[Samba] Samba 4.9.4 drops group write permission on files (at file access time) with 'vfs objects' enabled
Rowland Penny
rpenny at samba.org
Wed Feb 27 16:17:00 UTC 2019
On Wed, 27 Feb 2019 16:53:48 +0100
Peter Eriksson via samba <samba at lists.samba.org> wrote:
> We just noticed an interesting bug/misfeature on our Samba 4.9.4
> servers (FreeBSD 11.2). The same effect is also visible on Samba
> 4.8.3 on CentOS 7.
>
> Start with a directory that looks like this:
>
> root at filur00:/tmp/test # ls -la
> total 50
> drwxrwx--- 2 peter86 uf-iti-all 3 Feb 27 11:27 .
> drwxrwxrwt 10 root wheel 56 Feb 27 16:41 ..
> -rw-rw---- 1 mikha02 uf-iti-all 6 Feb 27 11:27 hello.txt
>
> Ie, no ACLs, just “pure” Unix permission bits. Share it as usual via
> smb.conf.
>
>
> With a smb.conf file with any “vfs objects” enabled (doesn’t matter
> which, or even with an empty list):
>
> vfs objects = ;; empty list
> vfs objects = shadow_copy2 zfsacl full_audit
>
> Then if you (from a Windows machine) look at the file's Properties ->
> Security you will find that the Write access for the Group entry has
> been removed from the ACL list displayed (and Samba will give Windows
> users access errors when they try to write to that file).
>
>
> With a smb.conf file without a “vfs objects” line you will correctly
> get the right Write Access for the Group in the ACL.
>
>
> It feels like having any “vfs objects” config line removes some kind
> of default VFS module that does something that it should call instead
> of calling it last….
>
> - Peter
>
>
Would this be on a DC ?
If so, you are removing the default vfs objects. and this is a known
'problem'
Rowland
More information about the samba
mailing list