[Samba] Home-Shares are not writeable
Sebastian Suchanek
samba at suchanek.de
Sat Jun 23 15:38:22 MDT 2012
Hello everyone!
After running Samba on several machines for some years, I just came
accross a rather strange problem. The short story is that the special
user home shares are readable, but not writeable.
Here's the long story: The system is a freshly set-up Debian Squeeze,
right out of the box. This is the Samba config:
-------------------------------- 8< --------------------------------
[global]
workgroup = HST
server string = %h server
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
log level = 4
panic action = /usr/share/samba/panic-action %d
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
[homes]
comment = Home Directories
browseable = no
read only = yes
create mask = 0700
directory mask = 0700
valid users = %S
-------------------------------- 8< --------------------------------
(Aside from the added log level line and the removed printer shares,
this is exactly the config file as delivered by Debian.)
I've added a linux user "testuser" including a home directory and set a
Samba password by using "smbpasswd -a testuser".
-------------------------------- 8< --------------------------------
tux:/home# ls -la
...
drwxr-xr-x 2 testuser testuser 4096 23. Jun 14:01 testuser
-------------------------------- 8< --------------------------------
And this is what happens when I try to connect to the share and do a
write operation, for instance creating a directoy:
-------------------------------- 8< --------------------------------
tux:/home# smbclient -U testuser \\\\localhost\\testuser
Enter testuser's password:
Domain=[HST] OS=[Unix] Server=[Samba 3.5.6]
smb: \> mkdir test
NT_STATUS_MEDIA_WRITE_PROTECTED making remote directory \test
smb: \>
-------------------------------- 8< --------------------------------
As you can see from the directory listing above, the directory of course
is not write protected. (BTW: chmod-ing testuser's home directory to 777
didn't change anything.)
Here's an excerpt from /var/log/samba/log.tux. I've removed several
lines that seemed irrelevant to me in order to keep this mail short. Of
course I can supply the skipped lines if needed.
-------------------------------- 8< --------------------------------
[2012/06/23 14:07:02.437822, 3] auth/auth.c:216(check_ntlm_password)
check_ntlm_password: Checking password for unmapped user
[HST]\[testuser]@[TUX] with the new password interface
[2012/06/23 14:07:02.437836, 3] auth/auth.c:219(check_ntlm_password)
check_ntlm_password: mapped user is: [TUX]\[testuser]@[TUX]
[2012/06/23 14:07:02.437849, 3] smbd/sec_ctx.c:210(push_sec_ctx)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2012/06/23 14:07:02.437858, 3] smbd/uid.c:429(push_conn_ctx)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2012/06/23 14:07:02.437865, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2012/06/23 14:07:02.437895, 4] lib/substitute.c:504(automount_server)
Home server: tux
[2012/06/23 14:07:02.437907, 4] lib/substitute.c:504(automount_server)
Home server: tux
...
[2012/06/23 14:07:02.438168, 4] lib/substitute.c:504(automount_server)
Home server: tux
[2012/06/23 14:07:02.438178, 4] lib/substitute.c:504(automount_server)
Home server: tux
...
[2012/06/23 14:07:02.438345, 4]
../libcli/auth/ntlm_check.c:399(ntlm_password_check)
ntlm_password_check: Checking NT MD4 password
[2012/06/23 14:07:02.438388, 4] auth/auth_sam.c:180(sam_account_ok)
sam_account_ok: Checking SMB password for user testuser
...
[2012/06/23 14:07:02.438505, 3] auth/auth.c:265(check_ntlm_password)
check_ntlm_password: sam authentication for user [testuser] succeeded
[2012/06/23 14:07:02.438513, 3] smbd/sec_ctx.c:210(push_sec_ctx)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2012/06/23 14:07:02.438520, 3] smbd/uid.c:429(push_conn_ctx)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2012/06/23 14:07:02.438527, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2012/06/23 14:07:02.438537, 4] auth/pampass.c:472(smb_pam_start)
smb_pam_start: PAM: Init user: testuser
[2012/06/23 14:07:02.439100, 4] auth/pampass.c:489(smb_pam_start)
smb_pam_start: PAM: setting rhost to: ::ffff:127.0.0.1
[2012/06/23 14:07:02.439113, 4] auth/pampass.c:498(smb_pam_start)
smb_pam_start: PAM: setting tty
[2012/06/23 14:07:02.439121, 4] auth/pampass.c:506(smb_pam_start)
smb_pam_start: PAM: Init passed for user: testuser
[2012/06/23 14:07:02.439128, 4] auth/pampass.c:564(smb_pam_account)
smb_pam_account: PAM: Account Management for User: testuser
[2012/06/23 14:07:02.439189, 4] auth/pampass.c:583(smb_pam_account)
smb_pam_account: PAM: Account OK for User: testuser
[2012/06/23 14:07:02.439242, 4] auth/pampass.c:450(smb_pam_end)
smb_pam_end: PAM: PAM_END OK.
[2012/06/23 14:07:02.439255, 3] smbd/sec_ctx.c:418(pop_sec_ctx)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2012/06/23 14:07:02.439262, 2] auth/auth.c:304(check_ntlm_password)
check_ntlm_password: authentication for user [testuser] ->
[testuser] -> [testuser] succeeded
...
[2012/06/23 14:07:02.439363, 3]
auth/token_util.c:436(create_local_nt_token)
Failed to fetch domain sid for HST
...
[2012/06/23 14:07:02.439464, 3]
auth/token_util.c:467(create_local_nt_token)
Failed to fetch domain sid for HST
...
[2012/06/23 14:07:02.439596, 3] lib/privileges.c:63(get_privileges)
get_privileges: No privileges assigned to SID
[S-1-5-21-759687158-2201287895-1803905152-1000]
[2012/06/23 14:07:02.439607, 3] lib/privileges.c:63(get_privileges)
get_privileges: No privileges assigned to SID [S-1-22-2-1001]
[2012/06/23 14:07:02.439619, 3] lib/privileges.c:63(get_privileges)
get_privileges: No privileges assigned to SID [S-1-5-2]
[2012/06/23 14:07:02.439629, 3] lib/privileges.c:63(get_privileges)
get_privileges: No privileges assigned to SID [S-1-5-11]
...
[2012/06/23 14:07:02.439802, 3]
libsmb/ntlmssp_sign.c:343(ntlmssp_sign_init)
NTLMSSP Sign/Seal - Initialising with flags:
[2012/06/23 14:07:02.439810, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
[2012/06/23 14:07:02.439842, 3] smbd/password.c:282(register_existing_vuid)
register_existing_vuid: User name: testuser Real name: Test-User
[2012/06/23 14:07:02.439851, 3] smbd/password.c:292(register_existing_vuid)
register_existing_vuid: UNIX uid 1001 is UNIX user testuser, and
will be vuid 100
[2012/06/23 14:07:02.439869, 4] auth/pampass.c:472(smb_pam_start)
smb_pam_start: PAM: Init user: testuser
[2012/06/23 14:07:02.440321, 4] auth/pampass.c:489(smb_pam_start)
smb_pam_start: PAM: setting rhost to: ::ffff:127.0.0.1
[2012/06/23 14:07:02.440332, 4] auth/pampass.c:498(smb_pam_start)
smb_pam_start: PAM: setting tty
[2012/06/23 14:07:02.440343, 4] auth/pampass.c:506(smb_pam_start)
smb_pam_start: PAM: Init passed for user: testuser
[2012/06/23 14:07:02.440350, 4]
auth/pampass.c:643(smb_internal_pam_session)
smb_internal_pam_session: PAM: tty set to: smb/1838/100
[2012/06/23 14:07:02.440432, 4] auth/pampass.c:450(smb_pam_end)
smb_pam_end: PAM: PAM_END OK.
[2012/06/23 14:07:02.440569, 3] smbd/password.c:223(register_homes_share)
Adding homes service for user 'testuser' using home directory:
'/home/testuser'
[2012/06/23 14:07:02.440604, 3] param/loadparm.c:6265(lp_add_home)
adding home's share [testuser] for user 'testuser' at '/home/testuser'
[2012/06/23 14:07:02.440729, 3] smbd/process.c:1485(process_smb)
Transaction 3 of length 86 (0 toread)
[2012/06/23 14:07:02.440751, 3] smbd/process.c:1294(switch_message)
switch message SMBtconX (pid 1838) conn 0x0
...
[2012/06/23 14:07:02.440879, 4] lib/substitute.c:504(automount_server)
Home server: tux
[2012/06/23 14:07:02.440889, 4] lib/substitute.c:504(automount_server)
Home server: tux
...
[2012/06/23 14:07:02.441062, 3] smbd/vfs.c:97(vfs_init_default)
Initialising default vfs hooks
[2012/06/23 14:07:02.441074, 3] smbd/vfs.c:122(vfs_init_custom)
Initialising custom vfs hooks from [/[Default VFS]/]
...
[2012/06/23 14:07:02.441182, 4] lib/substitute.c:504(automount_server)
Home server: tux
[2012/06/23 14:07:02.441193, 4] lib/substitute.c:504(automount_server)
Home server: tux
...
[2012/06/23 14:07:02.441353, 3] smbd/service.c:1070(make_connection_snum)
tux (::ffff:127.0.0.1) connect to service IPC$ initially as user
testuser (uid=1001, gid=1001) (pid 1838)
[2012/06/23 14:07:02.441364, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2012/06/23 14:07:02.441375, 3] smbd/reply.c:865(reply_tcon_and_X)
tconX service=IPC$
[2012/06/23 14:07:02.441478, 3] smbd/process.c:1485(process_smb)
Transaction 4 of length 114 (0 toread)
[2012/06/23 14:07:02.441499, 3] smbd/process.c:1294(switch_message)
switch message SMBtrans2 (pid 1838) conn 0x7f248e902500
[2012/06/23 14:07:02.441512, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (1001, 1001) - sec_ctx_stack_ndx = 0
[2012/06/23 14:07:02.441529, 4] smbd/vfs.c:721(vfs_ChDir)
vfs_ChDir to /tmp
[2012/06/23 14:07:02.441555, 3] smbd/msdfs.c:848(get_referred_path)
get_referred_path: |testuser| in dfs path \localhost\testuser is not
a dfs root.
[2012/06/23 14:07:02.441566, 3] smbd/error.c:80(error_packet_set)
error packet at smbd/trans2.c(8018) cmd=50 (SMBtrans2)
NT_STATUS_NOT_FOUND
[2012/06/23 14:07:02.441651, 3] smbd/process.c:1485(process_smb)
Transaction 5 of length 39 (0 toread)
[2012/06/23 14:07:02.441664, 3] smbd/process.c:1294(switch_message)
switch message SMBtdis (pid 1838) conn 0x7f248e902500
[2012/06/23 14:07:02.441674, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2012/06/23 14:07:02.441689, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2012/06/23 14:07:02.441703, 3] smbd/service.c:1251(close_cnum)
tux (::ffff:127.0.0.1) closed connection to service IPC$
[2012/06/23 14:07:02.441716, 3] smbd/connection.c:31(yield_connection)
Yielding connection to IPC$
[2012/06/23 14:07:02.441740, 4] smbd/vfs.c:721(vfs_ChDir)
vfs_ChDir to /
[2012/06/23 14:07:02.441749, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2012/06/23 14:07:02.441835, 3] smbd/process.c:1485(process_smb)
Transaction 6 of length 96 (0 toread)
[2012/06/23 14:07:02.441845, 3] smbd/process.c:1294(switch_message)
switch message SMBtconX (pid 1838) conn 0x0
[2012/06/23 14:07:02.441853, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2012/06/23 14:07:02.441864, 4] smbd/reply.c:786(reply_tcon_and_X)
Client requested device type [?????] for share [TESTUSER]
[2012/06/23 14:07:02.441876, 3] lib/util_sid.c:228(string_to_sid)
string_to_sid: Sid testuser does not start with 'S-'.
[2012/06/23 14:07:02.441889, 3] smbd/sec_ctx.c:210(push_sec_ctx)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2012/06/23 14:07:02.441897, 3] smbd/uid.c:429(push_conn_ctx)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2012/06/23 14:07:02.441903, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2012/06/23 14:07:02.441918, 4] lib/substitute.c:504(automount_server)
Home server: tux
[2012/06/23 14:07:02.441929, 4] lib/substitute.c:504(automount_server)
Home server: tux
...
[2012/06/23 14:07:02.442061, 4] lib/substitute.c:504(automount_server)
Home server: tux
[2012/06/23 14:07:02.442070, 4] lib/substitute.c:504(automount_server)
Home server: tux
...
[2012/06/23 14:07:02.442299, 4] lib/substitute.c:504(automount_server)
Home server: tux
[2012/06/23 14:07:02.442309, 4] lib/substitute.c:504(automount_server)
Home server: tux
...
[2012/06/23 14:07:02.442453, 3] smbd/service.c:807(make_connection_snum)
Connect path is '/home/testuser' for service [testuser]
[2012/06/23 14:07:02.442466, 3] smbd/vfs.c:97(vfs_init_default)
Initialising default vfs hooks
[2012/06/23 14:07:02.442474, 3] smbd/vfs.c:122(vfs_init_custom)
Initialising custom vfs hooks from [/[Default VFS]/]
[2012/06/23 14:07:02.442571, 3] lib/util_sid.c:228(string_to_sid)
string_to_sid: Sid testuser does not start with 'S-'.
[2012/06/23 14:07:02.442583, 3] smbd/sec_ctx.c:210(push_sec_ctx)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2012/06/23 14:07:02.442590, 3] smbd/uid.c:429(push_conn_ctx)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2012/06/23 14:07:02.442597, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2012/06/23 14:07:02.442611, 4] lib/substitute.c:504(automount_server)
Home server: tux
[2012/06/23 14:07:02.442623, 4] lib/substitute.c:504(automount_server)
Home server: tux
...
[2012/06/23 14:07:02.442755, 4] lib/substitute.c:504(automount_server)
Home server: tux
[2012/06/23 14:07:02.442764, 4] lib/substitute.c:504(automount_server)
Home server: tux
...
[2012/06/23 14:07:02.442992, 4] lib/substitute.c:504(automount_server)
Home server: tux
[2012/06/23 14:07:02.443002, 4] lib/substitute.c:504(automount_server)
Home server: tux
...
[2012/06/23 14:07:02.443161, 1] smbd/service.c:1070(make_connection_snum)
tux (::ffff:127.0.0.1) connect to service testuser initially as user
testuser (uid=1001, gid=1001) (pid 1838)
[2012/06/23 14:07:02.443172, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2012/06/23 14:07:02.443184, 3] smbd/reply.c:865(reply_tcon_and_X)
tconX service=TESTUSER
[2012/06/23 14:07:02.443521, 3] smbd/process.c:1485(process_smb)
Transaction 7 of length 57 (0 toread)
[2012/06/23 14:07:02.443532, 3] smbd/process.c:1294(switch_message)
switch message SMBecho (pid 1838) conn 0x7f248e902500
[2012/06/23 14:07:02.443539, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2012/06/23 14:07:02.443555, 3] smbd/reply.c:4978(reply_echo)
echo 1 times
[2012/06/23 14:07:05.484171, 3] smbd/process.c:1485(process_smb)
Transaction 8 of length 52 (0 toread)
[2012/06/23 14:07:05.484194, 3] smbd/process.c:1294(switch_message)
switch message SMBmkdir (pid 1838) conn 0x7f248e902500
[2012/06/23 14:07:05.484206, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (1001, 1001) - sec_ctx_stack_ndx = 0
[2012/06/23 14:07:05.484222, 3] smbd/error.c:80(error_packet_set)
error packet at smbd/process.c(1354) cmd=0 (SMBmkdir)
NT_STATUS_MEDIA_WRITE_PROTECTED
[2012/06/23 14:07:07.068152, 3] smbd/process.c:1485(process_smb)
Transaction 9 of length 57 (0 toread)
[2012/06/23 14:07:07.068173, 3] smbd/process.c:1294(switch_message)
switch message SMBecho (pid 1838) conn 0x7f248e902500
[2012/06/23 14:07:07.068185, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2012/06/23 14:07:07.068215, 3] smbd/reply.c:4978(reply_echo)
echo 1 times
[2012/06/23 14:07:07.644148, 3] smbd/process.c:1485(process_smb)
Transaction 10 of length 39 (0 toread)
[2012/06/23 14:07:07.644170, 3] smbd/process.c:1294(switch_message)
switch message SMBtdis (pid 1838) conn 0x7f248e902500
[2012/06/23 14:07:07.644181, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2012/06/23 14:07:07.644195, 4] smbd/vfs.c:721(vfs_ChDir)
vfs_ChDir to /home/testuser
[2012/06/23 14:07:07.644209, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2012/06/23 14:07:07.644219, 1] smbd/service.c:1251(close_cnum)
tux (::ffff:127.0.0.1) closed connection to service testuser
[2012/06/23 14:07:07.644228, 3] smbd/connection.c:31(yield_connection)
Yielding connection to testuser
[2012/06/23 14:07:07.644245, 4] smbd/vfs.c:721(vfs_ChDir)
vfs_ChDir to /
[2012/06/23 14:07:07.644253, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2012/06/23 14:07:07.659571, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2012/06/23 14:07:07.659600, 4] auth/pampass.c:472(smb_pam_start)
smb_pam_start: PAM: Init user: testuser
[2012/06/23 14:07:07.660099, 4] auth/pampass.c:489(smb_pam_start)
smb_pam_start: PAM: setting rhost to: ::ffff:127.0.0.1
[2012/06/23 14:07:07.660112, 4] auth/pampass.c:498(smb_pam_start)
smb_pam_start: PAM: setting tty
[2012/06/23 14:07:07.660119, 4] auth/pampass.c:506(smb_pam_start)
smb_pam_start: PAM: Init passed for user: testuser
[2012/06/23 14:07:07.660125, 4]
auth/pampass.c:643(smb_internal_pam_session)
smb_internal_pam_session: PAM: tty set to: smb/1838/100
[2012/06/23 14:07:07.660200, 4] auth/pampass.c:450(smb_pam_end)
smb_pam_end: PAM: PAM_END OK.
[2012/06/23 14:07:07.660221, 3] smbd/connection.c:31(yield_connection)
Yielding connection to
[2012/06/23 14:07:07.660268, 3] smbd/server.c:906(exit_server_common)
Server exit (failed to receive smb request)
-------------------------------- 8< --------------------------------
Unfortunately, I'm not particularly good at reading Samba logs...
So does anyone know what exactly is going on here and how to fix it?
Best regards,
Sebastian
More information about the samba
mailing list