Rowland Penny
2024-Jan-19 10:12 UTC
[Samba] Share access permission errors after upgrade from 4.12.14
On Tue, 16 Jan 2024 23:28:24 +0000 unraidster via samba <samba at lists.samba.org> wrote:> On Tuesday, 16 January 2024 at 09:46, Rowland Penny via samba > <samba at lists.samba.org> wrote: > > > As far as I can see, unraid is based on slackware, so it should > > work. Is it possible to check the ownership & permissions set on > > /mnt/user/PrivateShare ? > > > > Is either apparmor or selinux running ? > > > > Rowland > > Thanks for the reply, I have included some responses below: > > The permissions set to /mnt/user/PrivateShare is: > > drwxrwx---+ 1 ur_admin ur-lab_access 4.0K May 24 2023 > PrivateShare/ > > There is an ACL set on that folder too: > > getfacl: Removing leading '/' from absolute path names > # file: mnt/user/PrivateShare/ > # owner: ur_admin > # group: ur-lab_access > user::rwx > user:ur-lab_access:rwx > user:ur-lab-privateshare-ro:r-x > user:ur-lab-privateshare-rw:rwx > group::rwx > group:ur_admin:rwx > group:ur-lab_access:rwx > group:ur-lab-privateshare-ro:r-x > group:ur-lab-privateshare-rw:rwx > mask::rwx > other::--- > default:user::rwx > default:user:ur_admin:rwx > default:user:ur-lab-privateshare-ro:r-x > default:user:ur-lab-privateshare-rw:rwx > default:group::--- > default:group:ur_admin:rwx > default:group:ur-lab_access:--- > default:group:ur-lab-privateshare-ro:r-x > default:group:ur-lab-privateshare-rw:rwx > default:mask::rwx > default:other::--- > > > The rwuser is a member of the ur-lab-privateshare-rw group. I noticed > that there are two groups (ur-lab-privateshare-ro and > ur-lab-privateshare-rw) setup with a user and a group permission in > the ACL. I retested after removing both groups' user permission > (leaving the intended group ACL entry for each group) and still > received the same error. The non-updated-IDMAP configuration I > started the thread with did not have a duplicate user ACL for the > groups and therefore I suspect it isn?t contributing to this issue. > > apparmor: I tried the following commands to see if apparmor was > enabled: cat /sys/module/apparmor/parameters/enabled > sudo apparmor_status > > Neither returned a result. > > Selinux: I tried the following commands to see if selinux was enabled: > sudo getenforce > sudo sestatus > > Neither returned a result. > > Therefore, I suspect that apparmor and selinux are not > installed/enabled. > > Best Regards, > Unraidster >Sorry to be so long in replying to this, but life got in the way. You initially had an incorrect smb.conf and you changed it, but by doing so you will have changed the user & group IDs, not their names, the numbers. You will probably need to change the user & group ownership of all directories & files and run 'net cache flush' as root. You also say this is on a computer running unraid, did your initial smb.conf come from just clicking things on a 'web page' on your unraid box ? Rowland
Rowland Penny
2024-Jan-19 10:41 UTC
[Samba] Share access permission errors after upgrade from 4.12.14
On Fri, 19 Jan 2024 10:12:12 +0000 Rowland Penny via samba <samba at lists.samba.org> wrote:> On Tue, 16 Jan 2024 23:28:24 +0000 > unraidster via samba <samba at lists.samba.org> wrote: > > > On Tuesday, 16 January 2024 at 09:46, Rowland Penny via samba > > <samba at lists.samba.org> wrote: > > > > > As far as I can see, unraid is based on slackware, so it should > > > work. Is it possible to check the ownership & permissions set on > > > /mnt/user/PrivateShare ? > > > > > > Is either apparmor or selinux running ? > > > > > > Rowland > > > > Thanks for the reply, I have included some responses below: > > > > The permissions set to /mnt/user/PrivateShare is: > > > > drwxrwx---+ 1 ur_admin ur-lab_access 4.0K May 24 2023 > > PrivateShare/ > > > > There is an ACL set on that folder too: > > > > getfacl: Removing leading '/' from absolute path names > > # file: mnt/user/PrivateShare/ > > # owner: ur_admin > > # group: ur-lab_access > > user::rwx > > user:ur-lab_access:rwx > > user:ur-lab-privateshare-ro:r-x > > user:ur-lab-privateshare-rw:rwx > > group::rwx > > group:ur_admin:rwx > > group:ur-lab_access:rwx > > group:ur-lab-privateshare-ro:r-x > > group:ur-lab-privateshare-rw:rwx > > mask::rwx > > other::--- > > default:user::rwx > > default:user:ur_admin:rwx > > default:user:ur-lab-privateshare-ro:r-x > > default:user:ur-lab-privateshare-rw:rwx > > default:group::--- > > default:group:ur_admin:rwx > > default:group:ur-lab_access:--- > > default:group:ur-lab-privateshare-ro:r-x > > default:group:ur-lab-privateshare-rw:rwx > > default:mask::rwx > > default:other::--- > > > > > > The rwuser is a member of the ur-lab-privateshare-rw group. I > > noticed that there are two groups (ur-lab-privateshare-ro and > > ur-lab-privateshare-rw) setup with a user and a group permission in > > the ACL. I retested after removing both groups' user permission > > (leaving the intended group ACL entry for each group) and still > > received the same error. The non-updated-IDMAP configuration I > > started the thread with did not have a duplicate user ACL for the > > groups and therefore I suspect it isn?t contributing to this issue. > > > > apparmor: I tried the following commands to see if apparmor was > > enabled: cat /sys/module/apparmor/parameters/enabled > > sudo apparmor_status > > > > Neither returned a result. > > > > Selinux: I tried the following commands to see if selinux was > > enabled: sudo getenforce > > sudo sestatus > > > > Neither returned a result. > > > > Therefore, I suspect that apparmor and selinux are not > > installed/enabled. > > > > Best Regards, > > Unraidster > > > > Sorry to be so long in replying to this, but life got in the way. > > You initially had an incorrect smb.conf and you changed it, but by > doing so you will have changed the user & group IDs, not their names, > the numbers. You will probably need to change the user & group > ownership of all directories & files and run 'net cache flush' as > root. > > You also say this is on a computer running unraid, did your initial > smb.conf come from just clicking things on a 'web page' on your unraid > box ? > > Rowland > >So, I took a wander over to the unraid community forum and found a post which seems to say that this problem has been going on for nearly a year, is this correct ? I was hoping to possibly find a link to the source, but couldn't find one, so I have no idea just what the default smb.conf is. Rowland
Maybe Matching Threads
- Share access permission errors after upgrade from 4.12.14
- Share access permission errors after upgrade from 4.12.14
- Share access permission errors after upgrade from 4.12.14
- Share access permission errors after upgrade from 4.12.14
- Share access permission errors after upgrade from 4.12.14