[Samba] hide unreadable files

Diego Alejandro Cheda diegocheda at hotmail.com
Fri Nov 9 16:24:08 GMT 2007

Hi Charles! Thanks for your ideas! 
I read this post http://lists.samba.org/archive/samba/2007-July/133723.html and found some similarities with the behavior of my configuration. For example, sometimes a user can delete files or directories with "r-x" permissions. Then, I upgrade to samba 3.0.26a. I don't know if this is a good idea, but at least users can't delete files/directories now (I think).
However, the problem still existing with the "hide unreadable = Yes" option. I understand now the behavior. For example, I have two directories in a share directory "groups" with the following ACL entries:
# file: groups# owner: root# group: rootuser::rwxgroup::r-x
# file: dir1# owner: root# group: rootuser::rwxgroup::r-xgroup:admins:rwxmask::rwxother::---
# file: dir2# owner: root# group: rootuser::rwxgroup::---other::---And I have a user "joe" that belongs to the group "users". Then, if "joe" map the share directory, he can see only dir1 and dir2 is not visible for his. Also, "joe" should not see dir1. 
Now, if I change the ACL permissions of dir2 to the following:
# file: dir2# owner: root# group: rootuser::rwxgroup::r-xgroup:admins:rwxmask::rwxother::---
"joe" can see (incorrectly) both directories. Believe me, I don't understand. I don't know if this "errors" are for a bad configuration or what...
I'm using: debian etch 4.0r1 amd64, kernel 2.6.18-5-amd64, samba 3.0.26a, XFS file system with acl support and quotas and LDAP for user authentication.
This is my smb.conf:
	workgroup = NT-DEQ
	server string = %h server
	obey pam restrictions = Yes
	passdb backend = ldapsam:ldap://
	passwd program = /usr/sbin/smbldap-passwd '%u'
	syslog = 0
	log file = /var/log/samba/log.%m
	max log size = 1000
	printcap name = cups
	add user script = /usr/sbin/smbldap-useradd -a -m -k '%u'
	delete user script = /usr/sbin/smbldap-userdel -r '%u'
	add group script = /usr/sbin/smbldap-groupadd -p '%g'
	delete group script = /usr/sbin/smbldap-groupdel '%g'
	add user to group script = /usr/sbin/smbldap-groupmod -m -k '%u' '%g'
	delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g'
	set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
	add machine script = /usr/sbin/smbldap-useradd -w '%u'
	dns proxy = No
	ldap admin dn = cn=admin,dc=upc,dc=es
	ldap group suffix = ou=groups
	ldap suffix = dc=upc,dc=es
	ldap ssl = no
	ldap user suffix = ou=users
	panic action = /usr/share/samba/panic-action %d
	invalid users = root
	profile acls = Yes
	map acl inherit = Yes
	hide unreadable = Yes
	map hidden = Yes

	comment = Home Directories
	valid users = %S
	read only = No
	create mask = 0700
	directory mask = 0700
	browseable = No
	comment = Grups Files
	path = /home/groups
	read only = No Thank you very much!!!    Diego 
Express yourself instantly with MSN Messenger! Download today it's FREE!

More information about the samba mailing list