[Samba] cannot enter below a 0750 share from samba DC

steve steve at steve-ss.com
Wed Jun 11 05:07:59 MDT 2014

Hi. I'm trying to get our office staff sharing files. Lubuntu 14.04 DC
(palmera) also serving shares. There is a Lubuntu  14.04 ws (guadalest)
joined to this domain. xp clients in the same domain are working as

On Lubuntu, we can only mount folders if the parent folder is world

path = /home/shared/
read only = No

getfacl /home/shared/
# file: shared/
# owner: root
# group: staff2

getfacl /home/shared/stuff
# file: stuff
# owner: root
# group: domain\040users
# flags: -s-

autofs is running on the client and this share is active:
Mount point: /home/shared
  instance type(s): sss 
  map: auto.shared
  * |
-fstype=cifs,sec=krb5,username=cifsuser,multiuser ://palmera/shared/&

julie is a domain user:

 getent passwd julie

 groups julie
julie : domain users staff2

getent group staff2

However, attempting to enter /home/shared/stuff
cd /home/shared/stuff
bash: cd: /home/shared/stuff: No such file or directory

she can enter /home/shared fine
she can also enter is /home/shared is 0755:
julie at guadalest:/home/shared$ cd ~
julie at guadalest:~$ cd /home/shared/stuff
julie at guadalest:/home/shared/stuff$ 

julie can work as expected and produce group rw files on an xp ws.

summary: unless the parent share is world 'enterable', we cannot mount anything below it. 
This works as expected under smbd. Can anyone verify this to be a feature of the DC file server? Any secure workaround?
We want only members of the group staff2 to be able to get into shared and below. Is cifs-utils OK on Ubuntu?

More information about the samba mailing list