[Samba] vfs_ChDir failed: Permission denied
Marco Shmerykowsky
marco at sce-engineers.com
Mon Feb 1 20:34:37 UTC 2021
On 2/1/2021 3:26 PM, Rowland penny via samba wrote:
> On 01/02/2021 19:44, Marco Shmerykowsky via samba wrote:
>>>>>> Having said that, if it is only the group you are worried about, just
>>>>>> fix the smb.conf on the old computer (which at this stage could just
>>>>>> be restarting Samba) and then fix the group ownership of the files
>>>>>> and
>>>>>> directories.
>>>>>
>>>>> Out of ignorance, how do I fix the group ownership? of the files &
>>>>> directories?
>>>>>
>>>>
>>>> This would depend on your computer, at the moment your files will show
>>>> as belonging to the group 'owners', but if you restart Samba, it is
>>>> probable they will then show as belonging to '2011'. If this is the
>>>> case, then you can use chown or chgrp to change the group ownership
>>>> back to 'owners'. I am not saying this is going to be a 5 minute job 😁
>>>
>>> The directories and files on the server all have the ownership of
>>> "whatever user created the filed ie jdoe" and "domain users"
>>> and permissions rwxrwx---+
>>>
>>> Access is controlled by the group policies.
>>
>> I guess I'm still unclear on if this is fixable. If I take
>> a directory listing of anything in the shared directories,
>> I get something like this:
>>
>> drwxrwx---+ 5 root domain admins 4096 Jan 5 13:28 share-1
>> drwxrwx---+ 9 root domain admins 4096 Jan 5 13:28 share-2
>> drwxrwx---+ 744 root domain admins 28672 Jan 26 09:51 share-3
>> drwxrwx---+ 10 root domain admins 4096 Mar 13 2020 share-4
>> drwxrwx---+ 14 root domain admins 4096 Jan 25 16:12 share-5
>
>
> The problem may be that the numeric ID for 'domain admins' might be wrong.
How would I check this? Is there a recursive way to reset this
so that I can revive the old server prior to putting the new
one together?
>
>>
>> The user/group assignment has looked like this from day one.
>> The only variation it that the "user" changes to match whatever
>> windows user created the file. It is not an important attribute
>> and could be reset to one person.
>
>
> From what you are saying, it doesn't sound like you really have a big
> problem.
>
> I would create a new Unix domain member and create the required share
> structure. Copy the files to the required places on the new Unix domain
> member, then 'chown root:domain admins' the files (you can do this
> recursively by adding '-R' to the command). You can then use 'setfacl'
> to add further users and groups.
>
>>
>> I'm getting that "permission denied" warning on all these shares.
>> The "group" assigned on Linux hasn't changed from the original
>> configuration. How do the Security Groups in Windows AD fit
>> into this?
>
>
> Provided 'getent group THE_GROUP_NAME' displays the groups info on Unix,
> then Unix knows who they are, if nothing is returned, then Unix cannot
> use them.
>
> You can use Windows to set permissions on Samba shares, see here:
> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
>
> Rowland
>
>
>>
>>
>
>
More information about the samba
mailing list