[Samba] cannot enter below a 0750 share from samba DC
steve
steve at steve-ss.com
Wed Jun 11 05:07:59 MDT 2014
Hi. I'm trying to get our office staff sharing files. Lubuntu 14.04 DC
(palmera) also serving shares. There is a Lubuntu 14.04 ws (guadalest)
joined to this domain. xp clients in the same domain are working as
expected.
On Lubuntu, we can only mount folders if the parent folder is world
'enterable':
[shared]
path = /home/shared/
read only = No
getfacl /home/shared/
# file: shared/
# owner: root
# group: staff2
user::rwx
group::r-x
other::---
getfacl /home/shared/stuff
# file: stuff
# owner: root
# group: domain\040users
# flags: -s-
user::rwx
group::rwx
other::r-x
autofs is running on the client and this share is active:
Mount point: /home/shared
source(s):
instance type(s): sss
map: auto.shared
* |
-fstype=cifs,sec=krb5,username=cifsuser,multiuser ://palmera/shared/&
julie is a domain user:
getent passwd julie
julie:*:3000020:20513:julie:/home/users/julie:/bin/bash
groups julie
julie : domain users staff2
getent group staff2
staff2:*:21107:julie
However, attempting to enter /home/shared/stuff
cd /home/shared/stuff
bash: cd: /home/shared/stuff: No such file or directory
she can enter /home/shared fine
she can also enter is /home/shared is 0755:
julie at guadalest:/home/shared$ cd ~
julie at guadalest:~$ cd /home/shared/stuff
julie at guadalest:/home/shared/stuff$
julie can work as expected and produce group rw files on an xp ws.
summary: unless the parent share is world 'enterable', we cannot mount anything below it.
This works as expected under smbd. Can anyone verify this to be a feature of the DC file server? Any secure workaround?
We want only members of the group staff2 to be able to get into shared and below. Is cifs-utils OK on Ubuntu?
Cheers,
Steve
More information about the samba
mailing list