[Samba] A windows user can create a file, but cannot delete
vas at mpeks.tomsk.su
Tue Feb 21 05:52:35 MST 2012
Michael P. Demelbauer wrote:
> > I have encountered a weird problem (FreeBSD 8.2, samba34-3.4.14).
> > A user can create files in a samba share but cannot delete files from
> > it (unless she is the owner of the file).
> > The user is a member of a group with rwx permissions on this directory
> > granted by a Posix ACL entry. The user can create and delete files in
> > the directory from the shell on the file server (which is correct
> > according to Unix logic), but only create from the Windows client.
> > smbd seems to be interfering somehow with unlink(). If I make the user
> > the owner of the file, or a member of the file's primary group, now
> > the user can delete the file. If a user is a member of some other
> > group which has rwx permissions on the directory, the user can only
> > create files but not delete them.
> > Certainly it's not a Unix permission issue. There is no "read only"
> > attribute on the files, no sticky bit on the directory, no weird
> > UFS file flags and attributes.
> > I have tried "acl check permissions" both yes and no with no effect.
> > TIA for any ideas. I have seen people with similar problems, like
> > http://lists.samba.org/archive/samba/2006-May/120521.html
> > but never a solution.
> Sorry, I'm not a Samba-expert, but as far as I know, the following parameter(s?) in smb.conf take care of this in our config
> (samba-3.0.9-1.3E.5 on an older linux machine):
> inherit permission = yes
> As far as we tested it, Linux-ACLs are working as expected with this.
> One more question: You put default permissions on your ACL-entries
> (setfacl ... -m -d ... here) to define what permissions the
> directory passes on?
Yes, there are default permissions (setfacl -d) on the directory but
this (and permissions inheritance) should be irrelevant for my
question. As I said, the directory in question has correct
$ getfacl .
# file: .
# owner: domogatskajaev
# group: ntd
Yet members of groups like "noc" or "oe" (other than "ntd") cannot
delete files from it unless they are owners of the file.
> Or are you talking of normal UNIX-Permissions not ACLs?
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:sudakov at sibptus.tomsk.ru
More information about the samba