[Samba] Clients can't write to group-writable files - plea for help
Josh Malone
jmalone at nrao.edu
Thu Nov 17 19:32:12 UTC 2016
On 11/17/16 2:17 PM, Jeremy Allison wrote:
> On Wed, Nov 16, 2016 at 03:25:24PM -0500, Josh Malone wrote:
>>
>> http://www.cv.nrao.edu/~jmalone/sambalog.txt
>
> Looking at that log I see:
>
> posix_get_nt_acl: called for file .
>
> canon_ace index 0. Type = allow SID = S-1-22-1-0 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx
> canon_ace index 1. Type = allow SID = S-1-22-2-0 gid 0 (root) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms r-x
> canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms r-x
>
> So it's the top-level directory of the share
> /data/test
>
> that is root.root rwxr-xr-x
>
> Can you check that ?
Nope - that directory is uid 2310, group 9004. I'm in group 9004. How
can samba be getting that wrong?
> The open request fails with:
>
> smbd_check_access_rights: file . requesting 0x40 returning 0x40 (NT_STATUS_ACCESS_DENIED)
>
> 0x40 is SEC_DIR_DELETE_CHILD, which is seeing if a file in that
> directory can be deleted. As you're not root, that open fails
> (you don't have 'w' access).
>
> Hope this helps.
Okay - I understand how to read the logs a bit better now. Still baffled
at samba not getting file acls correct though.
-Josh
--
--------------------------------------------------------
Joshua Malone Systems Administrator
(jmalone at nrao.edu) NRAO Charlottesville
434-296-0263 www.nrao.edu
434-249-5699 (mobile)
--------------------------------------------------------
More information about the samba
mailing list