[Samba] A windows user can create a file, but cannot delete

Michael P. Demelbauer michael.demelbauer at wsr.ac.at
Tue Feb 21 04:11:59 MST 2012

On Tue, Feb 21, 2012 at 12:43:14PM +0700, Victor Sudakov wrote:
> Colleagues,
> I have encountered a weird problem (FreeBSD 8.2, samba34-3.4.14). 
> A user can create files in a samba share but cannot delete files from
> it (unless she is the owner of the file).
> The user is a member of a group with rwx permissions on this directory
> granted by a Posix ACL entry. The user can create and delete files in
> the directory from the shell on the file server (which is correct
> according to Unix logic), but only create from the Windows client.
> smbd seems to be interfering somehow with unlink(). If I make the user
> the owner of the file, or a member of the file's primary group, now
> the user can delete the file. If a user is a member of some other
> group which has rwx permissions on the directory, the user can only
> create files but not delete them.
> Certainly it's not a Unix permission issue. There is no "read only"
> attribute on the files, no sticky bit on the directory, no weird
> UFS file flags and attributes.
> I have tried "acl check permissions" both yes and no with no effect.
> TIA for any ideas. I have seen people with similar problems, like
> http://lists.samba.org/archive/samba/2006-May/120521.html
> but never a solution.
> -- 
> Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
> sip:sudakov at sibptus.tomsk.ru
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

Sorry, I'm not a Samba-expert, but as far as I know, the following parameter(s?) in smb.conf take care of this in our config
(samba-3.0.9-1.3E.5 on an older linux machine):
inherit permission = yes

As far as we tested it, Linux-ACLs are working as expected with this.

One more question: You put default permissions on your ACL-entries (setfacl ... -m -d ... here) to define what permissions the directory passes on?
Or are you talking of normal UNIX-Permissions not ACLs?

Michael P. Demelbauer
Arsenal, Objekt 20
1030 Wien
/earth is 98% full ... please delete anyone you can.

More information about the samba mailing list