[Samba] force group broken in 3.0.14?
Hans Otto Lunde
ho at egmont-hs.dk
Sat May 7 13:38:49 GMT 2005
I've got some problems with file access control on a linux-server
with samba 3.0.14a compiled from a src-rpm. This is the method I've
been using for the past 5-6 releases. It's a redhat 8.0 machine
and the kernel version is 2.4.30. The problems seem to have appeared
since upgrading from 3.0.13.
Symptom 1: When using force group on a share, users from the two groups
edb and hjunderviser can save files but they can't delete them afterwards.
An "access denied"-error is the result of trying. They are not members of
the underviser-group, which is the idea behind using "force group =
underviser".
As you can see from the extract from the underviser-share, users actually
own the files, they save. But they can't delete them. I haven't changed the
configuration since it has worked just fine until now.
Is something broken in 3.0.14?
[underviser]
comment = Underviser
path = /home/afdeling/underviser
read only = no
force group = underviser
create mask = 660
directory mask = 770
valid users = +underviser +hjunderviser +edb
-rw-rw---- 1 sd underviser 1162770 Jan 2 16:47 JytteVagt.wpd
-rw-rw---- 1 li underviser 62526 Apr 28 19:34 kapsejl.pdf
drwxrwx--- 11 kb underviser 4096 Apr 22 11:55 kb
drwxrwx--- 5 bi underviser 4096 May 2 21:53 km
drwxrwx--- 2 sk underviser 4096 Feb 28 13:25 kv
drwxrwx--- 2 sk underviser 4096 Apr 28 19:31 Lisa
-rw-rw---- 1 kb underviser 10555 Apr 28 08:43 Longest time.pdf
Symptom 2: On another share I've got a folder used for scanning from a
photocopier using an account called scan. The idea is that once scanning is
done, the users can access the files from the Scan-folder. They can't delete
them but will instead copy them to somewhere else. See the permissions
below. The problem is that any user on the felles-share can delete the
Scan-folder. This has not been the case before.
Anyone got an idea if I missed something totally in release 3.0.14?
[felles]
comment = Faelles drev
path = /home/felles
read only = no
force user = felles
create mask = 660
directory mask = 770
valid users = +edb +underviser +hjunderviser +hha +pedel +kontor
-rw-rw---- 1 felles felles 346151 Feb 8 21:20 RIMG0490.JPG
-rw-rw---- 1 felles felles 348733 Feb 8 21:20 RIMG0491.JPG
drwxrwx--- 8 felles felles 4096 May 3 01:25 Robotter
drwxrwx--- 15 felles felles 4096 May 4 11:01 Rockmusik historie
drwxrwx--- 2 felles felles 4096 Mar 31 16:21 Rs_Torsdag
drwxr-x--- 2 scan felles 4096 May 7 00:50 Scan
drwxrwx--- 2 felles felles 4096 Jan 11 11:44 _Sejlads
drwxrwx--- 2 felles felles 4096 Mar 10 13:48 sk
-rw-rw---- 1 felles felles 25600 Feb 15 15:24 skat.doc
drwxrwx--- 3 felles felles 4096 May 3 19:04 Sommerkursus 2005
I noticed that the samba-server is not compiled --with-acl-support. It's
just
compiled with the settings in the src-rpm that I downloaded from samba.org.
This has never caused problems. Below is output from "smbd -b"
I hope I'm not missing out on something obvious and wasting peoples time.
Please enlighten me!
Hans Otto Lunde
Teacher & Sysadmin (somewhat..)
Egmont Højskolen
Denmark
Build environment:
Built by: root at eserver
Built on: Wed Apr 20 19:48:48 CEST 2005
Built using: gcc
Build host: Linux eserver 2.4.30 #1 Wed Apr 6 22:19:53 CEST 2005 i686
i686 i386 GNU/Linux
SRCDIR: /usr/src/redhat/BUILD/samba-3.0.14a/source
BUILDDIR: /usr/src/redhat/BUILD/samba-3.0.14a/source
Paths:
SBINDIR: /usr/sbin
BINDIR: /usr/bin
SWATDIR: /usr/share/swat
CONFIGFILE: /etc/samba/smb.conf
LOGFILEBASE: /var/log/samba
LMHOSTSFILE: /etc/samba/lmhosts
LIBDIR: /usr/lib/samba
SHLIBEXT: so
LOCKDIR: /var/lib/samba
PIDDIR: /var/run
SMB_PASSWD_FILE: /etc/samba/smbpasswd
PRIVATE_DIR: /etc/samba
System Headers:
HAVE_SYS_CDEFS_H
HAVE_SYS_FCNTL_H
HAVE_SYS_IOCTL_H
HAVE_SYS_IPC_H
HAVE_SYS_MMAN_H
HAVE_SYS_MOUNT_H
HAVE_SYS_PARAM_H
HAVE_SYS_QUOTA_H
HAVE_SYS_RESOURCE_H
HAVE_SYS_SELECT_H
HAVE_SYS_SHM_H
HAVE_SYS_SOCKET_H
HAVE_SYS_STATFS_H
HAVE_SYS_STATVFS_H
HAVE_SYS_STAT_H
HAVE_SYS_SYSCALL_H
HAVE_SYS_SYSLOG_H
HAVE_SYS_SYSMACROS_H
HAVE_SYS_TIME_H
HAVE_SYS_TYPES_H
HAVE_SYS_UNISTD_H
HAVE_SYS_VFS_H
HAVE_SYS_WAIT_H
HAVE_SYS_XATTR_H
Headers:
HAVE_ARPA_INET_H
HAVE_ASM_TYPES_H
HAVE_COM_ERR_H
HAVE_CTYPE_H
HAVE_DIRENT_H
HAVE_DLFCN_H
HAVE_EXECINFO_H
HAVE_FCNTL_H
HAVE_GLOB_H
HAVE_GRP_H
HAVE_GSSAPI_GSSAPI_GENERIC_H
HAVE_GSSAPI_GSSAPI_H
HAVE_INTTYPES_H
HAVE_KRB5_H
HAVE_LANGINFO_H
HAVE_LASTLOG_H
HAVE_LBER_H
HAVE_LDAP_H
HAVE_LIMITS_H
HAVE_LOCALE_H
HAVE_MEMORY_H
HAVE_MNTENT_H
HAVE_NETINET_IN_SYSTM_H
HAVE_NETINET_IP_H
HAVE_NETINET_TCP_H
HAVE_NET_IF_H
HAVE_NSS_H
HAVE_POLL_H
HAVE_RPCSVC_NIS_H
HAVE_RPCSVC_YPCLNT_H
HAVE_RPCSVC_YP_PROT_H
HAVE_RPC_RPC_H
HAVE_SECURITY_PAM_APPL_H
HAVE_SECURITY_PAM_MODULES_H
HAVE_SECURITY__PAM_MACROS_H
HAVE_SHADOW_H
HAVE_STDARG_H
HAVE_STDINT_H
HAVE_STDLIB_H
HAVE_STRINGS_H
HAVE_STRING_H
HAVE_STROPTS_H
HAVE_SYSCALL_H
HAVE_SYSLOG_H
HAVE_TERMIOS_H
HAVE_TERMIO_H
HAVE_UNISTD_H
HAVE_UTIME_H
UTMP Options:
HAVE_GETUTMPX
HAVE_UTMPX_H
HAVE_UTMP_H
HAVE_UT_UT_ADDR
HAVE_UT_UT_EXIT
HAVE_UT_UT_HOST
HAVE_UT_UT_ID
HAVE_UT_UT_NAME
HAVE_UT_UT_PID
HAVE_UT_UT_TIME
HAVE_UT_UT_TV
HAVE_UT_UT_TYPE
HAVE_UT_UT_USER
PUTUTLINE_RETURNS_UTMP
WITH_UTMP
HAVE_* Defines:
HAVE_ADDRTYPE_IN_KRB5_ADDRESS
HAVE_AP_OPTS_USE_SUBKEY
HAVE_ASPRINTF
HAVE_ASPRINTF_DECL
HAVE_ATEXIT
HAVE_BACKTRACE_SYMBOLS
HAVE_BER_SCANF
HAVE_C99_VSNPRINTF
HAVE_CHMOD
HAVE_CHOWN
HAVE_CHROOT
HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS
HAVE_CONNECT
HAVE_CREAT64
HAVE_CRYPT
HAVE_CUPS
HAVE_DES_SET_KEY
HAVE_DEVICE_MAJOR_FN
HAVE_DEVICE_MINOR_FN
HAVE_DIRENT_D_OFF
HAVE_DLCLOSE
HAVE_DLERROR
HAVE_DLOPEN
HAVE_DLSYM
HAVE_DUP2
HAVE_ENDMNTENT
HAVE_ENDNETGRENT
HAVE_ERRNO_DECL
HAVE_EXECL
HAVE_EXPLICIT_LARGEFILE_SUPPORT
HAVE_FCHMOD
HAVE_FCHOWN
HAVE_FCNTL_LOCK
HAVE_FCVT
HAVE_FGETXATTR
HAVE_FLISTXATTR
HAVE_FOPEN64
HAVE_FREMOVEXATTR
HAVE_FSEEKO64
HAVE_FSETXATTR
HAVE_FSTAT
HAVE_FSTAT64
HAVE_FSYNC
HAVE_FTELLO64
HAVE_FTRUNCATE
HAVE_FTRUNCATE64
HAVE_FTRUNCATE_EXTEND
HAVE_FUNCTION_MACRO
HAVE_GETCWD
HAVE_GETDIRENTRIES
HAVE_GETGRENT
HAVE_GETGRNAM
HAVE_GETMNTENT
HAVE_GETNETGRENT
HAVE_GETRLIMIT
HAVE_GETSPNAM
HAVE_GETTIMEOFDAY_TZ
HAVE_GETXATTR
HAVE_GLOB
HAVE_GRANTPT
HAVE_GSSAPI
HAVE_GSS_DISPLAY_STATUS
HAVE_ICONV
HAVE_IFACE_IFCONF
HAVE_IMMEDIATE_STRUCTURES
HAVE_INITGROUPS
HAVE_INNETGR
HAVE_KERNEL_CHANGE_NOTIFY
HAVE_KERNEL_OPLOCKS_LINUX
HAVE_KERNEL_SHARE_MODES
HAVE_KRB5
HAVE_KRB5_AUTH_CON_SETUSERUSERKEY
HAVE_KRB5_C_ENCTYPE_COMPARE
HAVE_KRB5_ENCRYPT_BLOCK
HAVE_KRB5_ENCRYPT_DATA
HAVE_KRB5_FREE_DATA_CONTENTS
HAVE_KRB5_FREE_KEYTAB_ENTRY_CONTENTS
HAVE_KRB5_FREE_KTYPES
HAVE_KRB5_FREE_UNPARSED_NAME
HAVE_KRB5_GET_PERMITTED_ENCTYPES
HAVE_KRB5_KEYBLOCK_IN_CREDS
HAVE_KRB5_KEYTAB_ENTRY_KEY
HAVE_KRB5_KT_FREE_ENTRY
HAVE_KRB5_LOCATE_KDC
HAVE_KRB5_MK_REQ_EXTENDED
HAVE_KRB5_PRINCIPAL2SALT
HAVE_KRB5_PRINC_COMPONENT
HAVE_KRB5_SET_DEFAULT_TGS_KTYPES
HAVE_KRB5_SET_REAL_TIME
HAVE_KRB5_STRING_TO_KEY
HAVE_KRB5_TKT_ENC_PART2
HAVE_KRB5_USE_ENCTYPE
HAVE_KV5M_KEYTAB
HAVE_LDAP
HAVE_LDAP_DOMAIN2HOSTLIST
HAVE_LDAP_INIT
HAVE_LDAP_INITIALIZE
HAVE_LDAP_SET_REBIND_PROC
HAVE_LGETXATTR
HAVE_LIBCOM_ERR
HAVE_LIBCRYPTO
HAVE_LIBGSSAPI_KRB5
HAVE_LIBK5CRYPTO
HAVE_LIBKRB5
HAVE_LIBLBER
HAVE_LIBLDAP
HAVE_LIBPAM
HAVE_LIBRESOLV
HAVE_LINK
HAVE_LINUX_XFS_QUOTAS
HAVE_LISTXATTR
HAVE_LLISTXATTR
HAVE_LLSEEK
HAVE_LONGLONG
HAVE_LREMOVEXATTR
HAVE_LSEEK64
HAVE_LSETXATTR
HAVE_LSTAT64
HAVE_MAKEDEV
HAVE_MEMMOVE
HAVE_MEMSET
HAVE_MKNOD
HAVE_MKTIME
HAVE_MMAP
HAVE_NANOSLEEP
HAVE_NATIVE_ICONV
HAVE_NL_LANGINFO
HAVE_NO_ACLS
HAVE_OPEN64
HAVE_PATHCONF
HAVE_PIPE
HAVE_POLL
HAVE_PREAD
HAVE_PREAD64
HAVE_PUTUTLINE
HAVE_PUTUTXLINE
HAVE_PWRITE
HAVE_PWRITE64
HAVE_QUOTACTL_LINUX
HAVE_RAND
HAVE_RANDOM
HAVE_READDIR64
HAVE_READLINK
HAVE_REALPATH
HAVE_REMOVEXATTR
HAVE_RENAME
HAVE_ROOT
HAVE_SECURE_MKSTEMP
HAVE_SELECT
HAVE_SENDFILE64
HAVE_SETBUFFER
HAVE_SETENV
HAVE_SETGROUPS
HAVE_SETLINEBUF
HAVE_SETLOCALE
HAVE_SETMNTENT
HAVE_SETNETGRENT
HAVE_SETPGID
HAVE_SETRESGID
HAVE_SETRESGID_DECL
HAVE_SETRESUID
HAVE_SETRESUID_DECL
HAVE_SETSID
HAVE_SETXATTR
HAVE_SHMGET
HAVE_SIGACTION
HAVE_SIGBLOCK
HAVE_SIGPROCMASK
HAVE_SIGSET
HAVE_SIG_ATOMIC_T_TYPE
HAVE_SNPRINTF
HAVE_SNPRINTF_DECL
HAVE_SOCKLEN_T_TYPE
HAVE_SRAND
HAVE_SRANDOM
HAVE_STAT64
HAVE_STAT_ST_BLKSIZE
HAVE_STAT_ST_BLOCKS
HAVE_STRCASECMP
HAVE_STRCHR
HAVE_STRDUP
HAVE_STRERROR
HAVE_STRFTIME
HAVE_STRNDUP
HAVE_STRNLEN
HAVE_STRPBRK
HAVE_STRTOUL
HAVE_STRUCT_DIRENT64
HAVE_STRUCT_FLOCK64
HAVE_STRUCT_STAT_ST_RDEV
HAVE_ST_RDEV
HAVE_SYMLINK
HAVE_SYSCALL
HAVE_SYSCONF
HAVE_SYSLOG
HAVE_SYS_QUOTAS
HAVE_TIMEGM
HAVE_UNIXSOCKET
HAVE_UPDWTMP
HAVE_UPDWTMPX
HAVE_USLEEP
HAVE_UTIMBUF
HAVE_UTIME
HAVE_UTIMES
HAVE_VASPRINTF
HAVE_VASPRINTF_DECL
HAVE_VA_COPY
HAVE_VOLATILE
HAVE_VSNPRINTF
HAVE_VSNPRINTF_DECL
HAVE_VSYSLOG
HAVE_WAITPID
HAVE_XFS_QUOTAS
HAVE_YP_GET_DEFAULT_DOMAIN
HAVE__ET_LIST
HAVE___CLOSE
HAVE___DUP2
HAVE___FCNTL
HAVE___FORK
HAVE___FSTAT
HAVE___FXSTAT
HAVE___LSEEK
HAVE___LSTAT
HAVE___LXSTAT
HAVE___OPEN
HAVE___OPEN64
HAVE___PREAD64
HAVE___PWRITE64
HAVE___READ
HAVE___STAT
HAVE___WRITE
HAVE___XSTAT
--with Options:
WITH_ADS
WITH_PAM
WITH_QUOTAS
WITH_SENDFILE
WITH_SMBMOUNT
WITH_SYSLOG
WITH_UTMP
WITH_WINBIND
Build Options:
BROKEN_NISPLUS_INCLUDE_FILES
COMPILER_SUPPORTS_LL
DEFAULT_DISPLAY_CHARSET
DEFAULT_DOS_CHARSET
DEFAULT_UNIX_CHARSET
LDAP_SET_REBIND_PROC_ARGS
LINUX
LINUX_SENDFILE_API
PACKAGE_BUGREPORT
PACKAGE_NAME
PACKAGE_STRING
PACKAGE_TARNAME
PACKAGE_VERSION
REALPATH_TAKES_NULL
REPLACE_GETPASS
RETSIGTYPE
SEEKDIR_RETURNS_VOID
SIZEOF_INO_T
SIZEOF_INT
SIZEOF_LONG
SIZEOF_OFF_T
SIZEOF_SHORT
STAT_STATVFS64
STAT_ST_BLOCKSIZE
STDC_HEADERS
STRING_STATIC_MODULES
SYSCONF_SC_NGROUPS_MAX
TIME_WITH_SYS_TIME
USE_SETRESUID
WITH_ADS
WITH_PAM
WITH_QUOTAS
WITH_SENDFILE
WITH_SMBMOUNT
WITH_SYSLOG
WITH_WINBIND
_FILE_OFFSET_BITS
_GNU_SOURCE
_LARGEFILE64_SOURCE
_POSIX_C_SOURCE
_POSIX_SOURCE
charset_CP437_init
charset_CP850_init
idmap_rid_init
offset_t
static_init_auth
static_init_charset
static_init_idmap
static_init_pdb
static_init_rpc
static_init_vfs
vfs_audit_init
vfs_cap_init
vfs_default_quota_init
vfs_expand_msdfs_init
vfs_extd_audit_init
vfs_fake_perms_init
vfs_full_audit_init
vfs_netatalk_init
vfs_readonly_init
vfs_recycle_init
vfs_shadow_copy_init
Type sizes:
sizeof(char): 1
sizeof(int): 4
sizeof(long): 4
sizeof(uint8): 1
sizeof(uint16): 2
sizeof(uint32): 4
sizeof(short): 2
sizeof(void*): 4
Builtin modules:
pdb_ldap pdb_smbpasswd pdb_tdbsam pdb_guest rpc_lsa rpc_reg rpc_lsa_ds
rpc_wks rpc_net rpc_dfs rpc_srv rpc_spoolss rpc_samr idmap_ldap idmap_tdb
auth_rhosts auth_sam auth_unix auth_winbind auth_server auth_domain
auth_builtin
More information about the samba
mailing list