[Samba] Can't get 'dos filemode' to work as expected

Felix Brack fb at ltec.ch
Mon Apr 4 01:31:18 MDT 2011 

On 03.04.2011 17:24, TAKAHASHI Motonobu wrote:
 > From: Felix<fb at ltec.ch>
 > Date: Wed, 30 Mar 2011 17:05:53 +0000 (UTC)
 >
 >> On Fri, 25 Mar 2011 22:43:38 +0900, TAKAHASHI Motonobu wrote:
 >>
 >>> From: Felix Brack<fb at ltec.ch>
 >>> Date: Thu, 24 Mar 2011 10:09:53 +0100
 >>>
 >>>> After an upgrade to samba 3.5.8 (from 3.2.5) the option 'dos filemode'
 >>>> does not seem to work anymore. If I (as a user) do not own the file I
 >>>> can't change permissions.
 > (snip)
 >> I just double checked but the problem remains: I can do things if the
 >> share is owned by myself ('felix') but not if it is owned by 'root' 
if me
 >> having access by being a member of supplementary group 'Development'.
 >>
 >> Using debug level 3 on the samba server I found this:
 > (snip)
 >
 > Please show the minimum set to reproduce for example smb.conf
 > including [global] section.
 >
My minimum set is not really small but all settings related to the role 
of the server and to LDAP are irrelevant when it comes to the problem I 
am investigating (at least I think they are irrelevant!?). Anyway, here 
is my entire global:

[global]
         ### Naming, domain and browesing ###
         workgroup = LTEC
         netbios name = Jupiter
         server string = TEST Samba %v server
         domain master = yes
         preferred master = yes
         os level = 65
         domain logons = yes
         logon path = \\%L\Profiles\%U\%m\%a
         logon drive = H:

         ### Interfaces to listen on ###
         interfaces = eth0 127.0.0.0/8
         bind interfaces only = true

         ### Logging configuration ###
         log file = /var/log/samba/log.%m
         max log size = 1000
         syslog = 0
         log level = 3

         ### Authentication ###
         passdb backend = ldapsam:ldap://localhost
         ldap admin dn = "uid=srv-user,dc=ltec,dc=ch"
         ldap delete dn = yes
         ldap suffix = dc=ltec,dc=ch
         ldap user suffix = ou=users
         ldap group suffix = ou=groups
         ldap machine suffix = ou=computers
         ldap idmap suffix = ou=idmap
         ldap ssl = off
         ldap passwd sync = yes
         obey pam restrictions = yes

         ### Users, groups and machines administration ###
         add user script = /usr/sbin/smbldap-useradd -m "%u"
         add group script = /usr/sbin/smbldap-groupadd -p "%g"
         add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
         add machine script = /usr/sbin/smbldap-useradd -w -i "%u"
         delete user from group script = //usr/sbin/smbldap-groupmod -x 
"%u" "%g"
         delete user script = /usr/sbin/smbldap-userdel "%u"
         delete group script =  /usr/sbin/smbldap-groupdel "%g"
         set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
         passwd program = /usr/sbin/smbldap-passwd -u %u

         ### Misc global options ###
         wins support = yes
         time server = yes
         remote announce = 172.27.22.1
         remote browse sync = 172.27.22.1
         dns proxy = no
         unix charset = 850

         ### Printing ###
         load printers = no
         disable spoolss = yes
         printcap name = /dev/null

         ### Disable user shares
         usershare max shares = 0

         ### Include the file-share definitions ###
         include = /etc/samba/smbfs.conf

         ### !!! TESTING !!!
         include = /etc/samba/smbfs-test.conf

The include file 'smbfs.conf' holds the share definitions in use. To 
keep it simple for testing I created a new include file defining just 
the one share on which I run all tests; this include file is called 
'smbfs-test.conf' and contains the following:

[testshare]
         comment = Only use this shre for samba testing !
         path = /srv/samba/file-shares/testshare
         browseable = yes
         read only = no
         invalid users = root administrator
         delete readonly = yes
         inherit owner = yes
         force group = Development
         dos filemode = yes

 > As I showed in my previous mail, in order to reproduce, I set the
 > empty [global] section.
 >
I agree that it is best to have an empty [global] to track down such a 
problem but as I am using LDAP that is not really possible. This is why 
I posted my entire [global]. Do you see anything there that might 
explain my problem?
By the why, 'id felix' returns the following:

uid=1000(felix) gid=513(Domain Users) 
groups=1004(Management),1005(Development),1007(EETS),513(Domain Users)

which is exactly what I like it to be.

 > And what is your platform? / The shared file path is located locally?
 >
The server is a a 64Bit Debian GNU/Linux 6.0 (Sqeeze) with kernel 
2.6.32. The entire server is a KVM guest. The KVM host is a multicore 
XEON system providing a soft RAID-5 disk system for the guests.

Felix

More information about the samba mailing list