[Samba] Strange Samba permissions

Felipe Augusto van de Wiel felipe at paranacidade.org.br
Wed Oct 25 13:59:17 GMT 2006


On 10/16/2006 08:50 AM, Sascha escreveu:
> Hi,
> I am really stuggeling with Samba, searched forums and checked 
 > tutorials, so far with no success. So you are my last resort
 > and probably the first place I should have checked, but I am
 > completly new to mail groups, so please be patient with me.

	Welcome aboard.


> Users can log in to the Samba PDC domain successfully and get 
 > the login script executed just fine.
> 
> But: 
> 1.) If user A is creating a file then user B can not delete 
 > that file.

	'force create mode' should help you on this. 'force user'
	could also help (and perhaps 'force group').


> 2.) Also no user can create a folder, only files. Windows XP 
 > client shows a message "Access denied".

	That's weird.


> 3.) If I login as a user and create a file in the 
 > /etc/samba/data/all folder with VI I can not edit this file
 > via SMB, WinXP client.

	Ok, tell me that you are not using /etc/ to store your
	users files and directories. :)



> I certainly have a permission problem, but I don't know where... 
 > Did try different settings, from including inherit options to
 > force create mode, umask, but nothing. So I am very glad for
 > any advise on this.

	I hope the below could help you.


> I don't have access to the machine right now, but if I remember 
 > right it is running Samba v3.0.23a. It is the latest yum update
 > on Fedora Core5.
> Best regards
> .. Sascha


> I created a folder and set chmod 0777. Thought this must work - only for testing purpose. Would set it too 0770, or?!
> ********************************************
> [root at server all]# ls -la
> total 32
> drwxrwxrwx 3 root   all 4096 Oct 16 00:04 .
> drwxrwxrwx 5 root   all 4096 Oct 12 20:39 ..
> drwxrwxrwx 2 root   all 4096 Oct 15 23:31 test
> -rwxrwxrwx 1 hatice all    8 Oct 13 20:51 test.hat
> ********************************************

	This is *very* permissive. :)


> and set Samba to share this folder:
> ********************************************
> [all]
> comment = "All"
> path = /etc/samba/data/all
> public = no
> browseable = yes
> writeable = yes
> force group = all
> force create mode = 0777
> force directory mode = 0770
> ********************************************

	You should store your data files outside /etc.


> In the smbd.log I get the following message on Samba service START:
> ********************************************
> [2006/10/16 00:13:29, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71)
>   Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
> [2006/10/16 00:13:29, 0] auth/auth_util.c:create_builtin_administrators(785)
>   create_builtin_administrators: Failed to create Administrators
> [2006/10/16 00:13:29, 2] auth/auth_util.c:create_local_nt_token(899)
>   create_local_nt_token: Failed to create BUILTIN\Administrators group!
> [2006/10/16 00:13:29, 0] auth/auth_util.c:create_builtin_users(751)
>   create_builtin_users: Failed to create Users
> [2006/10/16 00:13:29, 2] auth/auth_util.c:create_local_nt_token(926)
>   create_local_nt_token: Failed to create BUILTIN\Users group!
> [2006/10/16 00:13:29, 0] auth/auth_util.c:create_builtin_administrators(785)
>   create_builtin_administrators: Failed to create Administrators
> [2006/10/16 00:13:29, 2] auth/auth_util.c:create_local_nt_token(899)
>   create_local_nt_token: Failed to create BUILTIN\Administrators group!
> [2006/10/16 00:13:29, 0] auth/auth_util.c:create_builtin_users(751)
>   create_builtin_users: Failed to create Users
> [2006/10/16 00:13:29, 2] auth/auth_util.c:create_local_nt_token(926)
>   create_local_nt_token: Failed to create BUILTIN\Users group!
> [2006/10/16 00:13:29, 2] smbd/server.c:open_sockets_smbd(384)
> ********************************************

	Did you map the groups? Using 'net groupmap' command? And
did you read the release notes of 3.0.23? There are significant
change on how the groups are handled.


> And these error messages when I try to CREATE a folder via SMB Client via Win XP:
> ********************************************
> [2006/10/16 00:09:27, 1] smbd/service.c:make_connection_snum(941)
>   others (10.11.12.65) connect to service all initially as user sascha (uid=501, gid=600) (pid 7528)
> [2006/10/16 00:09:27, 2] smbd/reply.c:reply_tcon_and_X(711)
>   Serving all as a Dfs root
> [2006/10/16 00:09:29, 2] smbd/open.c:open_directory(1936)
>   open_directory: unable to create New Folder. Error was Permission denied
> [2006/10/16 00:09:29, 2] smbd/open.c:open_directory(1936)
>   open_directory: unable to create New Folder. Error was Permission denied
> [2006/10/16 00:09:29, 2] smbd/open.c:open_directory(1936)
>   open_directory: unable to create New Folder (2). Error was Permission denied
> [2006/10/16 00:09:29, 2] smbd/open.c:open_directory(1936)
>   open_directory: unable to create New Folder (2). Error was Permission denied
> [2006/10/16 00:09:32, 2] smbd/open.c:open_file(352)
> ********************************************

	You should check the net groupmap.

	Kind regards,

-- 
Felipe Augusto van de Wiel <felipe at paranacidade.org.br>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/           Phone: (+55 41 3350 3300)


More information about the samba mailing list