[Samba] odd issue with permisions

Dan Egli dan at newideatest.site
Wed Oct 28 09:24:27 UTC 2020


On 10/28/2020 2:16 AM, L.P.H. van Belle via samba wrote:
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Dan 
>> Egli via samba
>> Verzonden: woensdag 28 oktober 2020 9:01
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] odd issue with permisions
>>
>> On 10/27/2020 1:08 PM, Dan Egli via samba wrote:
>>>> What version of Samba ?
>>>>
>>>> Please post your smb.conf
>>>>
>>>> Rowland
>>>>
>>>>
>>> Sorry, Samba  version 4.11.2-13 is running on CentOS  8.  
>> My smb.conf is
>>> shown below, sans comments:
>>>
>>>
>>> [global]
>>>
>>>         workgroup = EgliFamily
>>>         server string = Samba Server Version %v
>>>         log file = /var/log/samba/log.%m
>>>         max log size = 50
>>>         security = user
>>>         passdb backend = tdbsam
>>>         acl allow execute always =  true
>>>         load printers = yes
>>>         cups options = raw
>>>
>>> [homes]
>>>         comment = Home Directories
>>>         browseable = no
>>>         writable = yes
>>>         directory mask = 770
>>>         create mask = 660
>>>         acl check permissions = no
>>>
>>> [printers]
>>>         comment = All Printers
>>>         path = /var/spool/samba
>>>         browseable = no
>>>         guest ok = no
>>>         writable = no
>>>         printable = yes
>>>
>>>
>> It's been over 24 hours and no one has even touched this. I 
>> could really use a bit of help. Yes, it works when I create the files/dirs in samba
>> because of the masks I set, but that's just a kludge. 
>> It shouldn't matter that the GROUP permissions are if the USER permissions allow
>> access and the file is owned by the current user.
> Offcourse this does matter. 
> You can set a deny on the group and the user cant write, thats simple. 
>
> And if your in a rush with this, You can get paid support at samba, plain and simple. 
> Also, Its not 24hours..  19:51 first post yesterday. Now its 09:00, 
> so relax we always try to help but we do also sleep. 
> I guess you do sleep also sometimes.. 
>
> Remove this part in the home dirs. 
>
>>>         directory mask = 770
>>>         create mask = 660
>>>         acl check permissions = no
> Run :
> getfacl /home 
> getfacl /home/username 
# getfacl /home
getfacl: Removing leading '/' from absolute path names
# file: home
# owner: root
# group: root
user::rwx
group::r-x
other::r-x


# getfacl /home/dan
getfacl: Removing leading '/' from absolute path names
# file: home/dan
# owner: dan
# group: dan
user::rwx
group::rwx
other::---

> And what is set on the share for security rights, just the defaults? 
> Did you change anything there? 

Nothing changed on rights. The ONLY changes I made from the default file
are adding the create mask and directory mask lines to the [homes] share
and adding the acl that allows programs to be executed.

> And run : 
> chmod 1770 /home/username 
> Then test again. (1 Creator Owner) 
>
> chmod 3770 /home/username 
> Test again. (3 Creator Group ) 
>
> chmod 4770 /home/username 
> Test again. (4 Both above ) 
>
I just tried that, same result each time. When the directory gets
created with 755 mode (system default) I can't write to it.
NT_STATUS_ACCESS_DENIED every time. By the way, how do I take those
items back off? The sticky bit seems to be STUCK. I tried chmod 0770,
chmod ug=rwx, regardless the sticky bit stays set for both user and group

> Last question, how did you create or are the user homedirs created? 
>
The user homedirs are created by useradd.

I'm still open to ideas.

-- 
Dan Egli
On my Test server

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20201028/4d8240b0/OpenPGP_signature.sig>


More information about the samba mailing list