A bug maybe; Write list access to Read only share; security = share?

[Tony Gaddis]

I posted this question on the samba list and after some discussion and
several more trials, I think I have a bug in either the documenation or in
the functionality.  Before posting the bug I wanted to post to the technical
list, to make sure.

I am running Samba 3.0.4 on a linux 2.4.26 kernel.

I am using "security = share".  I want to present three shares to the users,
Share - public read/write, Content - public read/controlled write list and
Secure - controlled read/write.
Listed at the message end are the relevant parts of my smb.conf.

Behavior seen:
-Public read/write access for Share (in the log you can see that user is
granted access as smbuser).
-On first access of Secure, user is prompted for a share username/password .
When a user presents a valid username and password, access is granted. (in
the log file you can see the user is granted access by username). Afterward
first access, the user is not prompted to re-enter username/password
(Windows remembers share password).
-For the CONTENT share, read access is granted (log shows granted access as
smbuser).  When a write (file copy) is attempted by someone with a valid
username/password (that is in smbpasswd file), the first attempt gets a
message "Invalid MS-DOS function". On the second and subsequent attempts the
message is "Access is denied". I would have expected that the write would
have caused the share grant to be re-evaluated and the user would be
prompted for a username/password on the first write access and after first
access, the user is not prompted to re-enter username/password (Windows
remembers share password).

I am pretty sure there is not a file permissions issue that causes this.  I
have done several experiments.  The valid username is a member of the group
for the share and the share has 777 permissions...

When I posted to the samba list, I got a response about how someone was
successful with security = user. When I tried that, a valid user (in
smbpasswd file) had the expected access. However, a "guest" user (not in
smbpasswd file) was prompted for a username/password for access to any
share. They were not granted access as guest.

So my conclusion was the either this is the correct behavior of samba and
there are issues in the documentation about how the Share-level access
options behave under the different security options (I have spent many hours
reading through the documentation and have not found any hint that this is
expected behavior). Or this is a functional bug.

Amazing program! and thanks
Tony Gaddis

smb.conf
[GLOBAL]
security = share
guest account = smbuser

[SHARE]
path = /mnt/win/Share
read onfiltered= no
guest ok = yes
guest only = yes

[CONTENT]
path = /mnt/win/Content
read only = yes
guest ok = yes
write list = ...

[SECURE]
path = /mnt/win/Secure
read only = no
valid users = ...