[Samba] Strange permssion problem

Anders Östling anders.ostling at gmail.com
Mon Jun 7 11:18:19 UTC 2021


Hi

I have a client that runs a small business on Samba and Windows since
last summer,. We have had some issues during the year, but nothing
that could'nt be fixed (mostly profile related).

Today I got a call from the owner, and he was unable to access a
specific folder. This worked last week and, as far as I know, no
changes have been made. So here is the setup

Windows Server 2019 DC
Samba 4.13.9 on Ubuntu as file server
Windows 10 20H2 clients

The document folders are stored on a separate virtual disk (all
servers are virtual btw).
The top level Documents share is setup as described in the Samba Wiki.
Below the top, there are folders for Manufacturing, Products,
Projects, Sales, Staff, Development etc, 12 subfolders in all. Each
subfolder has a corresponding security group that allows access.
Domain users have no explicit access to the folders (inheritance
disabled). There is another group, Management, that has all the other
groups in itself to simplify access management. This structure has
been in place since last year and worked well. The owner and a few
other users have the Management group assigned.

This morning I got a call from the owner. He got an Access Denied
trying to open the Projects folder. All other folders worked well. I
checked the folder permissions and they were correct, members of the
Projects group *is* allowed full access. And since the other folders
works, the inheritance from Management to the specific groups
obviously works.

So I added his personal account to the folder ACL, giving him 8bengt)
and another user (Katarina)  the same explicit access rights as the
Management group have (rxw and files, folders and subfolders). Now he
can access the folder without any problem.

The samba log has a number of these at the relevant timeframe. I can't
say for sure that they are related to the problem, but this is all I
have to go on for the moment.

[chdir_current_service: vfs_ChDir(/share2/Dokument) failed: Permission
denied. Current token: uid=31653, gid=30515, 5 groups: 31653 30515
10003 10004 10006
[2021/06/07 07:29:25.603325,  0]
../../source3/smbd/service.c:166(chdir_current_service)2021/06/07
07:29:05.993217,  1] ../../source3/smbd/vfs.c:1040(vfs_GetWd)

Are there any known ACL related bugs that could cause this behaviour?
I have added a screenshot where the permissions are shown

https://drive.google.com/file/d/1oRSvJy7gR-jO10da400CKQDQl6_wz1Ua/view?usp=sharing

/Anders


-- 
------ -------------------- 8 ------------------ ------
"A wise man once told me - Any idiot can do backups, but it takes a
genius to successfully restore"

Anders Östling
+46 768 716 165 (Mobil)
+46 431 45 56 01  (Hem)



More information about the samba mailing list