[Samba] File permission problems after update from Samba 4 alpha 17 to Samba 4.0.5

jef peeraer jef.peeraer at telenet.be
Thu Oct 17 06:04:44 MDT 2013


i tested it on my installation and that worked out of the box. I must 
say i specified Administrator instead of Domain Users in the AD.

jef

Op 10/16/2013 10:52 PM, X-Dimension schreef:
> Hi Jef!
>
> I have set xattr and acl in /etc/fstab since Samba4 alpha 17.
> When i set all permissions to 0777 and also directory mask = 0777 and
> create mask = 0777 for all shares
> in /etc/smb.conf i get this behavior:
>
> 1. Login as administrator
> - create a folder "test"
> - create a file "text.txt" in the folder "test"
>
> 2. Login as user
> - rename or delete the file "text.txt" works fine now! :)
> - rename or delete the folder "test" still don't work :-(
>
> getfacl shows:
>
> getfacl Test/
> # file: Test/
> # owner: root
> # group: users
> user::rwx
> group::rwx
> other::rwx
>
> On the Windows side the group "Domain Users" has full access to the
> folder "Test".
>
> Any other ideas, to fix my ACL problem?
>
> Am 15.10.2013 00:10, schrieb jef peeraer:
>> i am also using samba 4.x.x with NTVFS, and experienced the same
>> problems. Solved it with setting all directory permissions to 0777,
>> and also
>>
>> directory mask = 0777
>> create mask = 0777
>>
>> I know it looks terrible, but it works. NTVFS still has a lot of
>> mysteries for me and doesn't get a lot of attention in the newsgroup....
>> I suppose you already enabled xattr and acl in the file system.
>>
>> Jef Peeraer
>>
>> Op 10/14/2013 02:57 PM, X-Dimension schreef:
>>> We had used Samba alpha 17 (included in Resara Server 1.2) for a long
>>> time and
>>> has now migrate it to Samba 4.0.5 (Ubuntu + Zentyal 3.0 PPA) with NTVFS
>>> enabled .
>>>
>>> Most things seems to work: DNS with Bind9_DLZ, domain join, user login
>>> and also GPO are still working fine :)
>>> But we have trouble with file permissions now!
>>> All domain users can't rename or delete their own files which they had
>>> created with Samba 4 alpha 17 before.
>>> It looks like they only had 'read only' access to their files.
>>> For example when the user peter at mydomain wants to rename/delete a file
>>> he had created before, then he
>>> gets an error message like "only peter at mydomain can rename this file" or
>>> "file is locked by peter at mydomain".
>>>
>>> Our global section of /etc/samba/smb.conf looks like this:
>>> --
>>> [global]
>>>      interfaces = eth0
>>>      workgroup = MYDOMAIN
>>>      realm = mydomain.lan
>>>      netbios name = PDC
>>>      server string = PDC
>>>      server role = active directory domain controller
>>>      passdb backend = samba4
>>>      server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
>>> winbind, ntp_signd, kcc, dnsupdate, smb
>>>      dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr,
>>> netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser,
>>> eventlog6, backupkey, dnsserver, winreg, srvsvc
>>> --
>>> Because Samba 4 alpha 17 was using NTVFS, i thought it is the best idea
>>> to stay on NTVFS even on Samba 4.0.5.
>>> But it looks, like i was wrong.
>>>
>>> Thanks for any ideas that helps us to fix our permission problem.
>>>


More information about the samba mailing list