[Samba] Cannot delete (empty) folder from Mac client
Andrea Venturoli
ml at netfence.it
Sat Nov 21 10:48:45 UTC 2020
Hello.
A Mac client of mine has a problem deleting an empty folder from the
root of a Samba 4.12 server share, reporting a permission issue;
however, the more I look at it, the more I am convinced it should be
able to delete it.
smb.conf:
> [global]
> workgroup=XXXXXXXX
> realm=XXXXXXXX.local
> interfaces=em0
> hosts allow=192.168.XXX. 10.0.XXX.2 10.1.XXX. 10.2.XXX.
> security=ADS
> map archive=No
> kerberos method = secrets and keytab
> idmap config *:backend = tdb
> idmap config *:range = 100000-999999
> idmap config XXXXXXXX:backend=rid
> idmap config XXXXXXXX:range = 10000-99999
> template homedir = /home/%U
> winbind use default domain = yes
> winbind refresh tickets = Yes
> winbind expand groups = 4
> winbind normalize names = Yes
> domain master = no
> local master = no
> map acl inherit = Yes
> store dos attributes = Yes
> unix extensions=no
> vfs objects=audit
> audit:facility=LOCAL7
> audit:priority=INFO
> ...
> [myshare]
> path=/shares/myshare
> writeable=yes
> follow symlinks=no
> force create mode=660
> force directory mode=770
> valid users=user1,user2
On the server:
> # ls -l /shares/
> drwxrwx--- 50 root domain_users 3072 Nov 19 15:10 myshare
> # ls -l /shares/myshare
> -rwxrwx--- 1 root domain_users 4096 Mar 14 2017 ._mydir.doc
> drwxrwx--- 2 root domain_users 512 Nov 19 10:51 mydir.doc
> # ls -l /shares/myshare/mydir.doc
> total 0
(Notice no ACLs are set)
On the client:
> $ ls -le /Volumes/
> drwx------+ 1 user2 XXXXXXXX\Domain Users 16384 Nov 19 15:10 myshare
> 0: AAAABBBB-CCCC-DDDD-EEEE-FFFF82000000 allow list,add_file,search,delete,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,writesecurity,chown
> 1: group:XXXXXXXX\Domain Users allow list,add_file,search,delete,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,writesecurity,chown
> 2: group:everyone allow
> $ ls -le /Volumes/myshare
> drwx------@ 1 user2 XXXXXXXX\Domain Users 16384 Nov 19 10:51 mydir.doc
> 0: AAAABBBB-CCCC-DDDD-EEEE-FFFF82000000 allow list,add_file,search,delete,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,writesecurity,chown
> 1: group:XXXXXXXX\Domain Users allow list,add_file,search,delete,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,writesecurity,chown
> 2: group:everyone allow
> $ groups user2
> XXXXXXXX\Domain Users everyone netaccounts XXXXXXXX\xxxxxxxxx XXXXXXXX\xxxxxx XXXXXXXXX\Utenti Terminal com.apple.sharepoint.group.1
Yet:
> $ rmdir /Volumes/myshare/mydir
> rmdir: /Volumes/myshare/mydir/: Operation not permitted
Recapping:
_ I've got share level access ("valid users") set in smb.conf;
_ server side, the filesystem permissions should allow deleting that
directory (since user2 is in domain_users group);
_ client side, the file seems to be owned by the user mounting the share
(instead of root); UNIX permissions are translated into ACLs, but,
again, these should allow her to delete that directory.
Notice she is able to delete files and directories in general from that
share.
I.e. If I create a similar directory in the server, with the same
permissions, she is able to delete it.
Samba has been restarted and all client rebooted since the problem arose.
I must be failing to see something or understaning something wrong.
Any hint?
bye & Thanks
av.
P.S.
I know the consensus is I should run vfs_fruit, but last time I tried
enabling it, mayhem broke out.
More information about the samba
mailing list