[Samba] Unusual permissions problem [SOLUTION]

Ray Anderson rsa at rb-com.com
Fri Jun 10 18:31:39 GMT 2005 

Replying to my own message.	

It turns out the I have samba-vscan-clamav installed, and it WAS running as clamav, which of course couldn't read the file.  I have
the access such that vscan failure = access denied, so changed the running user to root for the clamav service and life is good.

Thanks,

-=Ray

> -----Original Message-----
> From: samba-bounces+rsa=rb-com.com at lists.samba.org 
> [mailto:samba-bounces+rsa=rb-com.com at lists.samba.org] On 
> Behalf Of Ray Anderson
> Sent: Friday, June 10, 2005 8:23 AM
> To: samba at lists.samba.org
> Subject: [Samba] Unusual permissions problem
> 
> Hello,
> 
> I have an issue with samba-3.0.10-1.fc3 permissions.
> 
> The situation is this:
> 
> I have a client that wants one user to have write permission 
> to a directory, but a GROUP of users to have read access.  Simple,
> right?  First, I set up the directory structure per Linux:
> 
> (According to the samba guide, it's more efficient to use 
> sticky bits on the directory instead of using the force user 
> clause in the
> smb.conf file.)
> 
> drwsr-s---   2 tcuser tcgroup 8.0K Jun 10 08:06 timecards
> 
> Testing:
> 	Log in as a user who is a member of the tcgroup, can 
> read all files in the tree:  Success
> 	Log in as tcuser, can read, write, and delete all files 
> in the tree:  Success
> 
> So I'm feeling pretty good about the Linux permissions.  Now 
> time to create the share:
> 
> 
> [timecards]
>    comment = Timecards
>    path = /timecards
>    create mask = 0640
>    write list = tcuser
>    valid users = tcuser, @tcgroup
> 
> If I understand correctly, and obviously I don't, the write 
> list and valid users lines are redundant, as Samba is supposed to use
> the file system permissions.
> 
> Now the issue:
> 
> I log in (via smbclient) as tcuser:  Success
> 
> Put a file into the share:  Success
> 
> Rename the file:  Success
> 
> Get the file back:  Access Denied.
> 
> So this user can put files but cannot read them back.  (!)
> 
> The really strange thing is if I set the world read bit to 
> the file, then tcuser can read the file just fine, but from a 
> Linux file
> permission perspective, that's a really bad thing, right?
> 
> Any advice for this?
> 
> Many thanks in advance,
> 
> -=Ray
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>

More information about the samba mailing list