[Samba] Unusual permissions problem [SOLUTION]
rsa at rb-com.com
Fri Jun 10 18:31:39 GMT 2005
Replying to my own message.
It turns out the I have samba-vscan-clamav installed, and it WAS running as clamav, which of course couldn't read the file. I have
the access such that vscan failure = access denied, so changed the running user to root for the clamav service and life is good.
> -----Original Message-----
> From: samba-bounces+rsa=rb-com.com at lists.samba.org
> [mailto:samba-bounces+rsa=rb-com.com at lists.samba.org] On
> Behalf Of Ray Anderson
> Sent: Friday, June 10, 2005 8:23 AM
> To: samba at lists.samba.org
> Subject: [Samba] Unusual permissions problem
> I have an issue with samba-3.0.10-1.fc3 permissions.
> The situation is this:
> I have a client that wants one user to have write permission
> to a directory, but a GROUP of users to have read access. Simple,
> right? First, I set up the directory structure per Linux:
> (According to the samba guide, it's more efficient to use
> sticky bits on the directory instead of using the force user
> clause in the
> smb.conf file.)
> drwsr-s--- 2 tcuser tcgroup 8.0K Jun 10 08:06 timecards
> Log in as a user who is a member of the tcgroup, can
> read all files in the tree: Success
> Log in as tcuser, can read, write, and delete all files
> in the tree: Success
> So I'm feeling pretty good about the Linux permissions. Now
> time to create the share:
> comment = Timecards
> path = /timecards
> create mask = 0640
> write list = tcuser
> valid users = tcuser, @tcgroup
> If I understand correctly, and obviously I don't, the write
> list and valid users lines are redundant, as Samba is supposed to use
> the file system permissions.
> Now the issue:
> I log in (via smbclient) as tcuser: Success
> Put a file into the share: Success
> Rename the file: Success
> Get the file back: Access Denied.
> So this user can put files but cannot read them back. (!)
> The really strange thing is if I set the world read bit to
> the file, then tcuser can read the file just fine, but from a
> Linux file
> permission perspective, that's a really bad thing, right?
> Any advice for this?
> Many thanks in advance,
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
More information about the samba