[Samba] Strange file permissions

Mark Adams mark at campbell-lange.net
Mon Nov 26 19:00:39 GMT 2007 

Is sgid on the top level dir?

Also have you tried force group samba option?

Mark.


On 24 Nov 2007, at 13:13, DNL <dnl at livstones.freeserve.co.uk> wrote:

> Hi
> I have a samba server with tdbsam passwords, and a share, PROJECTS,
> which is accessed by various XP home clients, the usenames and  
> passwords
> being manually synced to the samba ones (less than 10 users, and  
> only 4
> workstations). There is one win2K machine, which is a domain member.  
> Subdirectories on PROJECTS have g+s set, so only users,
> who are members of specific Linux groups, have access to the files  
> in them.
> Recently, a laptop with XP professional has been connected, and the  
> user
> on it can access the correct directories, but when he edits or  
> creates a
> file, the group owner and file permissions are wrong:
>
> /home/projects/cp/CP 2007# ls -alt
> total 2932
> drwxrwsrw-  4 daniel  cp              4096 2007-11-24 12:35 .
> -r--------  1 haffers BUILTIN\users 197120 2007-11-24 12:34 CP 11  
> Nova.xls
> -rw-rw-rw-  1 haffers BUILTIN\users 199168 2007-11-23 19:47 CP 10  
> Octa.xls
> drwxrwsrwx  2 daniel  cp              4096 2007-11-23 19:34 FORMS 2007
> -rw-rw-rw-  1 haffers BUILTIN\users 299520 2007-11-23 19:20 2007  
> ANALYSIS.xls
> drwxrws--- 26 dnl     cp              4096 2007-11-23 15:37 ..
> -r--------  1 haffers BUILTIN\users 197120 2007-11-23 14:40 CP 10  
> Oct.xls
> -rwxrwx---  1 haffers cp            196608 2007-11-18 18:51 CP 11  
> Nov.xls
> -rwxrwx---  1 haffers cp            192512 2007-11-18 17:47 CP 09  
> Sep.xls
>
> The files he creates are therefore unusable until permissions are  
> changed.
> Various searches on the internet and reading of the Samba  
> documentation
> have failed give me any idea on why this is happening, or how to put  
> it
> right. How is Samba managing to not respecting the Linux g+s bit?  
> How do I make this system work correctly? Can you assist?
>
> Background information:
> The log-on of the user on the XP professional machine:
>
> # tail -14 andylap.old
> [2007/11/24 01:32:01, 1] smbd/service.c:close_cnum(1150)
> andylap (192.168.0.168) closed connection to service projects
> [2007/11/24 11:13:20, 2] smbd/sesssetup.c:setup_new_vc_session(799)
> setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
> all old resources.
> [2007/11/24 11:13:20, 2] smbd/sesssetup.c:setup_new_vc_session(799)
> setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
> all old resources.
> [2007/11/24 11:13:20, 2] lib/access.c:check_access(323)
> Allowed connection from (192.168.0.168)
> [2007/11/24 11:13:20, 2] smbd/reply.c:reply_tcon_and_X(711)
> Serving IPC$ as a Dfs root
> [2007/11/24 11:13:20, 2] auth/auth.c:check_ntlm_password(309)
> check_ntlm_password: authentication for user [haffers] -> [haffers]
> -> [haffers] succeeded
> [2007/11/24 11:13:20, 2] smbd/utmp.c:sys_utmp_update(419)
> utmp_update: uname:/var/run/utmp wname:/var/log/wtmp
>
> # head -24 andylap
> [2007/11/24 11:13:20, 2] lib/access.c:check_access(323)
> Allowed connection from (192.168.0.168)
> [2007/11/24 11:13:20, 1] smbd/service.c:make_connection_snum(950)
> andylap (192.168.0.168) connect to service projects initially as user
> haffers (uid=529, gid=502) (pid 17358)
> [2007/11/24 11:13:20, 2] smbd/reply.c:reply_tcon_and_X(711)
> Serving projects as a Dfs root
> [2007/11/24 11:13:20, 2] smbd/utmp.c:sys_utmp_update(419)
> utmp_update: uname:/var/run/utmp wname:/var/log/wtmp
> [2007/11/24 11:13:20, 1] smbd/service.c:close_cnum(1150)
> andylap (192.168.0.168) closed connection to service projects
> [2007/11/24 11:13:20, 2] auth/auth.c:check_ntlm_password(309)
> check_ntlm_password: authentication for user [haffers] -> [haffers]
> -> [haffers] succeeded
> [2007/11/24 11:13:20, 2] smbd/utmp.c:sys_utmp_update(419)
> utmp_update: uname:/var/run/utmp wname:/var/log/wtmp
> [2007/11/24 11:13:20, 2] lib/access.c:check_access(323)
> Allowed connection from (192.168.0.168)
> [2007/11/24 11:13:20, 1] smbd/service.c:make_connection_snum(950)
> andylap (192.168.0.168) connect to service projects initially as user
> haffers (uid=529, gid=502) (pid 17358)
> [2007/11/24 11:13:20, 2] smbd/reply.c:reply_tcon_and_X(711)
> Serving projects as a Dfs root
> [2007/11/24 11:14:36, 2] lib/access.c:check_access(323)
> Allowed connection from (192.168.0.168)
> [2007/11/24 11:14:36, 2] smbd/reply.c:reply_tcon_and_X(711)
> Serving IPC$ as a Dfs root
>
> The most recent problem file in that log:
> /var/log/samba# grep Nova andylap
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=Yes write=No  
> (numopen=3)
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=No write=No  
> (numopen=4)
>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=3)
>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=2)
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=Yes write=No  
> (numopen=3)
>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=2)
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=Yes write=No  
> (numopen=3)
>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=2)
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=Yes write=Yes  
> (numopen=3)
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=Yes write=No  
> (numopen=4)
>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=3)
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=Yes write=No  
> (numopen=4)
>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=3)
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=Yes write=No  
> (numopen=4)
>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=3)
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=Yes write=No  
> (numopen=4)
>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=3)
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=No write=No  
> (numopen=4)
>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=3)
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=No write=No  
> (numopen=4)
>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=3)
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=No write=No  
> (numopen=4)
>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=3)
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=Yes write=No  
> (numopen=4)
>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=3)
>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=2)
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=No write=No  
> (numopen=3)
>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=2)
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=Yes write=No  
> (numopen=3)
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=No write=No  
> (numopen=5)
>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=4)
>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=3)
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=No write=No  
> (numopen=4)
>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=3)
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=No write=No  
> (numopen=3)
>  set_canon_ace_list: sys_acl_set_file type file failed for file cp/ 
> CP 2007/CP 11 Nova.xls (Operation not supported).
>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=2)
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=Yes write=No  
> (numopen=3)
>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=2)
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=Yes write=No  
> (numopen=3)
>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=2)
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=Yes write=No  
> (numopen=3)
>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=2)
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=Yes write=No  
> (numopen=3)
>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=2)
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=Yes write=No  
> (numopen=3)
>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=2)
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=Yes write=No  
> (numopen=3)
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=No write=No  
> (numopen=4)
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=No write=No  
> (numopen=5)
>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=4)
>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=3)
>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=2)
>
> The log at the time of the faulty file:
> [2007/11/24 11:18:28, 2] smbd/close.c:close_normal_file(344)
>  haffers closed file cp/CP 2007/CP 11 Nov.xls (numopen=5)
> [2007/11/24 11:18:28, 2] smbd/close.c:close_normal_file(344)
>  haffers closed file cp/CP 2007/CP 11 Nov.xls (numopen=4)
> [2007/11/24 12:34:48, 2] lib/access.c:check_access(323)
>  Allowed connection from  (192.168.0.168)
> [2007/11/24 12:34:48, 2] smbd/reply.c:reply_tcon_and_X(711)
>  Serving IPC$ as a Dfs root
> [2007/11/24 12:35:17, 2] smbd/dosmode.c:unix_mode(96)
>  unix_mode(cp/CP 2007/410CE081.tmp) inheriting from cp/CP 2007
> [2007/11/24 12:35:17, 2] smbd/dosmode.c:unix_mode(104)
>  unix_mode(cp/CP 2007/410CE081.tmp) inherit mode 42776
> [2007/11/24 12:35:17, 2] smbd/open.c:open_file(352)
>  haffers opened file cp/CP 2007/410CE081.tmp read=No write=Yes  
> (numopen=4)
> [2007/11/24 12:35:17, 2] smbd/close.c:close_normal_file(344)
>  haffers closed file cp/CP 2007/410CE081.tmp (numopen=3)
> [2007/11/24 12:35:17, 2] smbd/close.c:close_normal_file(344)
>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=2)
> [2007/11/24 12:35:17, 2] smbd/dosmode.c:unix_mode(96)
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
> [2007/11/24 12:35:17, 2] smbd/dosmode.c:unix_mode(104)
>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
> [2007/11/24 12:35:17, 2] smbd/open.c:open_file(352)
>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=No write=No  
> (numopen=3)
> [2007/11/24 12:35:17, 2] smbd/close.c:close_normal_file(344)
>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=2)
>
>
>
> # testparm
> Load smb config files from /etc/samba/smb.conf
> Processing section "[print$]"
> Processing section "[printers]"
> Processing section "[homes]"
> Processing section "[netlogon]"
> Processing section "[profiles]"
> Processing section "[projects]"
> Processing section "[dnlweb]"
> Processing section "[Brother]"
> Loaded services file OK.
> Invalid combination of parameters for service  
> Brother.                    Level II oplocks can only be set if  
> oplocks are also set.
> Server role: ROLE_DOMAIN_PDC
> Press enter to see a dump of your service definitions
> [projects]
>        comment = projects directory
>        path = /home/projects
>        read only = No
>        inherit permissions = Yes
>        guest ok = Yes
>
> [Brother]
>        comment = HL1260 running HP LJ 4+ emulation 26M
>        path = /var/spool/samba
>        read only = No
>        guest ok = Yes
>        printable = Yes
>        printer name = Brother
>        oplocks = No
>        share modes = No
>
> There is something that Samba does not like about the oplocks here,  
> but SWAT does not have an oplocks option on the Brother printer  
> share, so I am confused on this, but expect it is not relevant to  
> the main problem.
>
> smb.conf file
> # Samba config file created using SWAT
> # from 192.168.0.187 (192.168.0.187)
> # Date: 2007/11/24 13:03:18
>
> [global]
>    unix charset = LOCALE
>    workgroup = STONES
>    server string = %h server (Samba %v)
>    interfaces = Eth0, lo
>    bind interfaces only = Yes
>    map to guest = Bad Password
>    passdb backend = tdbsam
>    guest account = stones
>    pam password change = Yes
>    passwd program = /usr/bin/passwd %u
>    passwd chat = *New*Password* %n\n *Re-enter*new*password*%n\n  
> *Password*changed*
>    username map = /etc/samba/smbusers
>    unix password sync = Yes
>    log level = 2 passdb:2 auth:2 winbind:4
>    log file = /var/log/samba/%m
>    max log size = 100
>    smb ports = 139
>    name resolve order = hosts wins bcast
>    time server = Yes
>    printcap name = CUPS
>    show add printer wizard = No
>    add user script = /usr/sbin/useradd -m '%u'
>    delete user script = /usr/sbin/userdel -r '%u'
>    add group script = /usr/sbin/groupadd '%g'
>    delete group script = /usr/sbin/groupdel '%g'
>    add user to group script = /usr/sbin/usermod -G '%g' '%u'
>    delete user from group script = /usr/sbin/groupmod -R %u %g
>    add machine script = /usr/sbin/useradd -s /bin/false -d /tmp '%u'
>    shutdown script = /var/lib/samba/scripts/shutdown.sh
>    abort shutdown script = /sbin/shutdown -c
>    logon script = logon.bat
>    logon path = \\%N\profiles\%U
>    logon drive = H:
>    domain logons = Yes
>    os level = 35
>    preferred master = Yes
>    domain master = Yes
>    wins support = Yes
>    ldap ssl = no
>    utmp = Yes
>    panic action = /usr/share/samba/panic-action %d
>    idmap uid = 15000-20000
>    idmap gid = 15000-20000
>    hosts allow = 192.168.0., 192.168.1., 127.
>    printing = cups
>    print command =
>    lpq command = %p
>    lprm command =
>    veto files = /*.eml/*.nws/*.{*}/
>
> [print$]
>    comment = Printer Drivers
>    path = /var/lib/samba/printers
>    admin users = root, Administrator
>    write list = root
>
> [printers]
>    comment = SMB Print Spool
>    path = /var/spool/samba
>    guest ok = Yes
>    printable = Yes
>    browseable = No
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list