[Samba] Cannot delete files from samba share

Wed May 31 20:03:35 GMT 2006

sounds like you're hitting "map readonly"
please play with it and see man smb.conf

greez

Neil.Macoustra at MandG.co.uk wrote:
> Hi all,
> 
> Following an upgrade from samba 2.2.8a to 3.0.22 we have been unable to 
> delete files on a samba share using an XP client.  We were previously able 
> to delete these files when using 2.2.8a. 
> 
> The problem occurs when we have a particular sub-set of permissions. 
> Directory permissions on UNIX are set to 775 and ownerhips to usera : 
> group1.  This should mean that either usera  or anyone who belongs to 
> group1 should  be able to delete any file within the directory 
> irrespective of what the file permissions and ownerships are.  From UNIX 
> this is the case.  Using an XP client on samba 2.2.8a this is the case. On 
> samba 3.0.22 this is not the case. 
> 
>  We have an application which writes files into the top level directory of 
> the samba directory with permissions 544.The ownerships of the file are 
> userb (i.e. different from the directory owner). group1 (i.e. the same as 
> the directory).  If a third user, userc  who is a member of group1 (there 
> is a force group directive on the share as well) comes along and attempts 
> to delete the file through the samba share, the delete fails. 
> Experimentation has shown the delete works if the file is writable by the 
> user (e.g 744 cf  544) or the file is owned by the user trying to delete 
> it.
> 
>  We have upgraded only a few of our servers to 3.0.22 and we have been 
> able to reproduce the problem.    I have attached a script which run as 
> root on UNIX  sets up a test share and appropriated file/dir permissions. 
> Other details about are installation are given below
> 
> UNIX OS: Solaris 8, Solaris 9
> PDC: Windows 2003
> 
> If anyone has any suggestions as to how this issue can be resolved, I 
> would be grateful to hear from them
> 
> cheers
> 
> Neil
> 
> #!/bin/ksh
> 
> # TEST_DIR = UNIX directory being shared out ( The 'samba dir')
> TEST_DIR=/smb_debug
> # TEST_FILE = file used to demonstrate the problem
> export TEST_FILE=${TEST_DIR}/test
> # SMB_CONF = path to smb.conf
> SMB_CONF=/path/to/your/smb.conf
> # SHARENAME = the name for the samba share
> SHARENAME=neil
> # GROUP =  the group ownership on the 'samba dir'.  Membership of this 
> group
> # should permit files to be deleted from this directory.
> GROUP=group1
> # USER1 = the username attempting to delete files from the samba share. 
> They
> # must belong to ${GROUP}
> USER1=usera
> # USER2 = The user ownership on the 'samba dir'
> USER2=userb
> # USER3 = The user ownership on ${TEST_FILE}
> USER3=userc
> 
> # On UNIX, make the directory shared out by samba if it does not exist
> [[ ! -d ${TEST_DIR} ]] && mkdir ${TEST_DIR}
> 
> # Create the samba share if required
> egrep \\[${SHARENAME}\\] ${SMB_CONF} >&- 2>&- || {
> cat <<_EOT1__ >> ${SMB_CONF}
> [${SHARENAME}]
>         path = ${TEST_DIR}
>         comment = "Test share for permissions issue"
>         valid users = @${GROUP} 
>         read only = no
>         create mask = 755
>         force group = ${GROUP}
> _EOT1__
> }
> 
> # Make the 'samba directory' owned by an account other than that which 
> deletes
> # the file.  Make the group ownership ${GROUP}.  Make the permissions such 
> that
> # members of ${GROUP} can delete (and create) files within ${TEST_DIR}.
> chown ${USER2}:${GROUP} ${TEST_DIR}
> chmod 775 ${TEST_DIR}
> 
> # Create the file we want to delete
> touch ${TEST_FILE}
> 
> # Set file ownerships & perms so it is not writable
> chmod 544 ${TEST_FILE}
> chown ${USER3}:${GROUP} ${TEST_FILE}
> 
> # Show the permissions
> echo "Initial permissions are as follows\n"
> ls -ld ${TEST_DIR} ${TEST_FILE}
> 
> # As $USER1 show that we can delete the file from UNIX
> echo "\n Deleting ${TEST_FILE}"
> su - ${USER1} -c "rm -f ${TEST_FILE}" >&- 2>&-
> if [[ ! -f ${TEST_FILE} ]];then
>    echo "Test file deleted\n"
> else
>    echo "Failed to delete test file\n"
> fi
> 
> # Re-create the file again
> touch ${TEST_FILE}
> chmod 544 ${TEST_FILE}
> chown ${USER3}:${GROUP} ${TEST_FILE}
> 
> # Show the permissions
> echo "Permissions following file re-creation are as follows\n"
> ls -ld ${TEST_DIR} ${TEST_FILE}
> 
> echo "\nNow attempt to delete the file using a windows client" 
> 
> 
> 
> The information contained in this message may be CONFIDENTIAL and is intended for the addressee only.  Any unauthorised use, dissemination of the information, or copying of this message is prohibited. If you are not the addressee, please notify the sender immediately by return e-mail and delete this message. Although this e-mail and any attachments are believed to be free of any virus, or other defect which might affect any computer or system into which they are received and opened, it is the responsibility of the recipient to ensure that they are virus free and no responsibility is accepted by M&G for any loss or damage from receipt or use thereof.
> Please note that all e-mail messages are subject to interception for lawful business purposes.
>