On 20/03/2023 16:58, Rowland Penny via samba wrote:>
>
> On 20/03/2023 16:22, Thomas Hoffmann (Speed4Trade GmbH) via samba wrote:
>> Hello,
>> I have problems removing the permission settings on a directory/folder
>> after configuration of a share.
>>
>> My folders look like:
>> /var/folder1/folder2/
>>
>> I created share1 on folder1 and share2 on folder2.
>> Afterwards, I activated ACLs and set permission on folder1 to
>> domain/group1 and on folder2 to domain/group2.
>>
>> I couldn't access share2 with a user from group2 and I figured out
>> that Samba doesn't support SeChangeNotifyPrivilege? (bypass
traverse
>> checking).
>
> According to 'net rpc rights list' it does, but it is described as
> 'Register for change notify', however, in previous documentation it
was
> described as 'Bypass traverse checking'. I do not know when the
> description changed or why.
>
>> Because user2 from group2 doesn't have any permissions on folder1,
the
>> user can't access folder2 and therefore can't access share2.
>>
>> So far, so good. I decided to remove share1 because it was only a
>> share for convenience. Afterwards I deleted the ACLs on folder1 with
>> "setfacl -bn /var/folder1/ "
>> Unfortunately, user2 still can't access share2. Somehow folder1 is
>> still blocking user2 to access folder2.
>> When I create folder2 somewhere else with the exact same settings,
>> everything works.
>> Does samba store some permissions at another place? How to tidy up the
>> settings on folder1 properly?
>> Any hints would be appreciated. Thanks!
>> I can provide smb-settings if needed.
>
> Please post the output of 'testparm -s' (sanitised if required) and
the
> permissions set on the share.
>
> Rowland
>
>
Then after a bit of investigation, I turned up this smb.conf parameter:
honor change notify privilege
Which by default is set to 'no', try adding the parameter but set to
'yes' i.e.
honor change notify privilege = yes
restart or reload Samba and see if that helps
You may also have to give the user the privilege using 'net'
Rowland