Thomas Hoffmann (Speed4Trade GmbH)
2023-Mar-20 16:22 UTC
[Samba] Cleanup permission settings / traverse folder
Hello, I have problems removing the permission settings on a directory/folder after configuration of a share. My folders look like: /var/folder1/folder2/ I created share1 on folder1 and share2 on folder2. Afterwards, I activated ACLs and set permission on folder1 to domain/group1 and on folder2 to domain/group2. I couldn't access share2 with a user from group2 and I figured out that Samba doesn't support SeChangeNotifyPrivilege (bypass traverse checking). Because user2 from group2 doesn't have any permissions on folder1, the user can't access folder2 and therefore can't access share2. So far, so good. I decided to remove share1 because it was only a share for convenience. Afterwards I deleted the ACLs on folder1 with "setfacl -bn /var/folder1/ " Unfortunately, user2 still can't access share2. Somehow folder1 is still blocking user2 to access folder2. When I create folder2 somewhere else with the exact same settings, everything works. Does samba store some permissions at another place? How to tidy up the settings on folder1 properly? Any hints would be appreciated. Thanks! I can provide smb-settings if needed.
On 20/03/2023 16:22, Thomas Hoffmann (Speed4Trade GmbH) via samba wrote:> Hello, > I have problems removing the permission settings on a directory/folder after configuration of a share. > > My folders look like: > /var/folder1/folder2/ > > I created share1 on folder1 and share2 on folder2. > Afterwards, I activated ACLs and set permission on folder1 to domain/group1 and on folder2 to domain/group2. > > I couldn't access share2 with a user from group2 and I figured out that Samba doesn't support SeChangeNotifyPrivilege (bypass traverse checking).According to 'net rpc rights list' it does, but it is described as 'Register for change notify', however, in previous documentation it was described as 'Bypass traverse checking'. I do not know when the description changed or why.> Because user2 from group2 doesn't have any permissions on folder1, the user can't access folder2 and therefore can't access share2. > > So far, so good. I decided to remove share1 because it was only a share for convenience. Afterwards I deleted the ACLs on folder1 with "setfacl -bn /var/folder1/ " > Unfortunately, user2 still can't access share2. Somehow folder1 is still blocking user2 to access folder2. > When I create folder2 somewhere else with the exact same settings, everything works. > Does samba store some permissions at another place? How to tidy up the settings on folder1 properly? > Any hints would be appreciated. Thanks! > I can provide smb-settings if needed.Please post the output of 'testparm -s' (sanitised if required) and the permissions set on the share. Rowland