[Samba] Share access permission errors after upgrade from 4.12.14

unraidster unraidster at protonmail.com
Tue Jan 16 23:28:24 UTC 2024 

On Tuesday, 16 January 2024 at 09:46, Rowland Penny via samba <samba at lists.samba.org> wrote:

> As far as I can see, unraid is based on slackware, so it should work.
> Is it possible to check the ownership & permissions set on
> /mnt/user/PrivateShare ?
>
> Is either apparmor or selinux running ?
>
> Rowland

Thanks for the reply, I have included some responses below:

The permissions set to /mnt/user/PrivateShare is:

	drwxrwx---+ 1 ur_admin   ur-lab_access 4.0K May 24  2023 PrivateShare/

There is an ACL set on that folder too:

	getfacl: Removing leading '/' from absolute path names
	# file: mnt/user/PrivateShare/
	# owner: ur_admin
	# group: ur-lab_access
	user::rwx
	user:ur-lab_access:rwx
	user:ur-lab-privateshare-ro:r-x
	user:ur-lab-privateshare-rw:rwx
	group::rwx
	group:ur_admin:rwx
	group:ur-lab_access:rwx
	group:ur-lab-privateshare-ro:r-x
	group:ur-lab-privateshare-rw:rwx
	mask::rwx
	other::---
	default:user::rwx
	default:user:ur_admin:rwx
	default:user:ur-lab-privateshare-ro:r-x
	default:user:ur-lab-privateshare-rw:rwx
	default:group::---
	default:group:ur_admin:rwx
	default:group:ur-lab_access:---
	default:group:ur-lab-privateshare-ro:r-x
	default:group:ur-lab-privateshare-rw:rwx
	default:mask::rwx
	default:other::---


The rwuser is a member of the ur-lab-privateshare-rw group. I noticed that there are two groups (ur-lab-privateshare-ro and ur-lab-privateshare-rw) setup with a user and a group permission in the ACL. I retested after removing both groups' user permission (leaving the intended group ACL entry for each group) and still received the same error. The non-updated-IDMAP configuration I started the thread with did not have a duplicate user ACL for the groups and therefore I suspect it isn’t contributing to this issue.

apparmor: I tried the following commands to see if apparmor was enabled:
	cat /sys/module/apparmor/parameters/enabled
	sudo apparmor_status

	Neither returned a result.

Selinux: I tried the following commands to see if selinux was enabled:
	sudo getenforce
	sudo sestatus

	Neither returned a result.

Therefore, I suspect that apparmor and selinux are not installed/enabled.

Best Regards,
Unraidster

More information about the samba mailing list