[Samba] Cannot delete/write after system update

Bob Bell b_samba at thebellsplace.com
Tue Apr 28 21:04:18 MDT 2015 

On Mon, Apr 27, 2015 at 10:56:05AM +0100, Rowland Penny wrote:
> On 26/04/15 05:38, Bob Bell wrote:
> > After upgrading one of my home servers, and I can no longer delete or 
> > write files via Samba.  I would very much appreciate assitance.  I 
> > will explain my situation and provide logs for the case of deleting a 
> > simple file.
> >
> > My configuration is to access my shares as a guest, which should be 
> > mapped to the smbuser Linux account.
> >
> > To achieve this I have set the following globally:
> >  map to guest = Bad Password ## I added this after the upgrade, to 
> > replace "security = share"
> >  guest ok = yes
> >  guest account = smbuser
> >
> > And the following on my share:
> >  public = yes
> >  writeable = yes
> >  guest ok = yes ## Redundant, I guess
> >  create mask = 0664
> >  directory mask = 6775
> >
> > My desire is that if a directory is writable by the smbuser group, 
> > then it is writable via Samba.  But this is not what I see (since the
> > upgrade).
> >
> > If I create a directory owned by smbuser:smbuser with 0777 
> > permissions, I can upload a file, and delete the same file (using 
> > smbclient).  The uploaded file is owned by smbuser:smbuser, confirming 
> > (to me) that the mapping to guest is functioning correctly.
> >
> > However, if I remove the other write permission (i.e., drop 
> > permissions to 0775), I can no longer delete files or write files.  I 
> > get an NT_STATUS_ACCESS_DENIED error.
> >
> > I'm a seasoned programmer, and I've actually spent hours tried to 
> > debug this, but I am coming up short.  I can see that the 
> > NT_STATUS_ACCESS_DENIED is coming from se_access_check(), because the 
> > delete bit is not cleared, but I really lack the context to understand 
> > WHY.  I would greatly appreciate your assistance.
> >
> > I've run through as simple an interaction as I can think of: using 
> > smbclient to attempt to delete a "deleteme" file.  I set debug logging 
> > to 10 for this example, and collected a client-specific log.  I 
> > believe the key log line may be line 1599:
> >
> > [2015/04/26 00:07:17.457393, 10, pid=22294, effective(1001, 1001), 
> > real(1001, 0)] ../source3/smbd/open.c:171(smbd_check_access_rights)
> >  smbd_check_access_rights: file deleteme requesting 0x10000 returning 
> > 0x10000 (NT_STATUS_ACCESS_DENIED)
> >
> > Note that the smbuser UID is 1001, and the smbuser GID is 1001.
> >
> > I've uploaded the full log file to http://n01se.net/paste/Kmz for 
> > anyone who would be so kind to offer their expertise.
> >
> > Thank you in advance,
> > Bob
> 
> Any chance you can post your smb.conf ?
> 
> Rowland

Rowland,

Thanks for responding.

I've done my best to strip down my smb.conf, and verify that the problem
is still reproduced (something I should have done from the start,
really).  Here's the stripped-down smb.conf:

[global]
        workgroup = workgroup
        log file = /var/log/samba/log.%m
        syslog = 0
        map to guest = Bad Password
        guest ok = yes
        guest account = smbuser
[Video]
        path = /data/video
        public = yes
        writeable = yes
        guest ok = yes
        create mask = 0664
        directory mask = 6775


Thanks again,
Bob

More information about the samba mailing list