Hm, samba 4.11.2-13 is running on CentOS? 8. Im not really into CentOS/RH im more Debian/Ubuntu.. But I suggest you try this. Remove [homes] ( or keep it but add a new one. ) Setup [users] Path = /home browseable = yes read only = no Test again against that new share, but not with smbclient alone, setup a cifs mount and test and/or use a windows client pc. Preffered W10 or server 2016+ I think you hitted a bug here. In smbclient + [homes] But not sure yet. And increasing the loglevel might help in "seeing" where this is going wrong. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Dan > Egli via samba > Verzonden: woensdag 28 oktober 2020 10:37 > Aan: Marco Gaiarin; samba at lists.samba.org > Onderwerp: Re: [Samba] odd issue with permisions > > On 10/28/2020 3:31 AM, Marco Gaiarin via samba wrote: > > Mandi! Dan Egli via samba > > In chel di` si favelave... > > > >> Why on earth would samba even CARE about group permissions > when user > >> permissions are perfectly fine? Help me fix this? > > Consider that, if POSIX ACL are enabled on this FS, the group > > permission are considered as a 'mask' for all ACL, with > unpredictable > > result (no, they are predictable, only very confusing ;-). > > > > Use 'getfacl' to look at ACL on dirs, and post here, please. > > > > Or try to remove ACLs (setfacl -bR) and retry. > > > I posted the getfacl output a minute or two ago. I tried killing any > ACLs with setfacl -bR and the result was identical. > NT_STATUS_ACCESS_DENIED > > Next idea? :) > > -- > Dan Egli > On my Test server > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On 28/10/2020 10:24, L.P.H. van Belle via samba wrote:> Hm, samba 4.11.2-13 is running on CentOS? 8. > Im not really into CentOS/RH im more Debian/Ubuntu.. > > But I suggest you try this. > > Remove [homes] ( or keep it but add a new one. ) > > Setup > [users] > Path = /home > browseable = yes > read only = no > > Test again against that new share, but not with smbclient alone, > setup a cifs mount and test and/or use a windows client pc. > Preffered W10 or server 2016+ > > I think you hitted a bug here. In smbclient + [homes] > But not sure yet. > > And increasing the loglevel might help in "seeing" where this is going wrong. > > > Greetz, > > Louis > > >OK, I feel this must be something at your end (selinux ???), it works for myself on Debian 10 running Samba 4.12.8 $ mkdir ~rowland/test1 $ chmod 700 ~rowland/test1 $ smbclient -U rowland //localhost/rowland Enter WORKGROUP\rowland's password: Try "help" to get a list of possible commands. smb: \> cd test1 smb: \test1\> put test1.txt putting file test1.txt as \test1\test1.txt (0.0 kb/s) (average 0.0 kb/s) My smb.conf: [global] ?? log file = /var/log/samba/log.%m ?? max log size = 1000 ?? logging = file ?? panic action = /usr/share/samba/panic-action %d ?? server role = standalone server ?? obey pam restrictions = yes ?? unix password sync = yes ?? passwd program = /usr/bin/passwd %u ?? passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . ?? pam password change = yes ?? map to guest = bad user ?? usershare allow guests = yes ?? vfs objects = acl_xattr ?? map acl inherit = yes ?? printing = CUPS [homes] ?? comment = Home Directories ?? browseable = no ?? read only = no ?? create mask = 0700 ?? directory mask = 0700 ?? valid users = %S [printers] ?? comment = All Printers ?? browseable = no ?? path = /var/spool/samba ?? printable = yes ?? create mask = 0700 [print$] ?? comment = Printer Drivers ?? path = /var/lib/samba/printers [demo] ??? path = /srv/samba/demo ??? read only = no Rowland
On 10/28/2020 5:02 AM, Rowland penny via samba wrote:> On 28/10/2020 10:24, L.P.H. van Belle via samba wrote: >> Hm, samba 4.11.2-13 is running on CentOS? 8. >> Im not really into CentOS/RH im more Debian/Ubuntu.. >> >> But I suggest you try this. >> >> Remove [homes]? ( or keep it but add a new one. ) >> >> Setup >> [users] >> ???? Path = /home >> ???? browseable = yes >> ???? read only = no >> >> Test again against that new share, but not with smbclient alone, >> setup a cifs mount and test and/or use a windows client pc. >> Preffered W10 or server 2016+ >> >> I think you hitted a bug here. In smbclient + [homes] >> But not sure yet. >> >> And increasing the loglevel might help in "seeing" where this is >> going wrong. >> >> >> Greetz, >> >> Louis >> >> >> > OK, I feel this must be something at your end (selinux ???), it works > for myself on Debian 10 running Samba 4.12.8 >It's not selinux because I have setenforce set to 0 right now: [root at jupiter2 ~]# getenforce Permissive Maybe I'll try your smb.conf, with a tweak because I don't want all created files to have the execute bit set. :) -- Dan Egli On my Test server -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 495 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20201028/906159b9/OpenPGP_signature.sig>
On 10/28/2020 5:02 AM, Rowland penny via samba wrote:> My smb.conf:And oddly enough, when I use your config it works just fine. So I have no clue what was wrong with it but it must have been a bug in my config somewhere. All I did was take yours, comment out all the shares but [homes] and change the create mask to 0600 instead of 0700. Guess I'll just keep the working config. Thanks! -- Dan Egli On my Test server -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 495 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20201028/e8209cd9/OpenPGP_signature.sig>