samba - Jun 2012 - Can create files from share but only delete as root

Fellow List Members:

After upgrading our server to RHEL 6 from RHEL 5, I discovered that our 
linux clients could create files on the share but not delete them unless 
they first switch to root (su -).
This is very odd to me since the share in question is mounted with the 
non-root user's credentials.  The fstab entry is as follows:

//192.168.1.2/officefiles /mnt/officefiles cifs 
username=joe,password=fakepwd 0 0

Now, the version of samba on the server is 3.5.10 and on the client is 
3.5.4.  I can't upgrade the client w/o difficulty since it is an expired 
distribution (OpenSuSE 11.3).

The smb conf forces full permissions on files and directories.  Here is 
the share:

[officefiles]
         force create mode = 777
         create mode = 777
         path = /cool/officefiles
         force directory mode = 777
         directory mode = 777

And, the mount owner also belongs to the cool_users group on the server:

drwxrwxr-x  25 jim    cool_users 4096 Jun 26 14:26 officefiles

Notice, there is no sticky bit on the directory.  Now, if I add the user 
option after installing setuid on /bin/mount and /sbin/mount.cifs, I
can mount the share as joe and delete files to my heart's content. So, I 
am wondering if this is by design so that if I want the user to be able 
to delete from the share,
they need to not only have linux and samba permissions but also be the 
user that mounts the share.  If this is not the design, PLEASE tell me 
what I am missing.  Here is the global section
of the smb.conf for good measure:

[global]
         log file = /var/log/samba/%m.log
         load printers = yes
         idmap gid = 16777216-33554431
         socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
         username map = /etc/samba/smbusers
         winbind use default domain = no
         template shell = /bin/false
         dns proxy = no
         oplocks = no
         cups options = raw
         netbios name = cool-server
         delete readonly = yes
         writeable = yes
         server string = Samba Server
         password server = None
         idmap uid = 16777216-33554431
         workgroup = COOL
         os level = 20
         printcap name = /etc/printcap
         create mode = 775
         short preserve case = no
         max log size = 50
         directory mode = 775

Thanks.

-- 
David J. Rericha
Project Manager
Open Software Solutions, LLC

I solved this problem with the help of RedHat Linux support.  With the 
newer versions of CUPS, it is necessary to specify the uid and gid as a 
local user and group respectively in order to delete from the share.

Thanks,

David J. Rericha
Project Manager
Open Software Solutions, LLC
(W) 563-884-4010
(C) 563-650-5446


On 06/26/2012 05:53 PM, David Rericha wrote:
> Fellow List Members:
>
> After upgrading our server to RHEL 6 from RHEL 5, I discovered that 
> our linux clients could create files on the share but not delete them 
> unless they first switch to root (su -).
> This is very odd to me since the share in question is mounted with the 
> non-root user's credentials.  The fstab entry is as follows:
>
> //192.168.1.2/officefiles /mnt/officefiles cifs 
> username=joe,password=fakepwd 0 0
>
> Now, the version of samba on the server is 3.5.10 and on the client is 
> 3.5.4.  I can't upgrade the client w/o difficulty since it is an 
> expired distribution (OpenSuSE 11.3).
>
> The smb conf forces full permissions on files and directories.  Here 
> is the share:
>
> [officefiles]
>         force create mode = 777
>         create mode = 777
>         path = /cool/officefiles
>         force directory mode = 777
>         directory mode = 777
>
> And, the mount owner also belongs to the cool_users group on the server:
>
> drwxrwxr-x  25 jim    cool_users 4096 Jun 26 14:26 officefiles
>
> Notice, there is no sticky bit on the directory.  Now, if I add the 
> user option after installing setuid on /bin/mount and /sbin/mount.cifs, I
> can mount the share as joe and delete files to my heart's content. So, 
> I am wondering if this is by design so that if I want the user to be 
> able to delete from the share,
> they need to not only have linux and samba permissions but also be the 
> user that mounts the share.  If this is not the design, PLEASE tell me 
> what I am missing.  Here is the global section
> of the smb.conf for good measure:
>
> [global]
>         log file = /var/log/samba/%m.log
>         load printers = yes
>         idmap gid = 16777216-33554431
>         socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
>         username map = /etc/samba/smbusers
>         winbind use default domain = no
>         template shell = /bin/false
>         dns proxy = no
>         oplocks = no
>         cups options = raw
>         netbios name = cool-server
>         delete readonly = yes
>         writeable = yes
>         server string = Samba Server
>         password server = None
>         idmap uid = 16777216-33554431
>         workgroup = COOL
>         os level = 20
>         printcap name = /etc/printcap
>         create mode = 775
>         short preserve case = no
>         max log size = 50
>         directory mode = 775
>
> Thanks.
>