[Samba] User can delete file when they have no read/write access

Esben Laursen hyber at hyber.dk
Fri Jun 20 21:51:31 GMT 2003

Im haveing a problem with my profiles share on my Samba 2.2.3 PDC server.

I have a share like this: 

    path = /home/samba/profiles
    writeable = yes
    create mask = 0700
    directory mask = 0700
    browsable = no
    valid users = root, at smbusers

The roaming profile works just fine with windows2k, and the users can't read the other profiles (they get a "access denied" if they try to access another profile then their own) thats great, BUT they can delete the other profiles.
It aint only the profiles share but all files, and thats pretty much a problem here =)

Here is a ls of the profiles directory:

linux:/home/samba/profiles# ls -l
total 12
drwx------   14 emma     emma         4096 Jun 19 22:18 emma
drwx------   19 esben    esben        4096 Jun 17 20:00 esben
drwx------   14 root     root         4096 May 17 21:13 root

So the user esben cant read the emma folder but he can delete it witch is pretty bad =)

How can I fix this?

Kind Regards


Ps. Here is my [global] section:

    netbios name = linux2
    server string = Samba %v on %L
    workgroup = domain

add user script = /usr/sbin/useradd -d /dev/null -g nobody -s /bin/false -M %u

    os level = 65
    prefered master = yes
    domain master = yes
    local master = yes
    domain logons = yes
    time server = yes
    hide dot files = yes
    security = user
    guest ok = no
    invalid users = bin deamon sys man mail ftp
    admin users = @root
    domain admin group = root, at admins
    encrypt passwords = yes
    log level = 2
    log file = /var/log/samba/log.%L
    max log size = 1000
    debug timestamp = yes
    syslog = 1
    hosts allow = 192.168.1. 127. 62.79.110.

    ; user roaming profiles path
    logon path = \\%L\profiles\%u

    client codepage = 850
    valid chars = æ:Æ ø:Ø å:Å
    logon script = logon.bat

More information about the samba mailing list