[Samba] 'x' bit always set?

NdK ndk.clanbo at gmail.com
Mon Jul 30 01:40:34 MDT 2012 

Hello all.

Seems I can't find the root cause of $subj.

When I store a file on my "home", it gets chmodded ugo+x ...

My smb.conf is:
-8<--
[global]
        workgroup = PERSONALE
        realm  = PERSONALE.EXAMPLE.COM
        server string = Local shares
        netbios name = STR00160-SAMBA
        security = ADS
        encrypt passwords = true
        password server = personale.example.com
        log file = /var/log/samba/log.%m
        log level = 0
        max log size = 50
        socket options = TCP_NODELAY SO_RCVBUF=32768 SO_SNDBUF=32768
        local master = No
        dns proxy = No
        wins server = 192.168.25.77

        # Fixes instability of name resolution (gid-to-name)
        client schannel = no

        # Unix extensions give troubles with permissions from Macs
        unix extensions = no
        wide links = no

        # We need a local user for str00160-web and backup
        auth methods = guest sam winbind:ntdomain

        winbind enum users = No
        winbind enum groups = No
        winbind offline logon = Yes
        winbind nested groups = Yes
        winbind normalize names = Yes
        winbind refresh tickets = Yes
        winbind use default domain = yes

	# Catch other domains
        idmap backend = tdb
        idmap uid = 10000-99999
        idmap gid = 10000-99999
        idmap config PERSONALE : backend = rid
        idmap config PERSONALE : base_rid  = 500
        idmap config PERSONALE : range = 100000 - 49999999
        idmap config STUDENTI : backend = rid
        idmap config STUDENTI : base_rid  = 500
        idmap config STUDENTI : range = 50000000 - 99999999
        template homedir = /srv/shared/%D/%U

        # Don't show a "printers" icon when browsing the server
        show add printer wizard = no
        load printers = no
        printing = bsd
        printcap name = /dev/null
        disable spoolss = yes

[homes]
    comment = Home Directories

    # Standard options for homes
    browseable = no
    read only = no
    create mask = 0600
    directory mask = 0711

    # Fix reported capacity
    block size = 4096

    # Use ACL to store attributes
    acl group control = Yes
    inherit acls = Yes
    store dos attributes = yes
    dos filemode = yes

    # I want users to be able to sare their data...
    #valid users = %D\%S
    path = /srv/shared/%D/%S

    # Equivalent of pam_mkhomedir, but more versatile
    root preexec = /opt/checklogon '%S' '%H' '%u' '%P' '%D' '%U'
-8<--

The underlying fs supports acls and xattrs:
/dev/sdb1 on /srv/shared type xfs (rw,acl,user_xattr,quota)

# getfacl /srv/shared/PERSONALE/diego.zuccato/
getfacl: Removing leading '/' from absolute path names
# file: srv/shared/PERSONALE/diego.zuccato/
# owner: diego.zuccato
# group: 100013
# flags: s--
user::rwx
user:str00160-backup:rw-        #effective:---
group::rwx                      #effective:--x
mask::--x
other::--x
default:user::rwx
default:user:diego.zuccato:rwx
default:group::--x
default:group:100013:--x
default:mask::rwx
default:other::---

Another strange thing is that, with this last command, it stopped
resolving 100013 to PERSONALE\domain_users ... any possible reason? I
can see
[2012/07/30 09:29:23.572740,  0]
winbindd/winbindd_ads.c:1039(lookup_groupmem)
  ads_ranged_search failed with: Invalid DN syntax
in log.wb-PERSONALE .

Before that, it was correctly resolved:
# id diego.zuccato
uid=108036(diego.zuccato) gid=100013(domain_users)
gruppi=100013(domain_users),[...]
but now:
# id diego.zuccato
uid=108036(diego.zuccato) gid=100013 gruppi=100013,[...]

Before I added "client schannel = no" it happened randomly and quite
frequently.

The domain is M$ AD. Samba is 3.5.6 .

Tks,
 Diego.

More information about the samba mailing list