[Samba] Mac OSX breaking POSIX rights with SMB/CIFS

Mon Jul 18 10:42:43 GMT 2005

hi folks,

to sum up:

MS confirmed this as a bug and wants to "solve it as soon as possible" 
*twinker*

greez


Michael Gasch wrote:
> [UPDATE]
> 
> i'm no able to specify our problem i little bit more:
> 
> the problem only occurs with MS Office Word for Mac OSX (version X and 
> 2004; recent patches)
> 
> 1) create a new document (word doc) in a "share" (e.g. points to 
> /data/share) with MacOSX
> 
> 2) access a share, which is located *above* "share" (e.g. points to 
> /data) with MacOSX
> 
> 3) modify the document and save
> 
> => at this moment, the document gets weird group ownerships (no matter 
> if you work with force group or sgid bit on directories)
> 
> we could see the following group ownerships on different server systems:
> 
> NT 4.0 -> group is set to group from superior share (e.g. /data); 
> inheritance of other groups is not honored
> 
> samba v3 -> group is set to something totally different; neither the 
> group of /data nor /data/share nor the given group in "force group" - 
> parameters
> 
> win2k3 server -> group is set to group from superior share (e.g. /data); 
> inheritance of other groups is not honored
> 
> we think this is a bug
> we could not see anything in a trace on the coresponding samba process 
> nor in an ethereal dump - of course i'm willing to provide you with our 
> dumps
> 
> it would be nice, if you would assist us and try to reproduce this 
> behaviour!
> 
> man thanks in advance
> 
> Michael Gasch wrote:
> 
>> hi list,
>>
>> we recently saw the following weird behaviour on samba v3.0.13 with 
>> MacOSX panther and tiger as clients
>>
>> --setup--
>>
>> [share1]
>> path = /data
>> valid users = @admins
>> force user = administrator
>> inherit permissions = yes
>> force create mode = 770
>> force directory mode = 2770
>>
>> [share2]
>> path = /data/folder
>> valid users = @noadmins
>> force user = administrator
>> inherit permissions = yes
>> force create mode = 770
>> force directory mode = 2770
>>
>> where:
>>
>> /data        administrator.admins        rwxrwsr-x
>> /data/folder    administrator.noadmins        rwxrws---
>>
>> members of @admins are also members of @noadmins
>>
>> --setup--
>>
>> if you connect from MaxOSX (smb/cifs) to share2 and create a file the 
>> file looks like
>>
>> /data/folder/new.txt    administrator.noadmins        rwxrwx---
>>
>> if you connect now from MaxOSX (smb/cifs) to share1 and create a file 
>> in /data/folder the file looks like
>>
>> /data/folder/new2.txt    administrator.*admins*        rwxrwx---
>>
>> even if you modify new.txt and save it it gets this group change 
>> (noadmins->admins) - so nobody from noadmins is able to modify those 
>> files anymore :(
>>
>> we were able to reproduce this on a windows NT fileserver in the same 
>> setup (of course with equivalent NTFS/share rights)
>>
>> if you follow this procedure with a windows client everything looks 
>> like it should:
>>
>> all files/dirs in /data/folder/ get rwxrwx--- (or rwxrws--- for dirs) 
>> and administrator.noadmins as the owners
>>
>> can you help us? could you please try to reproduce this?
>> we have to use minimum acls because we use netatalk also which doesn't 
>> understand ext. acls!
>>
>> thx in advance
>>
> 
> 


-- 
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution
Deutscher Platz 6
D-04103 Leipzig
Germany

Phone: 49 (0)341 - 3550 137