[Samba] File permission problems after update from Samba 4 alpha 17 to Samba 4.0.5

X-Dimension x-dimension at gmx.net
Wed Oct 16 14:52:23 MDT 2013

Hi Jef!

I have set xattr and acl in /etc/fstab since Samba4 alpha 17.
When i set all permissions to 0777 and also directory mask = 0777 and 
create mask = 0777 for all shares
in /etc/smb.conf i get this behavior:

1. Login as administrator
- create a folder "test"
- create a file "text.txt" in the folder "test"

2. Login as user
- rename or delete the file "text.txt" works fine now! :)
- rename or delete the folder "test" still don't work :-(

getfacl shows:

getfacl Test/
# file: Test/
# owner: root
# group: users

On the Windows side the group "Domain Users" has full access to the 
folder "Test".

Any other ideas, to fix my ACL problem?

Am 15.10.2013 00:10, schrieb jef peeraer:
> i am also using samba 4.x.x with NTVFS, and experienced the same 
> problems. Solved it with setting all directory permissions to 0777, 
> and also
> directory mask = 0777
> create mask = 0777
> I know it looks terrible, but it works. NTVFS still has a lot of 
> mysteries for me and doesn't get a lot of attention in the newsgroup....
> I suppose you already enabled xattr and acl in the file system.
> Jef Peeraer
> Op 10/14/2013 02:57 PM, X-Dimension schreef:
>> We had used Samba alpha 17 (included in Resara Server 1.2) for a long
>> time and
>> has now migrate it to Samba 4.0.5 (Ubuntu + Zentyal 3.0 PPA) with NTVFS
>> enabled .
>> Most things seems to work: DNS with Bind9_DLZ, domain join, user login
>> and also GPO are still working fine :)
>> But we have trouble with file permissions now!
>> All domain users can't rename or delete their own files which they had
>> created with Samba 4 alpha 17 before.
>> It looks like they only had 'read only' access to their files.
>> For example when the user peter at mydomain wants to rename/delete a file
>> he had created before, then he
>> gets an error message like "only peter at mydomain can rename this file" or
>> "file is locked by peter at mydomain".
>> Our global section of /etc/samba/smb.conf looks like this:
>> -- 
>> [global]
>>      interfaces = eth0
>>      workgroup = MYDOMAIN
>>      realm = mydomain.lan
>>      netbios name = PDC
>>      server string = PDC
>>      server role = active directory domain controller
>>      passdb backend = samba4
>>      server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
>> winbind, ntp_signd, kcc, dnsupdate, smb
>>      dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr,
>> netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser,
>> eventlog6, backupkey, dnsserver, winreg, srvsvc
>> -- 
>> Because Samba 4 alpha 17 was using NTVFS, i thought it is the best idea
>> to stay on NTVFS even on Samba 4.0.5.
>> But it looks, like i was wrong.
>> Thanks for any ideas that helps us to fix our permission problem.

More information about the samba mailing list