[Samba] Problem deleting/renaming files

Jim lists at yggdrasill.net
Fri Nov 27 04:27:24 MST 2009

Hi - We have been using a samba configuration file similar to that 
listed below for some years without issue. However when carrying it over 
to a new server running Samba 3.4.0 (-3ubuntu5.1), we started 
experiencing problems deleting files via Windows Explorer; attempts to 
do so are resulting in 'Access is denied'. Similarly, attempting to 
change the name of a file or directory is resulting in the same 'Access 
is denied' message. There are otherwise no problems reading, creating, 
or modifying files or directories.

I found that removing the 'force user' parameter appears to resolve the 
issue. The only obvious difference that I saw while examining level 10 
logs is that without 'force user' some of the file opens were shown as 
performed by 'DOMAIN+user0', whereas with 'force user' they are shown as 
being done by 'user0' (connections to the share are logged in through 
the domain user0 account). I also found that changing the unix 
permissions of the share directory from 755 to 775, while leaving 'force 
user' as is, resolved the issue. However neither of these workarounds is 
desirable for our current setup.

If anyone has any ideas on how I might solve or further diagnose this 
problem, I would appreciate your input.

# getfacl data
# file: data
# owner: user0
# group: domain\040users

   workgroup = DOMAIN
   server string = svr2 (Samba %v)

   hosts allow = 10.

   interfaces = eth0 lo
   bind interfaces only = yes

   log level = 10
   log file = /var/log/samba/%m.log
   max log size = 5000
   syslog = 0

   security = ads
   passdb backend = tdbsam
   realm = DOMAIN.COM

   preferred master = no

   encrypt passwords = yes

   template shell = /bin/bash
   template homedir = /home/%U

   winbind enum users = Yes
   winbind enum groups = Yes
   winbind use default domain = Yes
   winbind nested groups = Yes
   winbind separator = +

   allow trusted domains = No
   idmap backend = rid:DOMAIN=1000-20000
   idmap uid = 1000-21000
   idmap gid = 1000-21000

   comment = data (p)
   path = /mnt/data
   case sensitive = no
   follow symlinks = yes
   wide links = no
   read only = yes
   force user = DOMAIN+user0
   write list = DOMAIN+user0 DOMAIN+user1 DOMAIN+user2

More information about the samba mailing list