[Samba] Mac OSX breaking POSIX rights with SMB/CIFS

Mon May 30 08:06:18 GMT 2005

[UPDATE]

i'm no able to specify our problem i little bit more:

the problem only occurs with MS Office Word for Mac OSX (version X and 
2004; recent patches)

1) create a new document (word doc) in a "share" (e.g. points to 
/data/share) with MacOSX

2) access a share, which is located *above* "share" (e.g. points to 
/data) with MacOSX

3) modify the document and save

=> at this moment, the document gets weird group ownerships (no matter 
if you work with force group or sgid bit on directories)

we could see the following group ownerships on different server systems:

NT 4.0 -> group is set to group from superior share (e.g. /data); 
inheritance of other groups is not honored

samba v3 -> group is set to something totally different; neither the 
group of /data nor /data/share nor the given group in "force group" - 
parameters

win2k3 server -> group is set to group from superior share (e.g. /data); 
inheritance of other groups is not honored

we think this is a bug
we could not see anything in a trace on the coresponding samba process 
nor in an ethereal dump - of course i'm willing to provide you with our 
dumps

it would be nice, if you would assist us and try to reproduce this 
behaviour!

man thanks in advance

Michael Gasch wrote:
> hi list,
> 
> we recently saw the following weird behaviour on samba v3.0.13 with 
> MacOSX panther and tiger as clients
> 
> --setup--
> 
> [share1]
> path = /data
> valid users = @admins
> force user = administrator
> inherit permissions = yes
> force create mode = 770
> force directory mode = 2770
> 
> [share2]
> path = /data/folder
> valid users = @noadmins
> force user = administrator
> inherit permissions = yes
> force create mode = 770
> force directory mode = 2770
> 
> where:
> 
> /data        administrator.admins        rwxrwsr-x
> /data/folder    administrator.noadmins        rwxrws---
> 
> members of @admins are also members of @noadmins
> 
> --setup--
> 
> if you connect from MaxOSX (smb/cifs) to share2 and create a file the 
> file looks like
> 
> /data/folder/new.txt    administrator.noadmins        rwxrwx---
> 
> if you connect now from MaxOSX (smb/cifs) to share1 and create a file in 
> /data/folder the file looks like
> 
> /data/folder/new2.txt    administrator.*admins*        rwxrwx---
> 
> even if you modify new.txt and save it it gets this group change 
> (noadmins->admins) - so nobody from noadmins is able to modify those 
> files anymore :(
> 
> we were able to reproduce this on a windows NT fileserver in the same 
> setup (of course with equivalent NTFS/share rights)
> 
> if you follow this procedure with a windows client everything looks like 
> it should:
> 
> all files/dirs in /data/folder/ get rwxrwx--- (or rwxrws--- for dirs) 
> and administrator.noadmins as the owners
> 
> can you help us? could you please try to reproduce this?
> we have to use minimum acls because we use netatalk also which doesn't 
> understand ext. acls!
> 
> thx in advance
> 

-- 
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution
Deutscher Platz 6
D-04103 Leipzig
Germany

Phone: 49 (0)341 - 3550 137