[Samba] Strange file permissions

DNL dnl at livstones.freeserve.co.uk
Mon Nov 26 22:59:35 GMT 2007 


Mark Adams wrote:
> Is sgid on the top level dir?
Set for subdirectory cp, but not for projects as different directories at that level require no access control
/projects/cp# ls -al
total 164
drwxrws--- 26 dnl     cp         4096 2007-11-23 15:37 .
drwxr-xr-x 17 root    root       4096 2007-11-16 22:35 ..
drwxrws---  2 daniel  cp         4096 2007-06-18 11:52 4 Spencer Close
drwxrws---  2 daniel  cp         4096 2007-09-01 19:20 Addresses

> 
> Also have you tried force group samba option?
My understanding is that this would force the same group for all the PROJECT share, but I only want it for a subdirectory. Am I forced into 
making projects/cp a separate share and using this samba option?
> 
> Mark.
Thanks for your response.
Dave.
> 
> 
> On 24 Nov 2007, at 13:13, DNL <dnl at livstones.freeserve.co.uk> wrote:
> 
>> Hi
>> I have a samba server with tdbsam passwords, and a share, PROJECTS,
>> which is accessed by various XP home clients, the usenames and passwords
>> being manually synced to the samba ones (less than 10 users, and only 4
>> workstations). There is one win2K machine, which is a domain member. 
>> Subdirectories on PROJECTS have g+s set, so only users,
>> who are members of specific Linux groups, have access to the files in 
>> them.
>> Recently, a laptop with XP professional has been connected, and the user
>> on it can access the correct directories, but when he edits or creates a
>> file, the group owner and file permissions are wrong:
>>
>> /home/projects/cp/CP 2007# ls -alt
>> total 2932
>> drwxrwsrw-  4 daniel  cp              4096 2007-11-24 12:35 .
>> -r--------  1 haffers BUILTIN\users 197120 2007-11-24 12:34 CP 11 
>> Nova.xls
>> -rw-rw-rw-  1 haffers BUILTIN\users 199168 2007-11-23 19:47 CP 10 
>> Octa.xls
>> drwxrwsrwx  2 daniel  cp              4096 2007-11-23 19:34 FORMS 2007
>> -rw-rw-rw-  1 haffers BUILTIN\users 299520 2007-11-23 19:20 2007 
>> ANALYSIS.xls
>> drwxrws--- 26 dnl     cp              4096 2007-11-23 15:37 ..
>> -r--------  1 haffers BUILTIN\users 197120 2007-11-23 14:40 CP 10 Oct.xls
>> -rwxrwx---  1 haffers cp            196608 2007-11-18 18:51 CP 11 Nov.xls
>> -rwxrwx---  1 haffers cp            192512 2007-11-18 17:47 CP 09 Sep.xls
>>
>> The files he creates are therefore unusable until permissions are 
>> changed.
>> Various searches on the internet and reading of the Samba documentation
>> have failed give me any idea on why this is happening, or how to put it
>> right. How is Samba managing to not respecting the Linux g+s bit? How 
>> do I make this system work correctly? Can you assist?
>>
>> Background information:
>> The log-on of the user on the XP professional machine:
>>
>> # tail -14 andylap.old
>> [2007/11/24 01:32:01, 1] smbd/service.c:close_cnum(1150)
>> andylap (192.168.0.168) closed connection to service projects
>> [2007/11/24 11:13:20, 2] smbd/sesssetup.c:setup_new_vc_session(799)
>> setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
>> all old resources.
>> [2007/11/24 11:13:20, 2] smbd/sesssetup.c:setup_new_vc_session(799)
>> setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
>> all old resources.
>> [2007/11/24 11:13:20, 2] lib/access.c:check_access(323)
>> Allowed connection from (192.168.0.168)
>> [2007/11/24 11:13:20, 2] smbd/reply.c:reply_tcon_and_X(711)
>> Serving IPC$ as a Dfs root
>> [2007/11/24 11:13:20, 2] auth/auth.c:check_ntlm_password(309)
>> check_ntlm_password: authentication for user [haffers] -> [haffers]
>> -> [haffers] succeeded
>> [2007/11/24 11:13:20, 2] smbd/utmp.c:sys_utmp_update(419)
>> utmp_update: uname:/var/run/utmp wname:/var/log/wtmp
>>
>> # head -24 andylap
>> [2007/11/24 11:13:20, 2] lib/access.c:check_access(323)
>> Allowed connection from (192.168.0.168)
>> [2007/11/24 11:13:20, 1] smbd/service.c:make_connection_snum(950)
>> andylap (192.168.0.168) connect to service projects initially as user
>> haffers (uid=529, gid=502) (pid 17358)
>> [2007/11/24 11:13:20, 2] smbd/reply.c:reply_tcon_and_X(711)
>> Serving projects as a Dfs root
>> [2007/11/24 11:13:20, 2] smbd/utmp.c:sys_utmp_update(419)
>> utmp_update: uname:/var/run/utmp wname:/var/log/wtmp
>> [2007/11/24 11:13:20, 1] smbd/service.c:close_cnum(1150)
>> andylap (192.168.0.168) closed connection to service projects
>> [2007/11/24 11:13:20, 2] auth/auth.c:check_ntlm_password(309)
>> check_ntlm_password: authentication for user [haffers] -> [haffers]
>> -> [haffers] succeeded
>> [2007/11/24 11:13:20, 2] smbd/utmp.c:sys_utmp_update(419)
>> utmp_update: uname:/var/run/utmp wname:/var/log/wtmp
>> [2007/11/24 11:13:20, 2] lib/access.c:check_access(323)
>> Allowed connection from (192.168.0.168)
>> [2007/11/24 11:13:20, 1] smbd/service.c:make_connection_snum(950)
>> andylap (192.168.0.168) connect to service projects initially as user
>> haffers (uid=529, gid=502) (pid 17358)
>> [2007/11/24 11:13:20, 2] smbd/reply.c:reply_tcon_and_X(711)
>> Serving projects as a Dfs root
>> [2007/11/24 11:14:36, 2] lib/access.c:check_access(323)
>> Allowed connection from (192.168.0.168)
>> [2007/11/24 11:14:36, 2] smbd/reply.c:reply_tcon_and_X(711)
>> Serving IPC$ as a Dfs root
>>
>> The most recent problem file in that log:
>> /var/log/samba# grep Nova andylap
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=Yes write=No 
>> (numopen=3)
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=No write=No 
>> (numopen=4)
>>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=3)
>>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=2)
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=Yes write=No 
>> (numopen=3)
>>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=2)
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=Yes write=No 
>> (numopen=3)
>>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=2)
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=Yes write=Yes 
>> (numopen=3)
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=Yes write=No 
>> (numopen=4)
>>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=3)
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=Yes write=No 
>> (numopen=4)
>>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=3)
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=Yes write=No 
>> (numopen=4)
>>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=3)
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=Yes write=No 
>> (numopen=4)
>>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=3)
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=No write=No 
>> (numopen=4)
>>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=3)
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=No write=No 
>> (numopen=4)
>>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=3)
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=No write=No 
>> (numopen=4)
>>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=3)
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=Yes write=No 
>> (numopen=4)
>>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=3)
>>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=2)
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=No write=No 
>> (numopen=3)
>>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=2)
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=Yes write=No 
>> (numopen=3)
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=No write=No 
>> (numopen=5)
>>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=4)
>>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=3)
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=No write=No 
>> (numopen=4)
>>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=3)
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=No write=No 
>> (numopen=3)
>>  set_canon_ace_list: sys_acl_set_file type file failed for file cp/CP 
>> 2007/CP 11 Nova.xls (Operation not supported).
>>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=2)
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=Yes write=No 
>> (numopen=3)
>>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=2)
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=Yes write=No 
>> (numopen=3)
>>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=2)
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=Yes write=No 
>> (numopen=3)
>>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=2)
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=Yes write=No 
>> (numopen=3)
>>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=2)
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=Yes write=No 
>> (numopen=3)
>>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=2)
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=Yes write=No 
>> (numopen=3)
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=No write=No 
>> (numopen=4)
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=No write=No 
>> (numopen=5)
>>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=4)
>>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=3)
>>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=2)
>>
>> The log at the time of the faulty file:
>> [2007/11/24 11:18:28, 2] smbd/close.c:close_normal_file(344)
>>  haffers closed file cp/CP 2007/CP 11 Nov.xls (numopen=5)
>> [2007/11/24 11:18:28, 2] smbd/close.c:close_normal_file(344)
>>  haffers closed file cp/CP 2007/CP 11 Nov.xls (numopen=4)
>> [2007/11/24 12:34:48, 2] lib/access.c:check_access(323)
>>  Allowed connection from  (192.168.0.168)
>> [2007/11/24 12:34:48, 2] smbd/reply.c:reply_tcon_and_X(711)
>>  Serving IPC$ as a Dfs root
>> [2007/11/24 12:35:17, 2] smbd/dosmode.c:unix_mode(96)
>>  unix_mode(cp/CP 2007/410CE081.tmp) inheriting from cp/CP 2007
>> [2007/11/24 12:35:17, 2] smbd/dosmode.c:unix_mode(104)
>>  unix_mode(cp/CP 2007/410CE081.tmp) inherit mode 42776
>> [2007/11/24 12:35:17, 2] smbd/open.c:open_file(352)
>>  haffers opened file cp/CP 2007/410CE081.tmp read=No write=Yes 
>> (numopen=4)
>> [2007/11/24 12:35:17, 2] smbd/close.c:close_normal_file(344)
>>  haffers closed file cp/CP 2007/410CE081.tmp (numopen=3)
>> [2007/11/24 12:35:17, 2] smbd/close.c:close_normal_file(344)
>>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=2)
>> [2007/11/24 12:35:17, 2] smbd/dosmode.c:unix_mode(96)
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
>> [2007/11/24 12:35:17, 2] smbd/dosmode.c:unix_mode(104)
>>  unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
>> [2007/11/24 12:35:17, 2] smbd/open.c:open_file(352)
>>  haffers opened file cp/CP 2007/CP 11 Nova.xls read=No write=No 
>> (numopen=3)
>> [2007/11/24 12:35:17, 2] smbd/close.c:close_normal_file(344)
>>  haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=2)
>>
>>
>>
>> # testparm
>> Load smb config files from /etc/samba/smb.conf
>> Processing section "[print$]"
>> Processing section "[printers]"
>> Processing section "[homes]"
>> Processing section "[netlogon]"
>> Processing section "[profiles]"
>> Processing section "[projects]"
>> Processing section "[dnlweb]"
>> Processing section "[Brother]"
>> Loaded services file OK.
>> Invalid combination of parameters for service 
>> Brother.                    Level II oplocks can only be set if 
>> oplocks are also set.
>> Server role: ROLE_DOMAIN_PDC
>> Press enter to see a dump of your service definitions
>> [projects]
>>        comment = projects directory
>>        path = /home/projects
>>        read only = No
>>        inherit permissions = Yes
>>        guest ok = Yes
>>
>> [Brother]
>>        comment = HL1260 running HP LJ 4+ emulation 26M
>>        path = /var/spool/samba
>>        read only = No
>>        guest ok = Yes
>>        printable = Yes
>>        printer name = Brother
>>        oplocks = No
>>        share modes = No
>>
>> There is something that Samba does not like about the oplocks here, 
>> but SWAT does not have an oplocks option on the Brother printer share, 
>> so I am confused on this, but expect it is not relevant to the main 
>> problem.
>>
>> smb.conf file
>> # Samba config file created using SWAT
>> # from 192.168.0.187 (192.168.0.187)
>> # Date: 2007/11/24 13:03:18
>>
>> [global]
>>    unix charset = LOCALE
>>    workgroup = STONES
>>    server string = %h server (Samba %v)
>>    interfaces = Eth0, lo
>>    bind interfaces only = Yes
>>    map to guest = Bad Password
>>    passdb backend = tdbsam
>>    guest account = stones
>>    pam password change = Yes
>>    passwd program = /usr/bin/passwd %u
>>    passwd chat = *New*Password* %n\n *Re-enter*new*password*%n\n 
>> *Password*changed*
>>    username map = /etc/samba/smbusers
>>    unix password sync = Yes
>>    log level = 2 passdb:2 auth:2 winbind:4
>>    log file = /var/log/samba/%m
>>    max log size = 100
>>    smb ports = 139
>>    name resolve order = hosts wins bcast
>>    time server = Yes
>>    printcap name = CUPS
>>    show add printer wizard = No
>>    add user script = /usr/sbin/useradd -m '%u'
>>    delete user script = /usr/sbin/userdel -r '%u'
>>    add group script = /usr/sbin/groupadd '%g'
>>    delete group script = /usr/sbin/groupdel '%g'
>>    add user to group script = /usr/sbin/usermod -G '%g' '%u'
>>    delete user from group script = /usr/sbin/groupmod -R %u %g
>>    add machine script = /usr/sbin/useradd -s /bin/false -d /tmp '%u'
>>    shutdown script = /var/lib/samba/scripts/shutdown.sh
>>    abort shutdown script = /sbin/shutdown -c
>>    logon script = logon.bat
>>    logon path = \\%N\profiles\%U
>>    logon drive = H:
>>    domain logons = Yes
>>    os level = 35
>>    preferred master = Yes
>>    domain master = Yes
>>    wins support = Yes
>>    ldap ssl = no
>>    utmp = Yes
>>    panic action = /usr/share/samba/panic-action %d
>>    idmap uid = 15000-20000
>>    idmap gid = 15000-20000
>>    hosts allow = 192.168.0., 192.168.1., 127.
>>    printing = cups
>>    print command =
>>    lpq command = %p
>>    lprm command =
>>    veto files = /*.eml/*.nws/*.{*}/
>>
>> [print$]
>>    comment = Printer Drivers
>>    path = /var/lib/samba/printers
>>    admin users = root, Administrator
>>    write list = root
>>
>> [printers]
>>    comment = SMB Print Spool
>>    path = /var/spool/samba
>>    guest ok = Yes
>>    printable = Yes
>>    browseable = No
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/listinfo/samba
>

More information about the samba mailing list