[Samba] Strange file permissions

Sat Dec 1 17:34:21 GMT 2007

This problem appeared to have been sorted, but came back today. I have set the directives valid
users and force group.
Any advice on what log level setting I should set to try and pick this problem up in the logs?

Is there any plans to improve the on-line help for problem solving with Samba? How about a
website/wiki with columns:

Symptom | Perform check | Action if ok | Action if fail |

where the action columns could be hyperlinked to other symptom/check lines as needed. At present it
is limited to the part V of the "The Official Samba-3 HOWTO and Reference Guide" A Wiki would allow
such a table to be easily updated, probably with answered queries from the mailing list. I regret I
do not have the available time to try working on such a project.

Mark Adams wrote:
> In my opinion even your no access folder should use a group. Make your 
> lowest permissions group nogroup then add all users to the group. Then 
> change smb conf user security entry to valid users = @nogroup
> 
> Mark.
> 
> 
> On 26 Nov 2007, at 22:59, DNL <dnl at livstones.freeserve.co.uk> wrote:
> 
>>
>>
>> Mark Adams wrote:
>>> Is sgid on the top level dir?
>> Set for subdirectory cp, but not for projects as different directories 
>> at that level require no access control
>> /projects/cp# ls -al
>> total 164
>> drwxrws--- 26 dnl     cp         4096 2007-11-23 15:37 .
>> drwxr-xr-x 17 root    root       4096 2007-11-16 22:35 ..
>> drwxrws---  2 daniel  cp         4096 2007-06-18 11:52 4 Spencer Close
>> drwxrws---  2 daniel  cp         4096 2007-09-01 19:20 Addresses
>>
>>> Also have you tried force group samba option?
>> My understanding is that this would force the same group for all the 
>> PROJECT share, but I only want it for a subdirectory. Am I forced into 
>> making projects/cp a separate share and using this samba option?
>>> Mark.
>> Thanks for your response.
>> Dave.
>>> On 24 Nov 2007, at 13:13, DNL <dnl at livstones.freeserve.co.uk> wrote:
>>>> Hi
>>>> I have a samba server with tdbsam passwords, and a share, PROJECTS,
>>>> which is accessed by various XP home clients, the usenames and 
>>>> passwords
>>>> being manually synced to the samba ones (less than 10 users, and only 4
>>>> workstations). There is one win2K machine, which is a domain member. 
>>>> Subdirectories on PROJECTS have g+s set, so only users,
>>>> who are members of specific Linux groups, have access to the files 
>>>> in them.
>>>> Recently, a laptop with XP professional has been connected, and the 
>>>> user
>>>> on it can access the correct directories, but when he edits or 
>>>> creates a
>>>> file, the group owner and file permissions are wrong:
>>>>
>>>> /home/projects/cp/CP 2007# ls -alt
>>>> total 2932
>>>> drwxrwsrw-  4 daniel  cp              4096 2007-11-24 12:35 .
>>>> -r--------  1 haffers BUILTIN\users 197120 2007-11-24 12:34 CP 11 
>>>> Nova.xls
>>>> -rw-rw-rw-  1 haffers BUILTIN\users 199168 2007-11-23 19:47 CP 10 
>>>> Octa.xls
>>>> drwxrwsrwx  2 daniel  cp              4096 2007-11-23 19:34 FORMS 2007
>>>> -rw-rw-rw-  1 haffers BUILTIN\users 299520 2007-11-23 19:20 2007 
>>>> ANALYSIS.xls
>>>> drwxrws--- 26 dnl     cp              4096 2007-11-23 15:37 ..
>>>> -r--------  1 haffers BUILTIN\users 197120 2007-11-23 14:40 CP 10 
>>>> Oct.xls
>>>> -rwxrwx---  1 haffers cp            196608 2007-11-18 18:51 CP 11 
>>>> Nov.xls
>>>> -rwxrwx---  1 haffers cp            192512 2007-11-18 17:47 CP 09 
>>>> Sep.xls
>>>>
>>>> The files he creates are therefore unusable until permissions are 
>>>> changed.
>>>> Various searches on the internet and reading of the Samba documentation
>>>> have failed give me any idea on why this is happening, or how to put it
>>>> right. How is Samba managing to not respecting the Linux g+s bit? 
>>>> How do I make this system work correctly? Can you assist?
>>>>
Background information from earlier emails pruned.
The system id Debian Stable, up to date - including no SWAT as that depends on the earlier version
of samba-doc - work in progress, I assume.

Regards

David Lee
============================
Living Stones, Flore Uk
Mobile: 07736 227 260

Electrical Engineer