gac
2019-Sep-06 10:12 UTC
[Samba] Change in behaviour for the "%U" substitution in 4.10.8?
I imagine the numeric UID is my old boss who left the company a few years ago, and by this point his account has been removed, not just disabled. The only thing contained by the DOMAIN directory is a home directory for each user, which is owned by them. So I don't _think_ this is the problem. The command you suggested returns: winbind_lookup_rids failed: WBC_ERR_DOMAIN_NOT_FOUND The ACLs are to allow --x access for the 'www-data' into users home directories for use with Apache+mod_userdir, and then r-x access for their www directory 6 Sep 2019, 10:52 by samba at lists.samba.org:> On 06/09/2019 10:34, gac wrote: > >> No problem - https://pastebin.com/G8pa3bdE >> > Please just post things like this in line ;-) > > root at server:/var/log/samba# ls -lad /shares > drwxr-xr-x 9 root root 4096 Jan 16? 2019 /shares # > > Owner:Group is root:root, but anybody can enter > > root at server:/var/log/samba# ls -lad /shares/DOMAIN > drwxr-xr-x+ 16 1106001204 employees 4096 Sep? 6 09:43 /shares/DOMAIN > > Why a number and not a username ? only the number can write, but anybody can enter and read > > But there are ACLs set, so what does 'getfacl /shares/DOMAIN' return ? > > root at server:/var/log/samba# ls -lad /shares/DOMAIN/username > drwxr-x---+ 32 username domain users 4096 Sep? 6 08:34 /shares/DOMAIN/username > > Only the user has full access, but Domain Users can enter and read, access from anyone else is denied > > But there are ACLs set, so what does 'getfacl /shares/DOMAIN/username' return ? > > I think your problem has a lot to do with '1106001204' not being resolved to a name, so who is it ? > > Can you check with 'wbinfo -R 1204' > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Rowland penny
2019-Sep-06 10:19 UTC
[Samba] Change in behaviour for the "%U" substitution in 4.10.8?
On 06/09/2019 11:12, gac wrote:> I imagine the numeric UID is my old boss who left the company a few > years ago, and by this point his account has been removed, not just > disabled. The only thing contained by the DOMAIN directory is a home > directory for each user, which is owned by them. So I don't _think_ > this is the problem. > > The command you suggested returns: > > winbind_lookup_rids failed: WBC_ERR_DOMAIN_NOT_FOUND > > The ACLs are to allow --x access for the 'www-data' into users home > directories for use with Apache+mod_userdir, and then r-x access for > their www directory >Try changing the ownership of /shares/DOMAIN to root What about the getfacl commands ? Rowland
gac
2019-Sep-06 10:33 UTC
[Samba] Change in behaviour for the "%U" substitution in 4.10.8?
I've now changed the ownership to root, as you suggest. I've removed the ACLs from /shares/DOMAIN - they don't need to be there as anyone can enter this directory already so there's no need for them. The ACLs on my individual home directory: root at server:/shares# getfacl /shares/DOMAIN/username getfacl: Removing leading '/' from absolute path names # file: shares/DOMAIN/username # owner: username # group: domain\040users user::rwx user:www-data:--x group::--- mask::r-x other::--- Still no joy, and the logs are still showing: canonicalize_connect_path failed for service username, path /shares/DOMAIN/domain_username Thanks for all your advice so far but I still don't believe this is a permissions problem, Samba is trying to access a directory which simply does not exist, and never has existed... 6 Sep 2019, 11:19 by samba at lists.samba.org:> On 06/09/2019 11:12, gac wrote: > >> I imagine the numeric UID is my old boss who left the company a few years ago, and by this point his account has been removed, not just disabled. The only thing contained by the DOMAIN directory is a home directory for each user, which is owned by them. So I don't _think_ this is the problem. >> >> The command you suggested returns: >> >> winbind_lookup_rids failed: WBC_ERR_DOMAIN_NOT_FOUND >> >> The ACLs are to allow --x access for the 'www-data' into users home directories for use with Apache+mod_userdir, and then r-x access for their www directory >> > Try changing the ownership of /shares/DOMAIN to root > > What about the getfacl commands ? > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Maybe Matching Threads
- Change in behaviour for the "%U" substitution in 4.10.8?
- Change in behaviour for the "%U" substitution in 4.10.8?
- Change in behaviour for the "%U" substitution in 4.10.8?
- Change in behaviour for the "%U" substitution in 4.10.8?
- Change in behaviour for the "%U" substitution in 4.10.8?