[Samba] folder permissions with Windows client, Samba server
Jim Salter
jim at jrs-s.net
Wed Mar 10 12:12:17 MST 2010
Hi list -
I've been using Samba since 2.x in the early 2000's, and a papercut I
had eight years ago still plagues me today - when anyone on a Windows
client right-clicks a folder on a Samba share and tries to view or
change its permissions, it doesn't work right. The folder appears to
have no permissions enabled for owner, group, or world (regardless of
what the permissions actually are - and in fact, the Windows user can
modify the folder or files in it without difficulty). Worse, if the
Windows user attempts to SET permissions on the folder, the folder will
end up with a completely different (and generally completely unusable)
set of permissions; chmod 700 and chown root, if I recall correctly - so
then the hapless user who tried to set permissions on a folder that he
or she could access just fine is locked out of that folder completely
until someone shells into the Samba server and resets permissions from
the command line.
I have seen this exact behavior on Samba 2.x / FreeBSD 4.x, 5.x, and
6.x, both with and without ACLs enabled on the underlying filesystem,
and just this week when I set up a Samba 3.4.0 server from the Ubuntu
9.10 repositories, successfully joined it to a Windows 2003 domain with
Kerberos working and Winbind mapping UIDs and GIDs properly... I STILL
had the problem with the Windows GUI for setting folder permissions not
mapping correctly!
Is this something I just have to live with, or is there something I
don't understand about configuring Samba that would avoid this issue?
The smb.conf for the Ubuntu server I mentioned just now is unchanged
from the default conf file shipping from the repository, with these
exceptions:
####### Authentication #######
security = ads
realm = DOMAIN.LOCAL
password server = 192.168.1.20
# note that workgroup is the 'short' domain name
workgroup = DOMAIN
# winbind separator = +
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%D/%U
template shell = /bin/bash
client use spnego = yes
client ntlmv2 auth = yes
encrypt passwords = yes
winbind use default domain = yes
restrict anonymous = 2
[smbshare]
comment = root of the Samba-accessible data storage
read only = no
writeable = yes
path = /data/smbshare
guest ok = no
More information about the samba
mailing list