[Samba] Group with RWX acl cannot delete as file/dir owned by user with RWX
G33k pHr33k
g33kphr33k at gmail.com
Tue Nov 3 12:26:51 UTC 2020
Thank you for any help with this:
Using xattr so that I can manage a domain joined Samba server share
with AD permissions. The underlying OS file perms are 777 and I have
set the share with -R a+w to make sure that permissions for owner and
group are the same. Getfacl returns:
# file: deleteme.txt
# owner: root
# group: group_access
user::rwx
group::rwx
group:group_access:rwx
mask::rwx
other::rwx
>From Windows, if I try to delete the file in the share it throws back
that the file is owned by Unix User\root and cannot be deleted without
permission. I am a member of group_access on AD and should have full
rights over the file. What have I done wrong? This is affecting all
shares and files. If I use the Windows Share management and set
permissions then it'll work fine until new files and folders are added.
Version 4.9.5-Debian
smb.conf (with a little redaction):----------------------------------
-----#======================= Global Settings =======================
[global]
log level = 1
writeable = yes
delete veto files = yes
map acl inherit = yes
inherit acls = yes
create mode = 0666
pam password change = yes
username map = /etc/samba/user.map
map to guest = bad user
#winbind enum users = yes
security = ADS
log file = /var/log/samba/log.%m
idmap config company : backend = rid
realm = COMPANY.LTD
passwd program = /usr/bin/passwd %u
vfs objects = acl_xattr
server string = Catapult Server
#store dos attributes = yes
winbind use default domain = yes
passdb backend = tdbsam
panic action = /usr/share/samba/panic-action %d
delete readonly = yes
acl_xattr:ignore system acls = yes
server role = member server
dns proxy = no
workgroup = COMPANY
unix extensions = no
obey pam restrictions = yes
unix charset = UTF-8
idmap config * : range = 3000-7999
veto files =
/.AppleDB/.AppleDouble/.AppleDesktop/:2eDS_Store/Network Trash
Folder/Temporary
Items/TheVolumeSettingsFolder/. at __thumb/. at __desc/:2e*/._.DS_Store/.DS_S
tore/
force directory mode = 02777
usershare allow guests = yes
idmap config * : backend = tdb
max log size = 1000
protocol = SMB2
directory mode = 02777
force create mode = 0666
unix password sync = yes
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
idmap config company : range = 10000-999999
template shell = /bin/bash
template homedir = /home/%U
wide links = no
#winbind enum groups = yes
load printers = no
printing = bsd
printcap = /dev/null
disable spoolss = yes
## Browsing/Identification ###
# Change this to the workgroup/NT-domain name your Samba server will
part of
# This will prevent nmbd to search for NetBIOS names through DNS.
#### Debugging/Accounting ####
# If you are using encrypted passwords, Samba will need to know what
# password database type you are using.
############ Misc ############
# Some defaults for winbind (make sure you're not using the ranges
# for something else.)
# idmap uid = 10000-20000
# idmap gid = 10000-20000
# Allow users who've been granted usershare privileges to create
# public shares, not just authenticated ones
# Templates for shell and home
# Usr Map
#socket options = SO_SNDBUF=33554432 TCP_NODELAY
#======================= Share Definitions =======================
[BorgRecovery]
path = /mnt/borgrecovery
read only = yes
guest ok = yes
writable = no
[ArgononEnvy]
path = /srv/samba/CompanyShare
read only = no
-------------------------------------------
How do I defeat the file ownership with the group being able to also
delete?
Regards
Karl
More information about the samba
mailing list