Roland Schwingel
2015-Aug-05 12:52 UTC
[Samba] Samba4 not able to write to group writeable folder???
Hi...
With samba4 I sometimes feel like a bloody beginner even I use samba
since ages.
Miracle of the day: Users connecting using samba4 cannot write to group
writeable folders even they should be able to.
I upgraded one 3.6 fileserver to 4.2.3. PDC is always a samba 4.2.3
instance. I am using samba4 in classic PDC mode for a couple of reasons.
On my fileserver I have a folder called /TestData. It looks like this:
drwxr-xr-x 39 testdata testdata 4096 Aug 5 10:55 .
drwxr-xr-x 34 root root 4096 Aug 4 21:23 ..
drwxrwsr-x 12 testdata testdata 4096 Aug 5 14:20 0-9
drwsrwsr-x 211 testdata testdata 12288 Aug 5 12:21 A
drwxrwsr-x 185 testdata testdata 12288 Jul 8 15:39 B
drwxrwsr-x 166 testdata testdata 4096 Jun 26 13:18 C
.
.
.
drwxrwsr-x 35 testdata testdata 4096 Jun 12 08:15 X
drwxrwsr-x 12 testdata testdata 4096 Jun 20 2014 Y
drwxrwsr-x 49 testdata testdata 4096 Aug 5 10:57 Z
/TestData shall only be writeable by members of group testdata.
And only the subfolders shall be writeable not the root folder.
When a user belonging to the group testdata writes to one of these
subfolders (eg. A) under linux everything is fine. Other users are
blocked. So permissions are setup correctly.
With Samba3 this is the case also for windows users belonging to
testdata group. Not with samba4. Users belonging to testdata are *NOT*
allowed to write to *any* subfolder. Reading is ok. All users that
should write to TestData are member of the unix group testdata but not
as primary group.
My samba4 smb.conf
[global]
unix charset = UTF-8
workgroup = MYDOM
server string = Fileserver HOG
interfaces = eth0
bind interfaces only = Yes
security = DOMAIN
load printers = no
map to guest = Never
# log level = 1
log file = /usr/local/samba/var/log.%m
max log size = 500
name resolve order = host bcast
unix extensions = No
hide dot files = No
csc policy = disable
strict locking = No
wide links = Yes
# Workaround to make all .exe executable
acl allow execute always = True
[TestData]
comment = TestData
path = /TestData
read only = No
guest ok = No
inherit permissions = Yes
The smb.conf is quite similar to the one the one I use with samba3
I switched a couple of times between my old samba3.6 installation and my
new 4.2.3 but the symptom is still there. samba3 users can write, samba
4 users cant.
What kind of stupidity I miss here?
Thanks for your help,
Roland
Bob of Donelson Trophy
2015-Aug-05 15:02 UTC
[Samba] Samba4 not able to write to group writeable folder???
I had a similar issue in that I wanted a common directory for all users (we are very small) to be able to read/write and everyone can see and/or change as needed. I discovered (and this is as much help as I can give on this subject) that for the group to have access was an ACL permissions issue. New (to me anyway) and almost completely separate to standard Linux file permissions. Essentially you have a directory that needs to have the ACL's adjusted to allow access. (I do not think this was ever part of the "Samba3 world".) Check out "setfacl" and "getfacl" and you will be able to set ACL permissions so W7 clients can access. This "ACL" world is wonderful, once you get your head around it. Good luck. --- _______________________________ Bob Wooden of Donelson Trophy 615.885.2846 www.donelsontrophy.com [1] "Everyone deserves an award!!" On 2015-08-05 07:52, Roland Schwingel wrote:> Hi... > > With samba4 I sometimes feel like a bloody beginner even I use samba since ages. > > Miracle of the day: Users connecting using samba4 cannot write to group writeable folders even they should be able to. > > I upgraded one 3.6 fileserver to 4.2.3. PDC is always a samba 4.2.3 instance. I am using samba4 in classic PDC mode for a couple of reasons. > > On my fileserver I have a folder called /TestData. It looks like this: > drwxr-xr-x 39 testdata testdata 4096 Aug 5 10:55 . > drwxr-xr-x 34 root root 4096 Aug 4 21:23 .. > drwxrwsr-x 12 testdata testdata 4096 Aug 5 14:20 0-9 > drwsrwsr-x 211 testdata testdata 12288 Aug 5 12:21 A > drwxrwsr-x 185 testdata testdata 12288 Jul 8 15:39 B > drwxrwsr-x 166 testdata testdata 4096 Jun 26 13:18 C > . > . > . > drwxrwsr-x 35 testdata testdata 4096 Jun 12 08:15 X > drwxrwsr-x 12 testdata testdata 4096 Jun 20 2014 Y > drwxrwsr-x 49 testdata testdata 4096 Aug 5 10:57 Z > > /TestData shall only be writeable by members of group testdata. > And only the subfolders shall be writeable not the root folder. > > When a user belonging to the group testdata writes to one of these subfolders (eg. A) under linux everything is fine. Other users are blocked. So permissions are setup correctly. > > With Samba3 this is the case also for windows users belonging to testdata group. Not with samba4. Users belonging to testdata are *NOT* allowed to write to *any* subfolder. Reading is ok. All users that should write to TestData are member of the unix group testdata but not as primary group. > > My samba4 smb.conf > [global] > unix charset = UTF-8 > workgroup = MYDOM > server string = Fileserver HOG > interfaces = eth0 > bind interfaces only = Yes > security = DOMAIN > load printers = no > map to guest = Never > # log level = 1 > log file = /usr/local/samba/var/log.%m > max log size = 500 > name resolve order = host bcast > unix extensions = No > hide dot files = No > csc policy = disable > strict locking = No > wide links = Yes > # Workaround to make all .exe executable > acl allow execute always = True > > [TestData] > comment = TestData > path = /TestData > read only = No > guest ok = No > inherit permissions = Yes > > The smb.conf is quite similar to the one the one I use with samba3 > > I switched a couple of times between my old samba3.6 installation and my new 4.2.3 but the symptom is still there. samba3 users can write, samba 4 users cant. > > What kind of stupidity I miss here? > > Thanks for your help, > > RolandLinks: ------ [1] http://www.donelsontrophy.com