[Samba] Users can create, but not delete files.
Nathan Sinton
nathansinton at gmail.com
Tue Nov 11 17:12:57 GMT 2008
I have an ubuntu 8.10 server that is authenticating against active
directory (Win2k3) and acting as a fileserver. I used likewise open
to setup the AD authentication. If a user creates a file in a
directory that he doesn't own, he can modify the contents of the file,
but not delete or rename it. The group permissions should allow the
user to do this. If the user owns the directory, (including a
user-created directory inside the problem directory.) they can
delete/rename files. Windows throws an error about the disk being
full or write protected or the file is is use etc... I can log on
locally as a user and am able to manipulate files as expected.
I've come across a few other people having a similar issue during my
search and no one seems to have an answer. Help?
Kernel: 2.6.27-7-server
Samba: 3.2.3
Smb.conf:
############
[global]
workgroup = WORKGROUP
realm = WORKGROUP
preferred master = no
server string = Linux Test Machine
security = ADS
encrypt passwords = yes
log level = 3
log file = /var/log/samba/%m
max log size = 50
socket options = TCP_NODELAY
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nested groups = Yes
idmap backend = lwopen
idmap uid = 2000-20000
idmap gid = 2000-20000
directory security mask =0775
security mask = 0775
create mask = 0775
directory mask = 0775
map acl inherit = yes
client use spnego = yes
[test]
comment = testing stuff
path= /shared/test
valid users = "@WORKGROUP\Domain Users"
writable=yes
browseable=yes
create mask = 775
#############
The samba log when trying to delete a file:
#############
[2008/11/11 08:27:40, 3] smbd/process.c:process_smb(1549)
Transaction 153 of length 53 (0 toread)
[2008/11/11 08:27:40, 3] smbd/process.c:switch_message(1361)
switch message SMBecho (pid 23286) conn 0x0
[2008/11/11 08:27:40, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/11/11 08:27:40, 3] smbd/reply.c:reply_echo(4580)
echo 1 times
[2008/11/11 08:27:40, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/11/11 08:27:51, 3] smbd/process.c:process_smb(1549)
Transaction 154 of length 80 (0 toread)
[2008/11/11 08:27:51, 3] smbd/process.c:switch_message(1361)
switch message SMBtrans2 (pid 23286) conn 0xb9195f38
[2008/11/11 08:27:51, 3] smbd/sec_ctx.c:set_sec_ctx(324)
setting sec ctx (846727731, 846725633) - sec_ctx_stack_ndx = 0
[2008/11/11 08:27:51, 3] smbd/trans2.c:call_trans2qfilepathinfo(3932)
call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004
[2008/11/11 08:27:51, 3] smbd/trans2.c:call_trans2qfilepathinfo(4006)
call_trans2qfilepathinfo . (fnum = -1) level=1004 call=5 total_data=0
[2008/11/11 08:27:51, 3] smbd/process.c:process_smb(1549)
Transaction 155 of length 130 (0 toread)
[2008/11/11 08:27:51, 3] smbd/process.c:switch_message(1361)
switch message SMBtrans2 (pid 23286) conn 0xb9195f38
[2008/11/11 08:27:51, 3] smbd/trans2.c:call_trans2findfirst(1918)
call_trans2findfirst: dirtype = 16, maxentries = 1366,
close_after_first=1, close_if_end = 1 requires_resume_key = 1 level =
0x104, max_data_bytes = 16384
[2008/11/11 08:27:51, 3] smbd/dir.c:dptr_create(520)
creating new dirptr 256 for path ./, expect_close = 1
[2008/11/11 08:27:51, 3] locking/locking.c:fetch_share_mode_unlocked(857)
fill_share_mode_lock failed
[2008/11/11 08:27:51, 3] smbd/process.c:process_smb(1549)
Transaction 156 of length 130 (0 toread)
[2008/11/11 08:27:51, 3] smbd/process.c:switch_message(1361)
switch message SMBtrans2 (pid 23286) conn 0xb9195f38
[2008/11/11 08:27:51, 3] smbd/trans2.c:call_trans2findfirst(1918)
call_trans2findfirst: dirtype = 16, maxentries = 1366,
close_after_first=1, close_if_end = 1 requires_resume_key = 1 level =
0x104, max_data_bytes = 16384
[2008/11/11 08:27:51, 3] smbd/dir.c:dptr_create(520)
creating new dirptr 256 for path ./, expect_close = 1
[2008/11/11 08:27:51, 3] locking/locking.c:fetch_share_mode_unlocked(857)
fill_share_mode_lock failed
[2008/11/11 08:27:52, 3] smbd/process.c:process_smb(1549)
Transaction 157 of length 134 (0 toread)
[2008/11/11 08:27:52, 3] smbd/process.c:switch_message(1361)
switch message SMBntcreateX (pid 23286) conn 0xb9195f38
[2008/11/11 08:27:52, 3] lib/util_seaccess.c:se_access_check(249)
[2008/11/11 08:27:52, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-3647005163-2223630916-80292403-2611
se_access_check: also S-1-5-21-3647005163-2223630916-80292403-513
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: also S-1-5-21-3647005163-2223630916-80292403-1175
se_access_check: also S-1-5-21-3647005163-2223630916-80292403-1171
se_access_check: also S-1-5-21-3647005163-2223630916-80292403-1625
se_access_check: also S-1-5-21-3647005163-2223630916-80292403-512
se_access_check: also S-1-5-21-3647005163-2223630916-80292403-1176
se_access_check: also S-1-5-21-3647005163-2223630916-80292403-1141
se_access_check: also S-1-5-21-3647005163-2223630916-80292403-1122
se_access_check: also S-1-5-21-3647005163-2223630916-80292403-1117
se_access_check: also S-1-5-21-3647005163-2223630916-80292403-1121
se_access_check: also S-1-5-21-3647005163-2223630916-80292403-2166
se_access_check: also S-1-5-21-3647005163-2223630916-80292403-1838
[2008/11/11 08:27:52, 3] smbd/error.c:error_packet_set(61)
error packet at smbd/nttrans.c(528) cmd=162 (SMBntcreateX)
NT_STATUS_ACCESS_DENIED
[2008/11/11 08:27:52, 3] smbd/process.c:process_smb(1549)
Transaction 158 of length 134 (0 toread)
[2008/11/11 08:27:52, 3] smbd/process.c:switch_message(1361)
switch message SMBntcreateX (pid 23286) conn 0xb9195f38
[2008/11/11 08:27:52, 3] lib/util_seaccess.c:se_access_check(249)
[2008/11/11 08:27:52, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-3647005163-2223630916-80292403-2611
se_access_check: also S-1-5-21-3647005163-2223630916-80292403-513
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: also S-1-5-21-3647005163-2223630916-80292403-1175
se_access_check: also S-1-5-21-3647005163-2223630916-80292403-1171
se_access_check: also S-1-5-21-3647005163-2223630916-80292403-1625
se_access_check: also S-1-5-21-3647005163-2223630916-80292403-512
se_access_check: also S-1-5-21-3647005163-2223630916-80292403-1176
se_access_check: also S-1-5-21-3647005163-2223630916-80292403-1141
se_access_check: also S-1-5-21-3647005163-2223630916-80292403-1122
se_access_check: also S-1-5-21-3647005163-2223630916-80292403-1117
se_access_check: also S-1-5-21-3647005163-2223630916-80292403-1121
se_access_check: also S-1-5-21-3647005163-2223630916-80292403-2166
se_access_check: also S-1-5-21-3647005163-2223630916-80292403-1838
[2008/11/11 08:27:52, 3] smbd/error.c:error_packet_set(61)
error packet at smbd/nttrans.c(528) cmd=162 (SMBntcreateX)
NT_STATUS_ACCESS_DENIED
[2008/11/11 08:27:52, 3] smbd/process.c:process_smb(1549)
Transaction 159 of length 124 (0 toread)
[2008/11/11 08:27:52, 3] smbd/process.c:switch_message(1361)
switch message SMBtrans2 (pid 23286) conn 0xb9195f38
[2008/11/11 08:27:52, 3] smbd/trans2.c:call_trans2qfilepathinfo(3932)
call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004
[2008/11/11 08:27:52, 3] locking/locking.c:fetch_share_mode_unlocked(857)
fill_share_mode_lock failed
[2008/11/11 08:27:52, 3] smbd/trans2.c:call_trans2qfilepathinfo(4006)
call_trans2qfilepathinfo New Text Document.txt (fnum = -1)
level=1004 call=5 total_data=0
[2008/11/11 08:27:52, 3] smbd/process.c:process_smb(1549)
Transaction 160 of length 124 (0 toread)
[2008/11/11 08:27:52, 3] smbd/process.c:switch_message(1361)
switch message SMBtrans2 (pid 23286) conn 0xb9195f38
[2008/11/11 08:27:52, 3] smbd/trans2.c:call_trans2qfilepathinfo(3932)
call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1005
[2008/11/11 08:27:52, 3] locking/locking.c:fetch_share_mode_unlocked(857)
fill_share_mode_lock failed
[2008/11/11 08:27:52, 3] smbd/trans2.c:call_trans2qfilepathinfo(4006)
call_trans2qfilepathinfo New Text Document.txt (fnum = -1)
level=1005 call=5 total_data=0
[2008/11/11 08:27:52, 3] smbd/process.c:process_smb(1549)
Transaction 161 of length 124 (0 toread)
[2008/11/11 08:27:52, 3] smbd/process.c:switch_message(1361)
switch message SMBtrans2 (pid 23286) conn 0xb9195f38
[2008/11/11 08:27:52, 3] smbd/trans2.c:call_trans2qfilepathinfo(3932)
call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004
[2008/11/11 08:27:52, 3] locking/locking.c:fetch_share_mode_unlocked(857)
fill_share_mode_lock failed
[2008/11/11 08:27:52, 3] smbd/trans2.c:call_trans2qfilepathinfo(4006)
call_trans2qfilepathinfo New Text Document.txt (fnum = -1)
level=1004 call=5 total_data=0
#####################
#####################
Directory permissions:
(/shared/test)
drwxrwxr-x 2 root workgroup\domain^users 4096 2008-11-10 16:24 test
(/shared/test/*)
-rw-rw-r-- 1 workgroup\ga workgroup\domain^users 0 2008-11-10
09:44 New Bitmap Image (2).bmp
-rwxrw-r-- 1 workgroup\ga workgroup\domain^users 0 2008-11-10
10:05 New Bitmap Image (3).bmp
-rwxrw-r-- 1 workgroup\ga workgroup\domain^users 0 2008-11-10
16:24 New CltMgr Document.C00
-rwxrw-r-- 1 workgroup\ga workgroup\domain^users 8 2008-11-10
11:15 New Rich Text Document.rtf
-rwxrw-r-- 1 workgroup\ga workgroup\domain^users 0 2008-11-10
10:03 New Text Document (2).txt
-rwxrw-r-- 1 workgroup\ga workgroup\domain^users 0 2008-11-07
16:11 New Text Document.txt
-rwxrw-r-- 1 workgroup\rvigil workgroup\domain^users 58 2008-11-10
13:04 New Wave Sound.wav
-rwxrw-r-- 1 workgroup\ga workgroup\domain^users 0 2008-11-10
09:46 New Wordpad Document.doc
-rwxrw-r-- 1 workgroup\ga workgroup\domain^users 16384 2008-10-08
12:55 Programs & Paths to them.xls
####################
User Group membership:
workgroup\ga at fserver:~$ groups
workgroup\domain^users workgroup\domain^admins etc...
More information about the samba
mailing list