similar to: dos filemode (security concern)

Hello, After an upgrade to samba 3.5.8 (from 3.2.5) the option 'dos filemode' does not seem to work anymore. If I (as a user) do not own the file I can't change permissions. I am user 'felix' and member of supplementary group 'Development'. To test things I use the following share definition: [Temp] path = /srv/samba/file-shares/tmp browseable =

Hi, I have a share (testshare) where different unix groups (testgroup1, testgroup2) should have access to. But I want that new files are only created with 660 permissions. Here are the ACL's of testshare: # file: testshare # owner: ralfgro # group: ve user::rwx group::rwx group:testgroup1:rwx group:testgroup2:rwx mask::rwx other::--- default:user::rwx default:group::---

Hi folks, I'm trying to set up a share with samba 2.2.8a (SuSE SLES 8) with ACL support and winbind where every user with write access to a file should be able to change the permissions of that file. According to the man page "dos filemode = yes" should do it - but not for me. It seems that this param is doing nothing at all. I'm I dump ?? What could be wrong here ??

According to the smb.conf man page, the "dos filemode" parameter will allow a user who is not the owner of a file to affect permissions changes on a file or folder provided he has write access to that object. This does not appear to be the case. Users with write access via user or group ACEs receive an "Access denied" error when attempting to make ACL changes via windows,

dear all, switching from 3.0.22 to 3.023b, we can't get the parameter "dos filemode" to work (giving members of a group with full control the ability to change the acl's). in previous versions we were using "acl group control" which served well (now marked deprecated). the share section of smb.conf is: [test] comment = testshare path = /media/samba/test public =

Hi, I'm using the "dos filemode" option to get Windows like acl handling. Now I noticed the following line: "Note that a user belonging to the group owning the file will not be allowed to change permissions if the group is only granted read access" Is there anyway to achive this so the group can change permissions even when the group has read-only rights? This is exacly

Classification: NOT PROTECTIVELY MARKED Solaris 9 Samba 3.4.5 I know this isn't the sort of query that gets much response but I'd be really grateful of any advice people can offer. I'm getting really fed up with Samba as I've never been able to make it work properly. Either I'm missing something basic (probably) or it just doesn't behave in the way I think it should!

Dear all I struggle with a very annoying bug ! The problem is very simple to reproduce (NO Windows stuff needed, ONLY Linux !): 1. Samba 3.5.6 running on a Debian 6 (Squeeze) Server with following configuration: /etc/samba/smb.conf: security = user guest account = nobody map to guest = bad user null passwords = yes case sensitive = yes [myshare]

We have Fedora Core 2, samba-3.0.3-5, kernel 2.6.5 We set acl support in fstab We configured samba with acl support + openldap 2.1.29 as passwd backend. In a shared folder "testshare" we set the following directives: [testshare] comment = ...... path = /home/testshare read only = no nt acl support = yes create mask = 0700 directory mask = 0700 security mask = 0777 directory security

Hi, on our samba 4 domain member server we use the vfs objects module 'recycle'. Unfortunately we ran into a strange permission problem with deleted folders. The newly created folders in the recycle folder have the wrong permission. The deleted file(s) itself has the correct group (rw) permissions. The shares correct permissions: getfacl Papierkorb/ # file: Papierkorb/ # owner: root #

Hi! I created a Samba4 Demo Server to test AD functionality. Basically it's a Debian Wheezy machine with a manually compiled Samba4 (smbstatus -V: Version 4.1.0pre1-GIT-051a1a9) according to https://wiki.samba.org/index.php/Samba4/HOWTO but adjusted the paths to a more debian way. I can Manage the Server with the Windows Domain Utilities, add users, add groups, add Machines and so

Hello, i had to upgrade a server from 3.6 to 4.0.10. Now i have a problem had already i solved again. The problem is that a machines program is old and require dos filetime resolution = yes but i does not work with the new 4.0.10 [produktion] path=/home/filestore/produktion browseable = yes writable = yes # create mask = 0777 # directory mask = 0777 #

Would someone please tell me where I can find some good troubleshooting documents to resolve AD authentication issues when using Samba? Is this mailing list the best place? I was able to setup a working WINBIND-Samba setup on CentOS 7.6, but I am required to use SSSD on a different CentOS 7.6 server. Using a test VM, I can get services running, but I can't authenticate from a Mac or

Hi, I have a case where I only want to restrict access to SMB shares via filesystem permissions (and POSIX ACLs). Therefore, I do not want Samba to verify security in any way at the SMB level. If the filesystem/ACL permissions allow access to the shared directory, so should Samba. If the filesystem does not allow access to the filesystem, Samba should deny as well. I thought I had this

So, I have "working" builds of Samba 3.6.10, and 4.0.2 using the traditional build system on AIX, both built with XLC. For historical reasons, we're needing to use 'encrypt passwords = no', so that Samba uses the OS password. The odd thing, is, the 3.6.10 Samba works just fine, but the 4.0.2 doesn't allow connections. Here's the Samba config I'm using on both:

Hello, I have a performance problem when I don't connect using root and/or a user in the "admin users". Configuration: Samba 3.5.11 running on SLES11SP1. The share exported is on a GPFS filesystem and the GPFS vfs object is loaded(not loading it doesn't change the described behaviour) clients: Windows 7 and Windows 2008R2 all at latest update level. [testshare] comment

Thanks to all that have helped so far. I now have a test server running on Ubuntu 6.06 and Samba 3.0.22. I also configured ACL and user_xattr on the filesystem running the shares. But now I have very strange behavior that I hope someone has a clue about. User smith can open two files (foo.txt and faa.txt) with Notepad, Wordpad and Microsoft Word. The behavior for all three is different:

Hi ... When trying to migrate from samba3 to samba 4.2.2 I am facing a severe problem that bugs me for hours now. I cannot get a samba 4.2.2 fileserver to work with a samba 4.2.2 PDC as a domain member. My scenario: Samba 3 network. PDC and fileserver where Samba 3.6.25. LDAP backend. We can't move to AD right now so I wanted to move to the current 4.2.2 at least to do this step but to

I am confused (nothing new there ...). I have 2 Ubuntu 9.10 Samba servers. I am trying to mount a share from the other (i.e., "workhorse" is trying to mount a share on "dual-booter"). If I specify a smbmount command with a -k option, I can mount the share: turgon at workhorse:~$ klist Ticket cache: FILE:/tmp/krb5cc_1000 Default principal: turgon at DACRIB.LOCAL Valid starting

Hello, Our samba fileserver is a member of a Windows 2008R2 domain, and has different shares. These shares are set with a "read only = yes" and have an explicit "write list". This works as planned. But when an "read only" user opens a pdf with Adobe acrobat, the file gets DenyMode DENY_WRITE and the user who can edit the file can't save the document anymore.