[Samba] Samba on AIX, issues setting read-only flag on files through Windows Explorer?
Mirza Dedic
mirza.dedic at outlook.com
Mon Mar 30 15:05:03 MDT 2015
Hello list :)
I am having issues setting the "read-only" flag via Windows Explorer on my AIX Samba share and I was hoping someone out there would be able to point me into the right direction to solving this issue...
I have on my AIX 7.1 system installed Samba 3.6.24 and configured, joined to our Windows domain successfully.
The samba binaries I got from perzl.org/aix
In my smb.conf I have...
[global]
workgroup = WEST
realm = west.mydomain.com
netbios name = van-xxxx
server string =
load printers = no
admin users = "VANXX\Administrator"
log level = 3
log file = /var/log/samba/%m.log
max log size = 50
security = ADS
password server = dc01.west.mydomain.com, dc02.west.mydomain.com
encrypt passwords = yes
guest ok = no
auth methods = winbind
socket options = TCP_NODELAY
interfaces = 172.xxx.xxx.xxx/22
bind interfaces only = yes
local master = no
os level = 33
domain master = no
preferred master = no
wins support = no
wins server = xxx.xxx.xxx.xxx
wins proxy = no
dns proxy = no
idmap uid = 5000-10000000
idmap gid = 5000-10000000
template homedir = /home/%U
template shell = /bin/bash
winbind use default domain = Yes
winbind nested groups = Yes
client use spnego = yes
client signing = yes
[usr3]
comment = usr3
path = /usr3
read only = No
inherit permissions = Yes
nt acl support = Yes
printable = No
guest ok = No
veto oplock files = /*.log/
Inside /usr3 I have a folder:
drwxrwxrwx 17 root system 12288 Mar 30 11:23 appsrv
Inside the appsrv folder I have a file:
-r-xr--r-- 1 rober usr 111 Mar 30 10:50 BradTest.p
On my Windows 7 machine I can browse to \\van-xxxxx\usr3 and I can go inside the appsrv directory and open/edit the BradTest.p file, and create other files in this directory, etc...
I am debugging with a single file named "BradTest.p", its permissions are as follows...
# stat BradTest.p
File: 'BradTest.p'
Size: 111 Blocks: 8 IO Block: 4096 regular file
Device: 2e0001h/3014657d Inode: 73597 Links: 1
Access: (0766/-rwxrw-rw-) Uid: ( 1165/ rober) Gid: ( 100/ usr)
The BradTest.p file is owned by another user "rober", which is an Active Directory user-id.
If I login to a Windows 7 machine as "rober" I can browse to the above file and set the read-only flag. If I login to the Windows 7 computer as another user such as "mirte", I can edit the file but I cannot change the read-only flag I get an access denied error message.
Both users belong to the "usr" group, so why can't I logged in as mirte change the read-only flag on the file owned by rober? I can "chown mirte BradTest.p" and then i can modify the read-only flag.
If logged into the computer as "mirte" and creating a dummy file called "testing'txt" in the Samba share, we can see the AD to UNIX userid mapping are working fine because the file created is owned by my user-id and the "usr" group...
# stat testing.txt
File: 'testing.txt'
Size: 0 Blocks: 0 IO Block: 4096 regular empty file
Device: 2e0001h/3014657d Inode: 74877 Links: 1
Access: (0766/-rwxrw-rw-) Uid: ( 205/ mirte) Gid: ( 100/ usr)
I can then set the read-only flag, and when I stat the file again we see..
I can then right click and properties this file and set the read-only flag and we see the permission change reflected below...
# stat testing.txt
File: 'testing.txt'
Size: 0 Blocks: 0 IO Block: 4096 regular empty file
Device: 2e0001h/3014657d Inode: 74877 Links: 1
Access: (0544/-r-xr--r--) Uid: ( 205/ mirte) Gid: ( 100/ usr)
What I need to be able to do is as another developer check out a file by setting a read-only flag on it even if it is not owned by me, this previously worked for us prior to migrating to a newer system with a newer samba build (old system had samba 3.5.8, new system has 3.6.24).
I am stumped as to how I could resolve this.. anyone able to point me to the right direction?
More information about the samba
mailing list