[Samba] Help! permission denied when accessing folder
Gaiseric Vandal
gaiseric.vandal at gmail.com
Mon Jul 11 15:20:58 MDT 2011
I would guess this is ZFS?
I think the problem occurs when samba+zfs interprets unix "no rights
granted to the world (other)" as "deny everyone" in windows.
For example, if you have a with unix perms of 770 - this means on the
unix level that the user and group have full permissions, no rights are
assigned to "other", and therefore if you are the user (owner) or group
you have rights, otherwise you don't. The permissions are additive and
omitting any permissions for "other" is not explicitly an access entry.
In Samba, this gets interpreted as "everyone is denied"- and even
though windows permissions are generally additive, denies trump
allows. The owner of the file can usually go into the advanced
windows permissions and clear the deny entries.
Root can also reset permissions as follows:
chmod -R A- thedirectory
chmod -R A=owner@:rwxpdDaARWcCos:allow ?thedirectory
chmod -R A+group@:rwxpdDaARWcCos:allow ?thedirectory
chmod -R A+someothergroup@:rwxpdDaARWcCos:allow ?thedirectory
If you have autofs involved you may want to fix the top level of an
autofs directory to allow root to still access it (require for mounting)
chmod A+user:nobody:aRc:allow thedirectory
ZFS is really great BUT Samba played nicer with UFS. Somewhat
ironically, I believe Samba with ZFS tries to more precisely map unix to
windows permissions than it did with UFS to Samba. With UFS, some of
problem permissions were just ignored in samba.
On 07/11/2011 12:15 PM, Daulton_Theodore wrote:
> Hi all,
>
> Running samba 3.5.5 in a Solaris non-global zone. I have created a folder (StudentJobApplications) on a share which I want to make accessible only to members of a Unix group (studempl). I have added myself to the group but when I or other group members try to access the folder via Windows Explorer I get the following:
>
> I:\StudentJobApplications is not accessible
> Access is denied
>
> Here are some of the particulars:
>
> The folder:
> # ls -ld /departments/common/StudentJobApplications
> drwxrwx--- 2 root studemp 2 Jul 11 08:34 /departments/common/StudentJobApplications
>
> The group (etc/group):
> studempl::2018:mylogin,otheruserlogin.....
>
> The share definition in smb.conf:
>
> # --------------------------------------
> # shared directory for ALL staff
> # --------------------------------------
> [libshare]
> comment = Library staff shared directory
> path = /<path>
> browseable = yes
> writeable = yes
> create mask = 0777
> force create mode = 0777
> directory mask = 0777
> valid users = +group1 +group2 +group3 +group4 +group 5 +group6 +group7 +group8............+group17 +studempl
> invalid users = +circdesk
>
> Note: I am a member of one of the groups defined in valid users above.
>
> I have not restarted the samba server but I don't think that would be necessary.
>
> Actually I would like to set the permissions on the folder to be -rwxrws--- but just being able to access it would be a start. I would appreciate ang comments or suggestions.
>
> Thank you.
>
> ~~~~~~~~~~~~~~~~~~~~~~~~
> Daulton Theodore
> Carleton University
> Library, Systems Department
> Vmail: (613) 520-2600, ext. 8352
>
More information about the samba
mailing list