[Samba] Samba Permissions Problem

Robert Steinmetz rob at steinmetznet.com
Sat Jan 23 17:38:16 MST 2010 

On 1/22/2010 4:23 PM, Dale Schroeder wrote:
> On 01/22/2010 3:25 PM, Robert Steinmetz AIA wrote:
>> Dale Schroeder wrote:
>>> On 01/21/2010 3:08 PM, Robert Steinmetz AIA wrote:
>>>> I need help understanding what is happening and trouble shooting.
>>>>
>>>> I have two servers running Samba 2.3.3, one as a Domain Controller 
>>>> one as a Member Server. Both are running Ubuntu 8.10. smbd, nmbd 
>>>> and winbindd using the tdb back end are running on both.
>>>>
>>>> I have two shares on the member server and as far as I can tell 
>>>> they are identical. [Projects] works as expected but [Windows] 
>>>> always asks for a login name even though the smb.conf entries for 
>>>> both are are the same. If I comment out the "force group" in 
>>>> [Windows] users can access the share but there are errors writing 
>>>> and creating files. If I create a new share it acts as the 
>>>> [Windows] share.
>>>>
>>>> Here are the share definitions and a list of the files in the 
>>>> directory;
>>>>
>>>> [Projects]
>>>>        Comment = Project Files
>>>>        path = /files/Lucretia/Projects
>>>>        writeable = yes
>>>>        browseable = yes
>>>>        create mask = 0764
>>>>        directory mask = 0775
>>>>        force group = "ATLANTA\domain users"
>>>>
>>>> [Windows]
>>>>        comment = Atlanta Windows Files
>>>>        path = /files/Lucretia/Windows
>>>>        browseable = yes
>>>>        writeable = yes
>>>>        create mask = 0764
>>>>        directory mask = 0775
>>>>        force group = "ATLANTA\domain users"
>>>>
>>>>
>>>> root at louise:/files/Lucretia# ls -l
>>>> total 66
>>>> drwxrwsr-x   2 root          10001    48 2008-07-17 03:17 Arris
>>>> -rw-r-Sr--   1 root          10001  5952 2008-07-17 04:25 list
>>>> drwxrwsr-x  74 ATLANTA\rob   10001 17040 2009-12-17 15:25 Office
>>>> drwxrwsr-x  67 rob           10001 14456 1969-12-31 19:00 Office.orig
>>>> drwxrwsr-x  51 ATLANTA\trish 10001  4528 2010-01-14 14:26 Projects
>>>> drwxrwsr-x   8 ATLANTA\rob   10001   400 2009-07-10 15:52 Sigma
>>>> drwxrwsr-x   6 rob           10001   304 2008-07-17 02:50 Sigma.old
>>>> drwxrws*r-x* 314 ATLANTA\trish 10001 24280 2010-01-13 09:49 Windows
>>>>
>>>> Testparm shows no problems although it does rearrange the share 
>>>> definitions somewhat.
>>>>
>>>> The problem must be in windows permissions but I don't know how to 
>>>> check them, especially since I have only ssh access because the 
>>>> site is remote. I have to rely on local users for testing.
>>>>
>>>> How can I get a list of ATLANTA\domain admin group users?
>>>>
>>>> How can I change the permissions?
>>>
>>> Any possibility of acl's, especially default acl's?
>>>
>>> getfacl /files/Lucretia/Projects
>>> getfacl /files/Lucretia/Windows
>>>
>> Looks like not;
>>
>> root at louise:/etc/samba# getfacl /files/Lucretia/Projects
>> getfacl: Removing leading '/' from absolute path names
>> # file: files/Lucretia/Projects
>> # owner: ATLANTA\134trish
>> # group: 10001
>> user::rwx
>> group::rwx
>> other::r-x
>>
>> root at louise:/etc/samba# getfacl /files/Lucretia/Windows
>> getfacl: Removing leading '/' from absolute path names
>> # file: files/Lucretia/Windows
>> # owner: ATLANTA\134trish
>> # group: 10001
>> user::rwx
>> group::rwx
>> *other::rwx *
> If it's not a typo, it is odd that ls and getfacl return different 
> results for "other" in the "Windows" share
> ls = r-x
> getfacl = rwx
>
> Even if it's not a typo, it makes no sense that the share with the 
> most permissions is the one that's inaccessible.
> This is a strange one.
>
> Dale
>
>

I apparently changed the permissions between the two listings it is rwx 
for other now when I list the files in the directory.


drwxrwsrwx 290 ATLANTA\trish 10001 23576 2010-01-20 15:51 Windows

-- 
*Robert Steinmetz, AIA*
Principal
*Steinmetz & Associates*

More information about the samba mailing list