Thomas Schulz
2015-Apr-14 15:37 UTC
[Samba] Samba 4.2.0: Group write permission not honored
>>> Hello Thomas >>> >>> Am 06.04.2015 um 17:22 schrieb Thomas Schulz: >>>> For anyone considering using Samba 4.2.0, be aware that there is a >>>> problem with group write permission not being honored. >>>> >>>> This is seen on both Linux and Solaris. We have a setup where we have >>>> project directory trees where the files are owned by various users but >>>> also by a group that the various users are a member of. The group >>>> permissions are set to allow group write access. With Samba 4.1.* and >>>> earlier everyone in the group can create files in these directories. >>>> With Samba 4.2.0, we get an 'Access is denied' error. >>> >>> Is there already a bug report about that? If not, please open one, to=20 >>> get this fixed. Thanks. >>> >>> https://www.samba.org/~asn/reporting_samba_bugs.txt >>> >>> >>> Regards, >>> Marc >> >> I opened Bug 11192. I realized just a moment ago that I had forgotten >> to include that information. > > Do you have additional information like. > > - smb.conf > - where do the unix users/groups come from (ldap, AD (winbind/ssd) , local/> nis Database) > > I have a bug > > https://bugzilla.samba.org/show_bug.cgi?id=3D11082 > > open and I am wondering, if it could be relatedThe unix users/groups come from nis. I am not running winbindd except occasionally as a test to see if it makes a difference. I set the group permissions using the unix command 'chmod g+w'. On many of the directories there is an acl set to force the default group permission to include write. The smb.conf is as follows: # Global parameters [global] workgroup = ADI realm = adi.com server string = security = ADS guest account = nobody2 client NTLMv2 auth = No log file = /opt/local/samba4/var/logs/%h/log.%m max log size = 1500 name resolve order = bcast host unix extensions = No client signing = if_required client ldap sasl wrapping = plain printcap name = /etc/printers.samba dns proxy = No lock directory = /var/samba/locks/%h pid directory = /var/samba/locks/%h winbind sealed pipes = No require strong key = No idmap config * : backend = tdb printing = sysv include = /opt/local/samba4/etc/smb.conf.mackerel wide links = Yes delete readonly = Yes dos filemode = Yes msdfs root = Yes [zacltest2] comment = Acl test path = /home/users/schulz/tmp read only = No inherit permissions = Yes For a directory with an ACL, the ACL looks like this: # file: acltest2 # owner: atest # group: atest user::rwx group::rwx #effective:rwx mask:rwx other:r-x default:user::rwx default:group::rwx default:mask:rwx default:other:r-x Tom Schulz Applied Dynamics Intl. schulz at adi.com
Possibly Parallel Threads
- Samba 4.2.0: Group write permission not honored
- Samba 4.2.0: Group write permission not honored
- Samba 4.2.0: Group write permission not honored
- Format
- samba-tool ou create "OU=del-ou, dc=atest, dc=com" fails with /var/lib/samba/private/sam.ldb: No such file or directory