[Samba] Can't access dirs with subgroups of a samba share
Matt Ingram
mingram at cbnco.com
Wed Jan 9 18:52:38 GMT 2008
Hi all!
Here's the problem we have since patching Monday night. Tuesday morning
Samba wasn't running, but started fine, and everything seemed to be working.
Were currently running samba3.0.24-2.23 and I believe before the patch
we were running samba3.0.22-13.30.
We have some samba shares where we have subgroups that only a select
group of people of the parent group are allowed to access. For example:
The parent folder will be accessible to groupa with 770 permissions.
In the folder we will have a subfolder accessible to groupb only, also
with 770. (members of groupb belong to groupa)
The smb.conf for the giving share looks like this
[share]
path = /usr/local/share/groups/share
valid users = @groupa
admin users = @smbadmin
force group = groupa
create mask = 0770
directory mask = 0770
And these settings always worked fine. Groupb users would be able to
access their subfolder with no problems. Since the night the patch was
installed, this no longer happens. In windows the user is getting the
error message "M:\subfolder is not accessible. Access is Denied".
I've been double and triple checking all the permission and group
memberships (all handled locally on the server), etc and everything
looks fine. I've also been looking in the samba logs and not seeing
relating to the error.
I would appreciate any help/advice!
Matt.
Here's what the smb.conf GLOBAL looks like:
[global]
workgroup = WORKGROUP
netbios name = SERVER
server string = SERVER
encrypt passwords = Yes
map to guest = Bad User
passwd program = /usr/bin/passwd
name resolve order = wins lmhosts host bcast
log level = 2
log file = /var/log/log.smbd
time server = Yes
deadtime = 10
load printers = Yes
os level = 34
preferred master = Yes
domain master = No
local master = Yes
wins support = No
wins server = 192.168.100.100
remote browse sync = 192.168.100.100
kernel oplocks = No
read only = No
browseable = Yes
printing = lprng
use client driver = Yes
create mask = 0660
directory mask = 0770
unix extensions = no
follow symlinks = yes
smb ports = 139
--
Matt Ingram
Intermediate Unix Administrator, IS
Canadian Bank Note Company, Limited
\m/
More information about the samba
mailing list