[Samba] vfs_ChDir failed: Permission denied

Marco Shmerykowsky marco at sce-engineers.com
Mon Feb 1 20:34:37 UTC 2021


On 2/1/2021 3:26 PM, Rowland penny via samba wrote:
> On 01/02/2021 19:44, Marco Shmerykowsky via samba wrote:
>>>>>> Having said that, if it is only the group you are worried about, just
>>>>>> fix the smb.conf on the old computer (which at this stage could just
>>>>>> be restarting Samba) and then fix the group ownership of the files 
>>>>>> and
>>>>>> directories.
>>>>>
>>>>> Out of ignorance, how do I fix the group ownership? of the files & 
>>>>> directories?
>>>>>
>>>>
>>>> This would depend on your computer, at the moment your files will show
>>>> as belonging to the group 'owners', but if you restart Samba, it is
>>>> probable they will then show as belonging  to '2011'. If this is the
>>>> case, then you can use chown or chgrp to change the group ownership
>>>> back to 'owners'. I am not saying this is going to be a 5 minute job 😁
>>>
>>> The directories and files on the server all have the ownership of
>>> "whatever user created the filed ie jdoe" and "domain users"
>>> and permissions rwxrwx---+
>>>
>>> Access is controlled by the group policies.
>>
>> I guess I'm still unclear on if this is fixable.  If I take
>> a directory listing of anything in the shared directories,
>> I get something like this:
>>
>> drwxrwx---+   5 root domain admins  4096 Jan  5 13:28 share-1
>> drwxrwx---+   9 root domain admins  4096 Jan  5 13:28 share-2
>> drwxrwx---+ 744 root domain admins 28672 Jan 26 09:51 share-3
>> drwxrwx---+  10 root domain admins  4096 Mar 13  2020 share-4
>> drwxrwx---+  14 root domain admins  4096 Jan 25 16:12 share-5
> 
> 
> The problem may be that the numeric ID for 'domain admins' might be wrong.

How would I check this?  Is there a recursive way to reset this
so that I can revive the old server prior to putting the new
one together?

> 
>>
>> The user/group assignment has looked like this from day one.
>> The only variation it that the "user" changes to match whatever
>> windows user created the file.  It is not an important attribute
>> and could be reset to one person.
> 
> 
>  From what you are saying, it doesn't sound like you really have a big 
> problem.
> 
> I would  create a new Unix domain member and create the required share 
> structure. Copy the files to the required places on the new Unix domain 
> member, then 'chown root:domain admins' the files (you can do this 
> recursively by adding '-R' to the command). You can then use 'setfacl' 
> to add further users and groups.
> 
>>
>> I'm getting that "permission denied" warning on all these shares.
>> The "group" assigned on Linux hasn't changed from the original
>> configuration.  How do the Security Groups in Windows AD fit
>> into this?
> 
> 
> Provided 'getent group THE_GROUP_NAME' displays the groups info on Unix, 
> then Unix knows who they are, if nothing is returned, then Unix cannot 
> use them.
> 
> You can use Windows to set permissions on Samba shares, see here: 
> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
> 
> Rowland
> 
> 
>>
>>
> 
> 



More information about the samba mailing list