[Samba] Linux Mint 21.3 client AD joined OK but no usb working

Rowland Penny rpenny at samba.org
Wed Mar 27 18:13:16 UTC 2024 

On Wed, 27 Mar 2024 14:45:03 -0300
"Douglas G. Oechsler via samba" <samba at lists.samba.org> wrote:

> Em qua., 27 de mar. de 2024 às 14:34, Rowland Penny via samba <
> samba at lists.samba.org> escreveu:
> 
> > On Wed, 27 Mar 2024 14:09:52 -0300
> > "Douglas G. Oechsler" <doguibnu at gmail.com> wrote:
> >
> > > > > The pendrive is plugged
> > > > >
> > > > > /media$ ls -l
> > > > > total 4
> > > > > drwxr-x---+ 4 root root 4096 mar 27 08:59 douglas-ti
> > > > > 70920 at douglas-note:/media$
> > > >
> > > > That on the face of it is only allowing the 'root' user full
> > > > permissions on the directory 'douglas-ti' (which I take it the
> > > > USB drive) and members of the 'root' group, read and
> > > > enter/traverse. There is however the '+' sign on the end of
> > > > permissions, which signifies that there is an EA in use, so
> > > > what does 'getfacl /media' show ?
> > > >
> > > > Rowland
> > > >
> > > > It shows:
> > > >
> > >
> > > 70920 at douglas-note:/$ getfacl media
> > > # file: media
> > > # owner: root
> > > # group: root
> > > user::rwx
> > > group::r-x
> > > other::r-x
> > >
> > >
> >
> > That shows that anyone can traverse the /media directory to get to
> > the USB drives below it.
> >
> > What I didn't notice was that you gave me the permissions for the
> > USB drive directory ( I asked for 'ls -l /media', you cd'ed into
> > /media,ran 'ls -l' and gave me the permissions of the USB drive
> > directory)
> >
> > I am sorry!
> 
> 
> 
> > So can you know give me the output of 'getfacl /media/douglas-ti'
> >
> >
> 70920 at douglas-note:~$ getfacl /media/douglas-ti
> # file: media/douglas-ti
> # owner: root
> # group: root
> user::rwx
> user:douglas-ti:r-x
> group::---
> mask::r-x
> other::---
> 

OK, there doesn't seem to be anything stopping the user 'douglas-ti'
reading & traversing to the USB drive.

In an attempt to understand this, I plugged in a USB drive and guess
what, I am in the same place, I can read and traverse the drive, but I
cannot write to it.

Now thinking about apparmor, could this be stopping writing to the
drive ?

 
> 
> Rowland
> >
> > PS can you please stop CC'ing me, just reply to the list.
> >
> 
> Right, sorry

No problem, it just makes things easier for me.

Rowland

More information about the samba mailing list