[Samba] Clients can't write to group-writable files - plea for help
Josh Malone
jmalone at nrao.edu
Mon Nov 14 16:38:52 UTC 2016
All,
Apologies for basically bumping my own thread, but I'm absolutely at my
wits' end trying to figure out this access problem. I've replicated the
issue with and without NFS being involved. On our old 4.0.25 server,
users can write to files that they have group-based write permissions.
On 4.5.x, 4.4.x, and 4.3.x that permission is not being honored.
I would be incredibly grateful for help debugging this issue. I've gone
over level 10 logs and nothing is looking like a smoking gun. Lots of
stuff like:
open_file_ntcreate: fname=logs/foobar, after mapping access_mask=0x20087
[2016/11/14 11:32:30.009669, 4, pid=9336, effective(2310, 2049),
real(2310, 0)] ../source3/smbd/open.c:2758(open_fi
le_ntcreate)
calling open_file with flags=0x2 flags2=0x0 mode=0744, access_mask =
0x20087, open_access_mask = 0x20087
[2016/11/14 11:32:30.009702, 10, pid=9336, effective(2310, 2049),
real(2310, 0), class=acls] ../source3/smbd/posix_a
cls.c:3558(posix_get_nt_acl)
posix_get_nt_acl: called for file logs/foobar
[2016/11/14 11:32:30.009753, 10, pid=9336, effective(2310, 2049),
real(2310, 0)] ../source3/passdb/lookup_sid.c:1251
(uid_to_sid)
uid 12477 -> sid S-1-22-1-12477
[2016/11/14 11:32:30.009784, 10, pid=9336, effective(2310, 2049),
real(2310, 0)] ../source3/passdb/lookup_sid.c:1300
(gid_to_sid)
gid 9006 -> sid S-1-22-2-9006
[2016/11/14 11:32:30.009811, 10, pid=9336, effective(2310, 2049),
real(2310, 0), class=acls] ../source3/smbd/posix_a
cls.c:2724(canonicalise_acl)
canonicalise_acl: Access ace entries before arrange :
[2016/11/14 11:32:30.009831, 10, pid=9336, effective(2310, 2049),
real(2310, 0), class=acls] ../source3/smbd/posix_a
cls.c:2737(canonicalise_acl)
canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER
ace_flags = 0x0 perms r--
[2016/11/14 11:32:30.009858, 10, pid=9336, effective(2310, 2049),
real(2310, 0), class=acls] ../source3/smbd/posix_a
cls.c:2737(canonicalise_acl)
canon_ace index 1. Type = allow SID = S-1-22-2-9006 gid 9006 (cvweb)
SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rw-
[2016/11/14 11:32:30.009981, 10, pid=9336, effective(2310, 2049),
real(2310, 0), class=acls] ../source3/smbd/posix_a
cls.c:2737(canonicalise_acl)
canon_ace index 2. Type = allow SID = S-1-22-1-12477 uid 12477
(pmurphy) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rw
-
[2016/11/14 11:32:30.010484, 10, pid=9336, effective(2310, 2049),
real(2310, 0), class=acls] ../source3/smbd/posix_a
cls.c:848(print_canon_ace_list)
print_canon_ace_list: canonicalise_acl: ace entries after arrange
canon_ace index 0. Type = allow SID = S-1-22-1-12477 uid 12477
(pmurphy) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rw
-
canon_ace index 1. Type = allow SID = S-1-22-2-9006 gid 9006 (cvweb)
SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rw-
canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER
ace_flags = 0x0 perms r--
but I'll admit I'm not sure what I'm looking for.
On 11/10/16 1:13 PM, Josh Malone via samba wrote:
> Hello,
>
> Really stumped on this issue. I have samba 4.4.7 running on a new
> server. Users cannot write to files to which they have write permissions
> via group.
>
> Example:
>
> Here's the local filesystem on the samba server. I'm logged in as jmalone
>
>
> : jmalone at canis; cd /home/www.nrao.edu/content/logs/
> : jmalone at canis; ls -l
> total 4
> -rw-rw-r-- 1 jmalone nraoweb 0 Nov 10 10:02 baz
> -rw-rw-r-- 1 pmurphy cvweb 0 Nov 10 11:09 foobar
> : jmalone at canis; touch foobar
>
>
> No problems. Now, let me mount that on my Mac:
>
>
> : jmalone at agrajag; cd /Volumes/www.nrao.edu/content/logs
> : jmalone at agrajag; ls -l
> total 2
> -rwx------ 1 jmalone nraocv 0 Nov 10 10:02 baz
> -rwx------ 1 jmalone nraocv 0 Nov 10 11:09 foobar
> -rwx------ 1 jmalone nraocv 44 Nov 13 2006 index.html
> : jmalone at agrajag.cv; touch foobar
> touch: foobar: Permission denied
>
> I can write to 'baz' though.
>
--
--------------------------------------------------------
Joshua Malone Systems Administrator
(jmalone at nrao.edu) NRAO Charlottesville
434-296-0263 www.nrao.edu
434-249-5699 (mobile)
--------------------------------------------------------
More information about the samba
mailing list