[Samba] Mac OSX breaking POSIX rights with SMB/CIFS
Michael Gasch
gasch at eva.mpg.de
Mon Jul 18 10:42:43 GMT 2005
hi folks,
to sum up:
MS confirmed this as a bug and wants to "solve it as soon as possible"
*twinker*
greez
Michael Gasch wrote:
> [UPDATE]
>
> i'm no able to specify our problem i little bit more:
>
> the problem only occurs with MS Office Word for Mac OSX (version X and
> 2004; recent patches)
>
> 1) create a new document (word doc) in a "share" (e.g. points to
> /data/share) with MacOSX
>
> 2) access a share, which is located *above* "share" (e.g. points to
> /data) with MacOSX
>
> 3) modify the document and save
>
> => at this moment, the document gets weird group ownerships (no matter
> if you work with force group or sgid bit on directories)
>
> we could see the following group ownerships on different server systems:
>
> NT 4.0 -> group is set to group from superior share (e.g. /data);
> inheritance of other groups is not honored
>
> samba v3 -> group is set to something totally different; neither the
> group of /data nor /data/share nor the given group in "force group" -
> parameters
>
> win2k3 server -> group is set to group from superior share (e.g. /data);
> inheritance of other groups is not honored
>
> we think this is a bug
> we could not see anything in a trace on the coresponding samba process
> nor in an ethereal dump - of course i'm willing to provide you with our
> dumps
>
> it would be nice, if you would assist us and try to reproduce this
> behaviour!
>
> man thanks in advance
>
> Michael Gasch wrote:
>
>> hi list,
>>
>> we recently saw the following weird behaviour on samba v3.0.13 with
>> MacOSX panther and tiger as clients
>>
>> --setup--
>>
>> [share1]
>> path = /data
>> valid users = @admins
>> force user = administrator
>> inherit permissions = yes
>> force create mode = 770
>> force directory mode = 2770
>>
>> [share2]
>> path = /data/folder
>> valid users = @noadmins
>> force user = administrator
>> inherit permissions = yes
>> force create mode = 770
>> force directory mode = 2770
>>
>> where:
>>
>> /data administrator.admins rwxrwsr-x
>> /data/folder administrator.noadmins rwxrws---
>>
>> members of @admins are also members of @noadmins
>>
>> --setup--
>>
>> if you connect from MaxOSX (smb/cifs) to share2 and create a file the
>> file looks like
>>
>> /data/folder/new.txt administrator.noadmins rwxrwx---
>>
>> if you connect now from MaxOSX (smb/cifs) to share1 and create a file
>> in /data/folder the file looks like
>>
>> /data/folder/new2.txt administrator.*admins* rwxrwx---
>>
>> even if you modify new.txt and save it it gets this group change
>> (noadmins->admins) - so nobody from noadmins is able to modify those
>> files anymore :(
>>
>> we were able to reproduce this on a windows NT fileserver in the same
>> setup (of course with equivalent NTFS/share rights)
>>
>> if you follow this procedure with a windows client everything looks
>> like it should:
>>
>> all files/dirs in /data/folder/ get rwxrwx--- (or rwxrws--- for dirs)
>> and administrator.noadmins as the owners
>>
>> can you help us? could you please try to reproduce this?
>> we have to use minimum acls because we use netatalk also which doesn't
>> understand ext. acls!
>>
>> thx in advance
>>
>
>
--
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution
Deutscher Platz 6
D-04103 Leipzig
Germany
Phone: 49 (0)341 - 3550 137
More information about the samba
mailing list