[Samba] Can't get 'dos filemode' to work as expected
Felix Brack
fb at ltec.ch
Tue Apr 5 11:10:57 MDT 2011
On 24.03.2011 10:09, Felix Brack wrote:
> Hello,
>
> After an upgrade to samba 3.5.8 (from 3.2.5) the option 'dos filemode'
> does not seem to work anymore. If I (as a user) do not own the file I
> can't change permissions.
>
> I am user 'felix' and member of supplementary group 'Development'. To
> test things I use the following share definition:
>
> [Temp]
> path = /srv/samba/file-shares/tmp
> browseable = yes
> read only = no
> invalid users = root administrator
> delete readonly = yes
> inherit owner = yes
> force group = Development
> dos filemode = yes
>
> A 'getfacl' on /srv/samba/file-shares/tmp returns:
>
> # file: srv/samba/file-shares/tmp
> # owner: root
> # group: root
> # flags: -s-
> user::rwx
> group::r-x
> group:Development:rwx
> mask::rwx
> other::---
> default:user::rwx
> default:group::r-x
> default:group:Development:rwx
> default:mask::rwx
> default:other::---
>
> From the 'smb.conf' man page concerning option 'dos filemode':
>
> ...
> Enabling this parameter allows a user who has write access to the file
> (by whatever means, including an ACL permission) to modify the
> permissions (including ACL) on it.
> ...
>
> My understanding: as a member of group 'Development' I do have write
> access to '/srv/samba/file-shares/tmp' by means of the ACL.
>
> Trying to modify permissions on a directory or file I create in that
> share does not work and reports access denied, no matter if I use
> Windows Explorer or smbclient from an other linux box.
>
> What am I misunderstanding here?
>
> Many thanks, Felix
>
I finally manged to write some code for my Windows box that shows the error:
#include <stdio.h>
#include <tchar.h>
#include <windows.h>
// directory name --------------------------------------
// share name -------------------------------- |
// server name -------------------- | |
// | | |
// v v v
const wchar_t strFirName[]= L"\\\\JUPITER\\testshare\\test-dir";
int main(void)
{
BOOL bRet;
DWORD dwError;
// create the directory
bRet= CreateDirectory(strFirName, NULL);
if (bRet != TRUE) {
dwError= GetLastError();
return -1;
}
// now set the file attribute of the newly created directory
bRet= SetFileAttributes(strFirName, FILE_ATTRIBUTE_NORMAL);
if (bRet != TRUE) {
// dwError will be 6 (ERROR_INVALID_HANDLE) in case of failure
dwError= GetLastError();
return -1;
}
return 0;
}
That's it! Creating a directory and then manipulating the attributes.
The server path to the share is /srv/samba/file-shares/testshare.
The code above fails while setting the attribute if the user (felix)
connecting to the samba share is _not_ the owner (root) of
/srv/samba/file-shares/testshare.
'getfacl /srv/samba/file-shares/testshare' returns:
# file: srv/samba/file-shares/testshare
# owner: root
# group: root
# flags: -s-
user::rwx
group::rwx
group:Development:rwx
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:group:Development:rwx
default:mask::rwx
default:other::---
If I type 'chown felix:root /srv/samba/file-shares/testshare' on the
samba server and then execute the code above, everything is fine.
'getfacl /srv/samba/file-shares/testshare' returns:
# file: srv/samba/file-shares/testshare
# owner: felix
# group: root
# flags: -s-
user::rwx
group::rwx
group:Development:rwx
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:group:Development:rwx
default:mask::rwx
default:other::---
As already stated 'felix' is member of group 'Development'.
Can somebody confirm that the code above works in case the user
connecting to the share is _not_ owning the share?
Felix
More information about the samba
mailing list