[Samba] Help! permission denied when accessing folder

Gaiseric Vandal gaiseric.vandal at gmail.com
Mon Jul 11 15:20:58 MDT 2011

I would guess this is ZFS?

I think the problem occurs when samba+zfs interprets unix "no rights 
granted to the world (other)" as "deny everyone" in windows.

For example, if you have a with unix perms of 770 -  this means on the 
unix level that the user and group have full permissions, no rights are 
assigned to "other", and therefore if you are the user (owner) or group 
you have rights,  otherwise you don't.  The permissions are additive and 
omitting any permissions for "other" is not explicitly an access entry.

In Samba, this gets interpreted as "everyone is denied"-  and even 
though windows permissions are generally additive, denies trump 
allows.    The owner of the file can usually go into the advanced 
windows permissions and clear the deny entries.

Root can also reset permissions as follows:

     chmod -R A- thedirectory
     chmod -R A=owner@:rwxpdDaARWcCos:allow ?thedirectory
     chmod -R A+group@:rwxpdDaARWcCos:allow ?thedirectory
     chmod -R A+someothergroup@:rwxpdDaARWcCos:allow ?thedirectory

If you have autofs involved you may want to fix the top level of an 
autofs directory to allow root to still access it (require for mounting)

     chmod A+user:nobody:aRc:allow  thedirectory

ZFS is really great BUT Samba played nicer with UFS.    Somewhat 
ironically, I believe Samba with ZFS tries to more precisely map unix to 
windows permissions than it did with UFS to Samba.  With UFS, some of 
problem permissions were just ignored in samba.

On 07/11/2011 12:15 PM, Daulton_Theodore wrote:
> Hi all,
> Running samba 3.5.5 in a Solaris non-global zone. I have created a folder (StudentJobApplications) on a share  which I want to make accessible only to members of a Unix group (studempl). I have added myself to the group but when I or other group members try to access the folder via Windows Explorer I get the following:
> I:\StudentJobApplications is not accessible
> Access is denied
> Here are some of the particulars:
> The folder:
> # ls -ld /departments/common/StudentJobApplications
> drwxrwx---   2 root     studemp        2 Jul 11 08:34 /departments/common/StudentJobApplications
> The group (etc/group):
> studempl::2018:mylogin,otheruserlogin.....
> The share definition in smb.conf:
> # --------------------------------------
> # shared directory for ALL staff
> # --------------------------------------
> [libshare]
>     comment     = Library staff shared directory
>     path        = /<path>
>     browseable  = yes
>     writeable   = yes
>     create mask = 0777
>     force create mode = 0777
>     directory mask = 0777
>     valid users = +group1 +group2 +group3 +group4 +group 5 +group6 +group7 +group8............+group17 +studempl
>     invalid users = +circdesk
> Note: I am a member of one of the groups defined in valid users above.
> I have not restarted the samba server but I don't think that would be necessary.
> Actually I would like to set the permissions on the folder to be -rwxrws--- but just being able to access it would be a start. I would appreciate ang comments or suggestions.
> Thank you.
> ~~~~~~~~~~~~~~~~~~~~~~~~
> Daulton Theodore
> Carleton University
> Library, Systems Department
> Vmail: (613) 520-2600, ext. 8352

More information about the samba mailing list