[Samba] Clients can't write to group-writable files - plea for help
Jeremy Allison
jra at samba.org
Thu Nov 17 19:17:25 UTC 2016
On Wed, Nov 16, 2016 at 03:25:24PM -0500, Josh Malone wrote:
> On 11/16/16 3:17 PM, Jeremy Allison wrote:
> >On Wed, Nov 16, 2016 at 03:12:06PM -0500, Josh Malone via samba wrote:
> >>On 11/16/16 2:32 PM, Jeremy Allison via samba wrote:
> >>>>
> >>>>But the file is not root:root - it's owned by uid 12477 and group
> >>>>9006. Why is Samba getting the wrong owner/group for this file?
> >>>
> >>>That is the core of your problem. What does the full debug level 10
> >>>log say around this message ?
> >>>
> >>
> >>Nothing that I can see.
> >
> >That is not a helpful response to a request for debug info.
> >
> >Just sayin' :-) :-).
> >
>
> No, it's not. Apologies.
>
> http://www.cv.nrao.edu/~jmalone/sambalog.txt
Looking at that log I see:
posix_get_nt_acl: called for file .
canon_ace index 0. Type = allow SID = S-1-22-1-0 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx
canon_ace index 1. Type = allow SID = S-1-22-2-0 gid 0 (root) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms r-x
canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms r-x
So it's the top-level directory of the share
/data/test
that is root.root rwxr-xr-x
Can you check that ?
The open request fails with:
smbd_check_access_rights: file . requesting 0x40 returning 0x40 (NT_STATUS_ACCESS_DENIED)
0x40 is SEC_DIR_DELETE_CHILD, which is seeing if a file in that
directory can be deleted. As you're not root, that open fails
(you don't have 'w' access).
Hope this helps.
More information about the samba
mailing list