[Samba] Samba UNIX permissions problems

Jared Henley jared.henley at pelena.com.au
Wed Jun 6 21:13:58 MDT 2012

I've set up a Samba share to allow Windows machines to connect to a 
Linux server. Samba is set up as so:

# testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[Pelena]"
Processing section "[TimeMachine]"
Loaded services file OK.
Press enter to see a dump of your service definitions

workgroup = PELENA
server string = Pelena Server
map to guest = Bad User
guest account = pelena
log file = /var/log/samba/%m.log
max log size = 50
load printers = No
dns proxy = No
idmap config * : backend = tdb
hosts allow = 192.168.0., 127.

comment = Pelena's Data
path = /home/pelena
read only = No
force create mode = 0664
force directory mode = 0775
guest only = Yes
guest ok = Yes

comment = Pelena's Data backed up
path = /mnt/time-machine-user
guest only = Yes
guest ok = Yes

Access is only as guest as I had some issues with logging in, and 
there's no reason not to share to any machine in the local network at 
this time.

I have a problem where Samba clients can create files, but cannot delete 
files (or rename or move them), if the owner of a directory in the path 
is not "pelena" (ie the Samba guest user). Some examples to demonstrate:

As root:
# mkdir test
# chown jared:pelena test
# ls -l
total 24
drwxrwsr-x 2 jared pelena 4096 Jun 7 13:05 test

Via Samba (the share is mounted locally as cifs as I don't have an 
accessible windows machine to test from):

$ pwd
$ touch abc
$ ls -l
total 0
-rw-rw-r-- 1 pelena pelena 0 Jun 7 13:02 abc
$ rm abc
rm: cannot remove ‘abc’: Permission denied

As root:
# chown pelena:pelena test

Via Samba:
$ rm abc
$ ls -l
total 0

Now you might expect that this is a Unix permissions issue to do with 
group membership. But if I do the same actions as a local user:

# chown jared:pelena test
# cd test
# su pelena
$ touch abc
$ ls -l
total 0
-rw-rw-r-- 1 pelena pelena 0 Jun 7 13:10 abc
$ rm abc
$ ls -l
total 0

Now it works as expected.

For some reason, the group write bit on the directory 'test' is being 
ignored when using Samba, which makes me think that Samba is doing its 
own effective permissions calculation and coming up with the wrong result.

Is there something I'm doing wrong here?

Jared Henley

More information about the samba mailing list