru