[Samba] odd issue with permisions
Dan Egli
dan at newideatest.site
Wed Oct 28 09:24:27 UTC 2020
On 10/28/2020 2:16 AM, L.P.H. van Belle via samba wrote:
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Dan
>> Egli via samba
>> Verzonden: woensdag 28 oktober 2020 9:01
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] odd issue with permisions
>>
>> On 10/27/2020 1:08 PM, Dan Egli via samba wrote:
>>>> What version of Samba ?
>>>>
>>>> Please post your smb.conf
>>>>
>>>> Rowland
>>>>
>>>>
>>> Sorry, Samba version 4.11.2-13 is running on CentOS 8.
>> My smb.conf is
>>> shown below, sans comments:
>>>
>>>
>>> [global]
>>>
>>> workgroup = EgliFamily
>>> server string = Samba Server Version %v
>>> log file = /var/log/samba/log.%m
>>> max log size = 50
>>> security = user
>>> passdb backend = tdbsam
>>> acl allow execute always = true
>>> load printers = yes
>>> cups options = raw
>>>
>>> [homes]
>>> comment = Home Directories
>>> browseable = no
>>> writable = yes
>>> directory mask = 770
>>> create mask = 660
>>> acl check permissions = no
>>>
>>> [printers]
>>> comment = All Printers
>>> path = /var/spool/samba
>>> browseable = no
>>> guest ok = no
>>> writable = no
>>> printable = yes
>>>
>>>
>> It's been over 24 hours and no one has even touched this. I
>> could really use a bit of help. Yes, it works when I create the files/dirs in samba
>> because of the masks I set, but that's just a kludge.
>> It shouldn't matter that the GROUP permissions are if the USER permissions allow
>> access and the file is owned by the current user.
> Offcourse this does matter.
> You can set a deny on the group and the user cant write, thats simple.
>
> And if your in a rush with this, You can get paid support at samba, plain and simple.
> Also, Its not 24hours.. 19:51 first post yesterday. Now its 09:00,
> so relax we always try to help but we do also sleep.
> I guess you do sleep also sometimes..
>
> Remove this part in the home dirs.
>
>>> directory mask = 770
>>> create mask = 660
>>> acl check permissions = no
> Run :
> getfacl /home
> getfacl /home/username
# getfacl /home
getfacl: Removing leading '/' from absolute path names
# file: home
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# getfacl /home/dan
getfacl: Removing leading '/' from absolute path names
# file: home/dan
# owner: dan
# group: dan
user::rwx
group::rwx
other::---
> And what is set on the share for security rights, just the defaults?
> Did you change anything there?
Nothing changed on rights. The ONLY changes I made from the default file
are adding the create mask and directory mask lines to the [homes] share
and adding the acl that allows programs to be executed.
> And run :
> chmod 1770 /home/username
> Then test again. (1 Creator Owner)
>
> chmod 3770 /home/username
> Test again. (3 Creator Group )
>
> chmod 4770 /home/username
> Test again. (4 Both above )
>
I just tried that, same result each time. When the directory gets
created with 755 mode (system default) I can't write to it.
NT_STATUS_ACCESS_DENIED every time. By the way, how do I take those
items back off? The sticky bit seems to be STUCK. I tried chmod 0770,
chmod ug=rwx, regardless the sticky bit stays set for both user and group
> Last question, how did you create or are the user homedirs created?
>
The user homedirs are created by useradd.
I'm still open to ideas.
--
Dan Egli
On my Test server
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20201028/4d8240b0/OpenPGP_signature.sig>
More information about the samba
mailing list