[Samba] Share access permission errors after upgrade from 4.12.14

Rowland Penny rpenny at samba.org
Fri Jan 19 10:12:12 UTC 2024 

On Tue, 16 Jan 2024 23:28:24 +0000
unraidster via samba <samba at lists.samba.org> wrote:

> On Tuesday, 16 January 2024 at 09:46, Rowland Penny via samba
> <samba at lists.samba.org> wrote:
> 
> > As far as I can see, unraid is based on slackware, so it should
> > work. Is it possible to check the ownership & permissions set on
> > /mnt/user/PrivateShare ?
> >
> > Is either apparmor or selinux running ?
> >
> > Rowland
> 
> Thanks for the reply, I have included some responses below:
> 
> The permissions set to /mnt/user/PrivateShare is:
> 
> 	drwxrwx---+ 1 ur_admin   ur-lab_access 4.0K May 24  2023
> PrivateShare/
> 
> There is an ACL set on that folder too:
> 
> 	getfacl: Removing leading '/' from absolute path names
> 	# file: mnt/user/PrivateShare/
> 	# owner: ur_admin
> 	# group: ur-lab_access
> 	user::rwx
> 	user:ur-lab_access:rwx
> 	user:ur-lab-privateshare-ro:r-x
> 	user:ur-lab-privateshare-rw:rwx
> 	group::rwx
> 	group:ur_admin:rwx
> 	group:ur-lab_access:rwx
> 	group:ur-lab-privateshare-ro:r-x
> 	group:ur-lab-privateshare-rw:rwx
> 	mask::rwx
> 	other::---
> 	default:user::rwx
> 	default:user:ur_admin:rwx
> 	default:user:ur-lab-privateshare-ro:r-x
> 	default:user:ur-lab-privateshare-rw:rwx
> 	default:group::---
> 	default:group:ur_admin:rwx
> 	default:group:ur-lab_access:---
> 	default:group:ur-lab-privateshare-ro:r-x
> 	default:group:ur-lab-privateshare-rw:rwx
> 	default:mask::rwx
> 	default:other::---
> 
> 
> The rwuser is a member of the ur-lab-privateshare-rw group. I noticed
> that there are two groups (ur-lab-privateshare-ro and
> ur-lab-privateshare-rw) setup with a user and a group permission in
> the ACL. I retested after removing both groups' user permission
> (leaving the intended group ACL entry for each group) and still
> received the same error. The non-updated-IDMAP configuration I
> started the thread with did not have a duplicate user ACL for the
> groups and therefore I suspect it isn’t contributing to this issue.
> 
> apparmor: I tried the following commands to see if apparmor was
> enabled: cat /sys/module/apparmor/parameters/enabled
> 	sudo apparmor_status
> 
> 	Neither returned a result.
> 
> Selinux: I tried the following commands to see if selinux was enabled:
> 	sudo getenforce
> 	sudo sestatus
> 
> 	Neither returned a result.
> 
> Therefore, I suspect that apparmor and selinux are not
> installed/enabled.
> 
> Best Regards,
> Unraidster
> 

Sorry to be so long in replying to this, but life got in the way.

You initially had an incorrect smb.conf and you changed it, but by
doing so you will have changed the user & group IDs, not their names,
the numbers. You will probably need to change the user & group
ownership of all directories & files and run 'net cache flush' as root.

You also say this is on a computer running unraid, did your initial
smb.conf come from just clicking things on a 'web page' on your unraid
box ?

Rowland

More information about the samba mailing list