[Samba] Cannot delete files from samba share

Wed May 31 13:06:53 GMT 2006

Hi all,

Following an upgrade from samba 2.2.8a to 3.0.22 we have been unable to 
delete files on a samba share using an XP client.  We were previously able 
to delete these files when using 2.2.8a. 

The problem occurs when we have a particular sub-set of permissions. 
Directory permissions on UNIX are set to 775 and ownerhips to usera : 
group1.  This should mean that either usera  or anyone who belongs to 
group1 should  be able to delete any file within the directory 
irrespective of what the file permissions and ownerships are.  From UNIX 
this is the case.  Using an XP client on samba 2.2.8a this is the case. On 
samba 3.0.22 this is not the case. 

 We have an application which writes files into the top level directory of 
the samba directory with permissions 544.The ownerships of the file are 
userb (i.e. different from the directory owner). group1 (i.e. the same as 
the directory).  If a third user, userc  who is a member of group1 (there 
is a force group directive on the share as well) comes along and attempts 
to delete the file through the samba share, the delete fails. 
Experimentation has shown the delete works if the file is writable by the 
user (e.g 744 cf  544) or the file is owned by the user trying to delete 
it.

 We have upgraded only a few of our servers to 3.0.22 and we have been 
able to reproduce the problem.    I have attached a script which run as 
root on UNIX  sets up a test share and appropriated file/dir permissions. 
Other details about are installation are given below

UNIX OS: Solaris 8, Solaris 9
PDC: Windows 2003

If anyone has any suggestions as to how this issue can be resolved, I 
would be grateful to hear from them

cheers

Neil

#!/bin/ksh

# TEST_DIR = UNIX directory being shared out ( The 'samba dir')
TEST_DIR=/smb_debug
# TEST_FILE = file used to demonstrate the problem
export TEST_FILE=${TEST_DIR}/test
# SMB_CONF = path to smb.conf
SMB_CONF=/path/to/your/smb.conf
# SHARENAME = the name for the samba share
SHARENAME=neil
# GROUP =  the group ownership on the 'samba dir'.  Membership of this 
group
# should permit files to be deleted from this directory.
GROUP=group1
# USER1 = the username attempting to delete files from the samba share. 
They
# must belong to ${GROUP}
USER1=usera
# USER2 = The user ownership on the 'samba dir'
USER2=userb
# USER3 = The user ownership on ${TEST_FILE}
USER3=userc

# On UNIX, make the directory shared out by samba if it does not exist
[[ ! -d ${TEST_DIR} ]] && mkdir ${TEST_DIR}

# Create the samba share if required
egrep \\[${SHARENAME}\\] ${SMB_CONF} >&- 2>&- || {
cat <<_EOT1__ >> ${SMB_CONF}
[${SHARENAME}]
        path = ${TEST_DIR}
        comment = "Test share for permissions issue"
        valid users = @${GROUP} 
        read only = no
        create mask = 755
        force group = ${GROUP}
_EOT1__
}

# Make the 'samba directory' owned by an account other than that which 
deletes
# the file.  Make the group ownership ${GROUP}.  Make the permissions such 
that
# members of ${GROUP} can delete (and create) files within ${TEST_DIR}.
chown ${USER2}:${GROUP} ${TEST_DIR}
chmod 775 ${TEST_DIR}

# Create the file we want to delete
touch ${TEST_FILE}

# Set file ownerships & perms so it is not writable
chmod 544 ${TEST_FILE}
chown ${USER3}:${GROUP} ${TEST_FILE}

# Show the permissions
echo "Initial permissions are as follows\n"
ls -ld ${TEST_DIR} ${TEST_FILE}

# As $USER1 show that we can delete the file from UNIX
echo "\n Deleting ${TEST_FILE}"
su - ${USER1} -c "rm -f ${TEST_FILE}" >&- 2>&-
if [[ ! -f ${TEST_FILE} ]];then
   echo "Test file deleted\n"
else
   echo "Failed to delete test file\n"
fi

# Re-create the file again
touch ${TEST_FILE}
chmod 544 ${TEST_FILE}
chown ${USER3}:${GROUP} ${TEST_FILE}

# Show the permissions
echo "Permissions following file re-creation are as follows\n"
ls -ld ${TEST_DIR} ${TEST_FILE}

echo "\nNow attempt to delete the file using a windows client" 

The information contained in this message may be CONFIDENTIAL and is intended for the addressee only.  Any unauthorised use, dissemination of the information, or copying of this message is prohibited. If you are not the addressee, please notify the sender immediately by return e-mail and delete this message. Although this e-mail and any attachments are believed to be free of any virus, or other defect which might affect any computer or system into which they are received and opened, it is the responsibility of the recipient to ensure that they are virus free and no responsibility is accepted by M&G for any loss or damage from receipt or use thereof.
Please note that all e-mail messages are subject to interception for lawful business purposes.