[Samba] Samba4 not able to write to group writeable folder???

Roland Schwingel roland.schwingel at onevision.com
Wed Aug 5 12:52:46 UTC 2015 

Hi...

With samba4 I sometimes feel like a bloody beginner even I use samba 
since ages.

Miracle of the day: Users connecting using samba4 cannot write to group 
writeable folders even they should be able to.

I upgraded one 3.6 fileserver to 4.2.3. PDC is always a samba 4.2.3 
instance. I am using samba4 in classic PDC mode for a couple of reasons.

On my fileserver I have a folder called /TestData. It looks like this:
drwxr-xr-x  39 testdata testdata  4096 Aug  5 10:55 .
drwxr-xr-x  34 root    root     4096 Aug  4 21:23 ..
drwxrwsr-x  12 testdata testdata  4096 Aug  5 14:20 0-9
drwsrwsr-x 211 testdata testdata 12288 Aug  5 12:21 A
drwxrwsr-x 185 testdata testdata 12288 Jul  8 15:39 B
drwxrwsr-x 166 testdata testdata  4096 Jun 26 13:18 C
.
.
.
drwxrwsr-x  35 testdata testdata  4096 Jun 12 08:15 X
drwxrwsr-x  12 testdata testdata  4096 Jun 20  2014 Y
drwxrwsr-x  49 testdata testdata  4096 Aug  5 10:57 Z

/TestData shall only be writeable by members of group testdata.
And only the subfolders shall be writeable not the root folder.

When a user belonging to the group testdata writes to one of these 
subfolders (eg. A) under linux everything is fine. Other users are 
blocked. So permissions are setup correctly.

With Samba3 this is the case also for windows users belonging to 
testdata group. Not with samba4. Users belonging to testdata are *NOT* 
allowed to write to *any* subfolder. Reading is ok. All users that 
should write to TestData are member of the unix group testdata but not 
as primary group.

My samba4 smb.conf
[global]
         unix charset = UTF-8
         workgroup = MYDOM
         server string = Fileserver HOG
         interfaces = eth0
         bind interfaces only = Yes
         security = DOMAIN
         load printers = no
         map to guest = Never
         # log level = 1
         log file = /usr/local/samba/var/log.%m
         max log size = 500
         name resolve order = host bcast
         unix extensions = No
         hide dot files = No
         csc policy = disable
         strict locking = No
         wide links = Yes
         # Workaround to make all .exe executable
         acl allow execute always = True

[TestData]
    comment = TestData
    path = /TestData
    read only = No
    guest ok = No
    inherit permissions = Yes

The smb.conf is quite similar to the one the one I use with samba3

I switched a couple of times between my old samba3.6 installation and my 
new 4.2.3 but the symptom is still there. samba3 users can write, samba 
4 users cant.

What kind of stupidity I miss here?

Thanks for your help,

Roland

More information about the samba mailing list