[Samba] File permission problems after update from Samba 4 alpha 17 to Samba 4.0.5

X-Dimension x-dimension at gmx.net
Sun Oct 20 11:48:11 MDT 2013

For what reason did you stay at NTVFS? Did you also tried to switch to S3FS?

I did some short tests today and created a new share named "Testing".
I created some folders and some subfolders as administrator on it.
The strange thing is, that a domain user can now rename the parent 
folder, but not it's sub folders
or the files in these folders.
After this i switched to S3FS, and get the same results when trying to 
rename the folders or files,
that i created with NTVFS before.
But if i create new folders with S3FS as administrator, everything works 
fine and users can rename
or remove all folders, sub folders and files now.

Thats why i think it could be a better solution for me to switch to 
S3FS, backup all existing Files, create
a new folder structure and copy all files back, that they get the S3FS 
ACL attibutes.
But i don't know if i run into other problems when switching to S3FS and 
going back again to NTVFS
is not so easy.

Am 17.10.2013 14:04, schrieb jef peeraer:
> i tested it on my installation and that worked out of the box. I must 
> say i specified Administrator instead of Domain Users in the AD.
> jef
> Op 10/16/2013 10:52 PM, X-Dimension schreef:
>> Hi Jef!
>> I have set xattr and acl in /etc/fstab since Samba4 alpha 17.
>> When i set all permissions to 0777 and also directory mask = 0777 and
>> create mask = 0777 for all shares
>> in /etc/smb.conf i get this behavior:
>> 1. Login as administrator
>> - create a folder "test"
>> - create a file "text.txt" in the folder "test"
>> 2. Login as user
>> - rename or delete the file "text.txt" works fine now! :)
>> - rename or delete the folder "test" still don't work :-(
>> getfacl shows:
>> getfacl Test/
>> # file: Test/
>> # owner: root
>> # group: users
>> user::rwx
>> group::rwx
>> other::rwx
>> On the Windows side the group "Domain Users" has full access to the
>> folder "Test".
>> Any other ideas, to fix my ACL problem?
>> Am 15.10.2013 00:10, schrieb jef peeraer:
>>> i am also using samba 4.x.x with NTVFS, and experienced the same
>>> problems. Solved it with setting all directory permissions to 0777,
>>> and also
>>> directory mask = 0777
>>> create mask = 0777
>>> I know it looks terrible, but it works. NTVFS still has a lot of
>>> mysteries for me and doesn't get a lot of attention in the 
>>> newsgroup....
>>> I suppose you already enabled xattr and acl in the file system.
>>> Jef Peeraer
>>> Op 10/14/2013 02:57 PM, X-Dimension schreef:
>>>> We had used Samba alpha 17 (included in Resara Server 1.2) for a long
>>>> time and
>>>> has now migrate it to Samba 4.0.5 (Ubuntu + Zentyal 3.0 PPA) with 
>>>> NTVFS
>>>> enabled .
>>>> Most things seems to work: DNS with Bind9_DLZ, domain join, user login
>>>> and also GPO are still working fine :)
>>>> But we have trouble with file permissions now!
>>>> All domain users can't rename or delete their own files which they had
>>>> created with Samba 4 alpha 17 before.
>>>> It looks like they only had 'read only' access to their files.
>>>> For example when the user peter at mydomain wants to rename/delete a file
>>>> he had created before, then he
>>>> gets an error message like "only peter at mydomain can rename this 
>>>> file" or
>>>> "file is locked by peter at mydomain".
>>>> Our global section of /etc/samba/smb.conf looks like this:
>>>> -- 
>>>> [global]
>>>>      interfaces = eth0
>>>>      workgroup = MYDOMAIN
>>>>      realm = mydomain.lan
>>>>      netbios name = PDC
>>>>      server string = PDC
>>>>      server role = active directory domain controller
>>>>      passdb backend = samba4
>>>>      server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
>>>> winbind, ntp_signd, kcc, dnsupdate, smb
>>>>      dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr,
>>>> netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser,
>>>> eventlog6, backupkey, dnsserver, winreg, srvsvc
>>>> -- 
>>>> Because Samba 4 alpha 17 was using NTVFS, i thought it is the best 
>>>> idea
>>>> to stay on NTVFS even on Samba 4.0.5.
>>>> But it looks, like i was wrong.
>>>> Thanks for any ideas that helps us to fix our permission problem.

More information about the samba mailing list