[Samba] Samba 3 handles Linux permissions differently then Samba 2 ?
Danilo Godec
danilo.godec at agenda.si
Thu Jun 12 07:44:32 GMT 2008
Hi,
we have a problem with permissions migrating from a custom 2.4 kernel Linux
distro with Samba 2.2.5 to OpenSuSE 10.3 (with samba 3.0.26).
We used to have directories like this (relative to the Samba share):
/root/dir0/dir1/dir2/dir3/userdir1-1/userdir1-2
'root' and all it's parent directories have '0755' Linux permission.
dir0-dir3 all have '0711' permissions and belong to USER0 / GROUP0. USER0
doesn't exist in 'smbpasswd' - everybody should be able to 'CD' into this
directories, but shouldn't be able to list it's contents. These are several
combinations of such directories on each samba server and we'd like to 'hide'
them from users.
'userdir1-1' has '3750' permission, but it belongs to a group 'USERGROUP1'.
USER1 belongs to this group and should be able to see what's in this directory,
but nothing more.
'userdir1-2' has '3770' permissions and it also belongs to 'USERGROUP1'. USER1
should be able to create, change and delete files.
On Windows, we use 'NET USE Q: \\samba\share /USER:USER1 PASS' to map the share.
Then we use a special program that runs in a 'CMD' prompt (it's a DOS program)
and will access 'Q:\dir0\dir1\dir2\dir3\userdir1-1\userdir1-2' - it will try to
create a file, then wait for server side program to process this file and create
a new response file. It will scan the directory periodically to detect the new
file - then it will make a clean-up (remove all files that are related to this
process).
This works perfectly on Samba 2.2.5 and has been in use for several years.
On Samba 3.0.26 it fails, the log reports "scan dir didn't open dir 'dir0'" -
the next line is 'ACCESS DENIED'. If we change permissions of 'dir0-dir3' to
'0755', it works - but it is desired to keep the structure from users.
Another weird thing is that when we use 'CMD' and 'CD' into each of these
directories, it behaves as expected - for example:
If we do this:
> Q:
> CD \DIR0
> CD DIR1
> CD DIR2
> DIR
we get a 'Path not found' message - that's correct - users shouldn see what's in
there. They should know what belongs to them and go there directly.
We can do this:
> Q:
> CD \DIR0
> CD DIR1
> CD DIR2
> CD DIR3
> CD USERDIR1-1
> CD USERDIR1-2
> MKDIR TEST
> RMDIR TEST
This is basically what the DOS program does...
I don't understand why it would work for regular DOS commands, but not for our
little DOS program (which, btw. is using DOS calls for file operations - the
programmer told me he used '5B - create-new-file', but has also changed this to
'3C - create-file' for testing - with the same result).
Any ideas?
Thanks for listening, Danilo
More information about the samba
mailing list