[Samba] 3.0.9->3.0.37 Deleting files not working
IngeKo at gmx.net
IngeKo at gmx.net
Wed Aug 8 06:01:35 MDT 2012
Hello,
we were using Samba 3.0.9 on Solaris 10 x86 and Sparc in a productive environment and upgraded to 3.0.37 to fix a security vulnerability.
Now we experience problems in some circumstances when we try to delete a file from a share mounted by a Windows Client.
The share is named ZENTRAL. This is the share entry:
[ZENTRAL]
comment=Ablage ZENTRAL
path=/daten/ablagen/ZENTRAL
case sensitive=no
create mask=0770
valid users=@ZENTRAL
write list=@ZENTRAL
force group=ZENTRAL
These are the unix rights:
drwxrwx--- 2 root other 512 Aug 8 11:15 .
drwxrwx--x 35 root ZENTRAL 2048 Aug 8 10:26 .. (This is the share root directory: /daten/ablagen/ZENTRAL)
-rwxrwxrwx 1 user1 ZENTRAL 0 Aug 8 11:15 neu.txt
user1 belongs to the groups other and ZENTRAL and is able to delete this file Using a unix shell and navigate to the directory but he is not able to delete it using the samba share. He gets a permission denied.
This behaviour is new. With 3.0.9 it is possible to delete this file. When i chgrp the directory "." to ZENTRAL everything works as expected with 3.0.37 too. The problem only exists, when the "." directory does not have the same group as the share.
If needed, here is our global section. Some of these entries could be plain wrong respectively not needed, but we are not able to change them easily because of company guidelines.
[global]
os level=65
password level=1
security=user
encrypt passwords=yes
smb passwd file=/usr/local/samba/private/smbpasswd
workgroup=ourgroup
guest account=nobody
max log size=30
share modes=yes
locking=yes
strict locking=yes
lock directory=/var/adm/samba/locks
; max log size = 5000
log level=1
log file=/var/adm/samba/smb.log
pid directory=/var/run
server string=%h
force directory mode=0770
browseable=no
follow symlinks=no
preserve case=no
short preserve case=no
case sensitive=no
oplocks=no
level2 oplocks=no
wins support=yes
The question is: Is this a bug or feature? If feature, then what is the intention behind this feature, as the user has delete rights for this file using unix and so should have this rights using samba too i think.
Is there a conf parameter that we can set to get back the old behaviour?
With kind regards,
Björn
More information about the samba
mailing list