[Samba] Strange behaviour with "force user" parameter

Bruno MACADRÉ bruno.macadre at univ-rouen.fr
Tue Aug 12 06:58:36 MDT 2014 

Hi,

I'm in trouble with a share, I found that the problem comes from the 
"force user" parameter in my smb.conf.

This is my smb.conf :
[global]
    netbios name = filserv
    workgroup = SAMDOM
    security = ADS
    realm = SAMDOM.FR
    encrypt passwords = yes

    log level = 8
    log file = /var/log/samba/log.%m

    idmap config *:backend = tdb
    idmap config *:range = 70000-80000
    idmap config DPTINFO:backend = ad
    idmap config DPTINFO:schema = rfc2307
    idmap config DPTINFO:range = 10000-60000

    winbind nss info = rfc2307
    winbind trusted domains only = no
    winbind use default domain = yes
    winbind enum users  = yes
    winbind enum groups = yes

    # Tunning
    strict locking = No
    strict sync = No
    sync always = No
    socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE 
SO_RCVBUF=8192 SO_SNDBUF=8192
    lanman auth = No
    lm announce = No

    kernel oplocks = yes
    read raw = yes
    write raw = yes

    max xmit = 65535
    dead time = 15
    getwd cache = yes

    invalid users = root

    case sensitive = yes

[Admins]
         comment = Admins Share
         path = /Shares/Admins
         force user = administrator
         force group = "domain admins"
         read only = no
         valid users = +"domain admins"
         create mask = 0640
         directory mask = 0750
         oplocks = Yes


On my workstation, logged with root user, I do : "mount -t cifs -o 
user=administrator //filserv/Admins foo" the mount works.

I do an 'ls -l foo' :
total 4
drwxr-x--- 5 10500 50512    0 août  12 14:32 .
drwx------ 5 root  root  4096 août   4 09:18 ..
drwxr-x--- 4 10500 50512    0 août  12 14:33 Linux
drwxr-x--- 6 10500 50512    0 août   7 17:27 Windows

Where 10500 is the UID of user administrator and 50512 is the GID of 
group "Domain Admins".

I enter into 'foo' and do 'touch bar' I get a "Permission Denied"....

If I comment the "force group" parameter (and restart smbd) :

'touch bar' => works
'ls -al':
total 4
drwxr-x--- 5 10500 50512    0 août  12 14:45 ./
drwx------ 5 root  root  4096 août   4 09:18 ../
-rw-r----- 1 10500 50512    0 août  12 14:45 bar
drwxr-x--- 4 10500 50512    0 août  12 14:33 Linux/
drwxr-x--- 6 10500 50512    0 août   7 17:27 Windows/

The file bar is here with good permissions, owner and groups.... and is 
editable

If I uncomment again the 'force user' parameter (and restart samba), if 
I want to remove file, I get a "Permission Denied"

I don't understand.... In my memories this parameter worked in 4.1.9....

Regards,
Bruno


-- 

Bruno MACADRE
-------------------------------------------------------------------
  Ingénieur Systèmes et Réseau     | Systems and Network Engineer
  Département Informatique         | Department of computer science
  Responsable Info SER             | SER IT Manager
  Université de Rouen              | University of Rouen
-------------------------------------------------------------------
Coordonnées / Contact :
	Université de Rouen
	Faculté des Sciences et Techniques - Madrillet
	Avenue de l'Université
	CS 70012
	76801 St Etienne du Rouvray CEDEX
	FRANCE

	Tél : +33 (0)2-32-95-51-86
	Mob : +33 (0)6-74-71-45-64
-------------------------------------------------------------------

More information about the samba mailing list