Hm, samba 4.11.2-13 is running on CentOS? 8.
Im not really into CentOS/RH im more Debian/Ubuntu..
But I suggest you try this.
Remove [homes] ( or keep it but add a new one. )
Setup
[users]
Path = /home
browseable = yes
read only = no
Test again against that new share, but not with smbclient alone,
setup a cifs mount and test and/or use a windows client pc.
Preffered W10 or server 2016+
I think you hitted a bug here. In smbclient + [homes]
But not sure yet.
And increasing the loglevel might help in "seeing" where this is going
wrong.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Dan
> Egli via samba
> Verzonden: woensdag 28 oktober 2020 10:37
> Aan: Marco Gaiarin; samba at lists.samba.org
> Onderwerp: Re: [Samba] odd issue with permisions
>
> On 10/28/2020 3:31 AM, Marco Gaiarin via samba wrote:
> > Mandi! Dan Egli via samba
> > In chel di` si favelave...
> >
> >> Why on earth would samba even CARE about group permissions
> when user
> >> permissions are perfectly fine? Help me fix this?
> > Consider that, if POSIX ACL are enabled on this FS, the group
> > permission are considered as a 'mask' for all ACL, with
> unpredictable
> > result (no, they are predictable, only very confusing ;-).
> >
> > Use 'getfacl' to look at ACL on dirs, and post here, please.
> >
> > Or try to remove ACLs (setfacl -bR) and retry.
> >
> I posted the getfacl output a minute or two ago. I tried killing any
> ACLs with setfacl -bR and the result was identical.
> NT_STATUS_ACCESS_DENIED
>
> Next idea? :)
>
> --
> Dan Egli
> On my Test server
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
On 28/10/2020 10:24, L.P.H. van Belle via samba wrote:> Hm, samba 4.11.2-13 is running on CentOS? 8. > Im not really into CentOS/RH im more Debian/Ubuntu.. > > But I suggest you try this. > > Remove [homes] ( or keep it but add a new one. ) > > Setup > [users] > Path = /home > browseable = yes > read only = no > > Test again against that new share, but not with smbclient alone, > setup a cifs mount and test and/or use a windows client pc. > Preffered W10 or server 2016+ > > I think you hitted a bug here. In smbclient + [homes] > But not sure yet. > > And increasing the loglevel might help in "seeing" where this is going wrong. > > > Greetz, > > Louis > > >OK, I feel this must be something at your end (selinux ???), it works for myself on Debian 10 running Samba 4.12.8 $ mkdir ~rowland/test1 $ chmod 700 ~rowland/test1 $ smbclient -U rowland //localhost/rowland Enter WORKGROUP\rowland's password: Try "help" to get a list of possible commands. smb: \> cd test1 smb: \test1\> put test1.txt putting file test1.txt as \test1\test1.txt (0.0 kb/s) (average 0.0 kb/s) My smb.conf: [global] ?? log file = /var/log/samba/log.%m ?? max log size = 1000 ?? logging = file ?? panic action = /usr/share/samba/panic-action %d ?? server role = standalone server ?? obey pam restrictions = yes ?? unix password sync = yes ?? passwd program = /usr/bin/passwd %u ?? passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . ?? pam password change = yes ?? map to guest = bad user ?? usershare allow guests = yes ?? vfs objects = acl_xattr ?? map acl inherit = yes ?? printing = CUPS [homes] ?? comment = Home Directories ?? browseable = no ?? read only = no ?? create mask = 0700 ?? directory mask = 0700 ?? valid users = %S [printers] ?? comment = All Printers ?? browseable = no ?? path = /var/spool/samba ?? printable = yes ?? create mask = 0700 [print$] ?? comment = Printer Drivers ?? path = /var/lib/samba/printers [demo] ??? path = /srv/samba/demo ??? read only = no Rowland
On 10/28/2020 5:02 AM, Rowland penny via samba wrote:> On 28/10/2020 10:24, L.P.H. van Belle via samba wrote: >> Hm, samba 4.11.2-13 is running on CentOS? 8. >> Im not really into CentOS/RH im more Debian/Ubuntu.. >> >> But I suggest you try this. >> >> Remove [homes]? ( or keep it but add a new one. ) >> >> Setup >> [users] >> ???? Path = /home >> ???? browseable = yes >> ???? read only = no >> >> Test again against that new share, but not with smbclient alone, >> setup a cifs mount and test and/or use a windows client pc. >> Preffered W10 or server 2016+ >> >> I think you hitted a bug here. In smbclient + [homes] >> But not sure yet. >> >> And increasing the loglevel might help in "seeing" where this is >> going wrong. >> >> >> Greetz, >> >> Louis >> >> >> > OK, I feel this must be something at your end (selinux ???), it works > for myself on Debian 10 running Samba 4.12.8 >It's not selinux because I have setenforce set to 0 right now: [root at jupiter2 ~]# getenforce Permissive Maybe I'll try your smb.conf, with a tweak because I don't want all created files to have the execute bit set. :) -- Dan Egli On my Test server -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 495 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20201028/906159b9/OpenPGP_signature.sig>
On 10/28/2020 5:02 AM, Rowland penny via samba wrote:> My smb.conf:And oddly enough, when I use your config it works just fine. So I have no clue what was wrong with it but it must have been a bug in my config somewhere. All I did was take yours, comment out all the shares but [homes] and change the create mask to 0600 instead of 0700. Guess I'll just keep the working config. Thanks! -- Dan Egli On my Test server -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 495 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20201028/e8209cd9/OpenPGP_signature.sig>