Jeremy Allison
2016-Nov-16 20:17 UTC
[Samba] Clients can't write to group-writable files - plea for help
On Wed, Nov 16, 2016 at 03:12:06PM -0500, Josh Malone via samba wrote:> On 11/16/16 2:32 PM, Jeremy Allison via samba wrote: > >> > >>But the file is not root:root - it's owned by uid 12477 and group > >>9006. Why is Samba getting the wrong owner/group for this file? > > > >That is the core of your problem. What does the full debug level 10 > >log say around this message ? > > > > Nothing that I can see.That is not a helpful response to a request for debug info. Just sayin' :-) :-).
Josh Malone
2016-Nov-16 20:25 UTC
[Samba] Clients can't write to group-writable files - plea for help
On 11/16/16 3:17 PM, Jeremy Allison wrote:> On Wed, Nov 16, 2016 at 03:12:06PM -0500, Josh Malone via samba wrote: >> On 11/16/16 2:32 PM, Jeremy Allison via samba wrote: >>>> >>>> But the file is not root:root - it's owned by uid 12477 and group >>>> 9006. Why is Samba getting the wrong owner/group for this file? >>> >>> That is the core of your problem. What does the full debug level 10 >>> log say around this message ? >>> >> >> Nothing that I can see. > > That is not a helpful response to a request for debug info. > > Just sayin' :-) :-). >No, it's not. Apologies. http://www.cv.nrao.edu/~jmalone/sambalog.txt -- -------------------------------------------------------- Joshua Malone Systems Administrator (jmalone at nrao.edu) NRAO Charlottesville 434-296-0263 www.nrao.edu 434-249-5699 (mobile) --------------------------------------------------------
Jeremy Allison
2016-Nov-17 19:17 UTC
[Samba] Clients can't write to group-writable files - plea for help
On Wed, Nov 16, 2016 at 03:25:24PM -0500, Josh Malone wrote:> On 11/16/16 3:17 PM, Jeremy Allison wrote: > >On Wed, Nov 16, 2016 at 03:12:06PM -0500, Josh Malone via samba wrote: > >>On 11/16/16 2:32 PM, Jeremy Allison via samba wrote: > >>>> > >>>>But the file is not root:root - it's owned by uid 12477 and group > >>>>9006. Why is Samba getting the wrong owner/group for this file? > >>> > >>>That is the core of your problem. What does the full debug level 10 > >>>log say around this message ? > >>> > >> > >>Nothing that I can see. > > > >That is not a helpful response to a request for debug info. > > > >Just sayin' :-) :-). > > > > No, it's not. Apologies. > > http://www.cv.nrao.edu/~jmalone/sambalog.txtLooking at that log I see: posix_get_nt_acl: called for file . canon_ace index 0. Type = allow SID = S-1-22-1-0 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx canon_ace index 1. Type = allow SID = S-1-22-2-0 gid 0 (root) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms r-x canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms r-x So it's the top-level directory of the share /data/test that is root.root rwxr-xr-x Can you check that ? The open request fails with: smbd_check_access_rights: file . requesting 0x40 returning 0x40 (NT_STATUS_ACCESS_DENIED) 0x40 is SEC_DIR_DELETE_CHILD, which is seeing if a file in that directory can be deleted. As you're not root, that open fails (you don't have 'w' access). Hope this helps.