[Samba] No group write permission

Andrew Walker walker.aj325 at gmail.com
Sun Mar 28 00:48:58 UTC 2021 

On Sat, Mar 27, 2021 at 9:00 AM Paul Muaddib via samba <
samba at lists.samba.org> wrote:

> Sure
>
> [global]
>         log file        = /var/log/samba4/log.%m
>
>         server string   = NAS Server
>         workgroup       =  WORKGROUP
>
>         bind interfaces only     = yes
>         interfaces               = lo0 lagg0
>
>         security                       = user
>         encrypt passwords      = true
>
>         time server                 = yes
>         load printers               = no
>
>         template homedir         = /fileserver/users/%U
>         allow insecure wide links = yes
>
> [data]
>          comment    = Daten
>         path            = /fileserver/data
>         valid users     = @fileserver, @sales, @purchase
>         write liste     = @fileserver, @sales, @purchase
>
>         browsable                   = yes
>         writable                      = yes
>         read only                    = no
>         guest ok                     = no
>         public                          = no
>         follow symlinks            = yes
>         wide links                    = yes
>         create mask                 = 0770
>         force create mode       = 0770
>         directory mask             = 2775
>         force directory mode    = 2770
>         hide unreadable            = yes
>         crossrename:sizelimit   = 50
>
> [users]
>         comment         = Benutzer
>         path                 = /fileserver/users
>         valid users      = @fileserver
>
>         browsable       = yes
>         writable           = yes
>         read only        = no
>         guest ok         = no
>         public             = no
>
>         create mask               = 0750
>         force create mode      = 0750
>         directory mask            = 0750
>         force directory mode   = 0750
>
>         hide unreadable = yes
>
> Am Sa., 27. März 2021 um 13:52 Uhr schrieb Rowland penny via samba <
> samba at lists.samba.org>:
>
> > On 27/03/2021 12:31, Paul Muaddib via samba wrote:
> > > Hi
> > >
> > > I have one shared folder [data] that is shared by multiple users.
> Inside
> > > this share are multiple folders with different group permissions. But
> the
> > > group permissions are bing ignored. For example when User2 wants to
> open
> > > „test.docx“ in the folder data/share then there is no write permission
> in
> > > windows although there is group write permission.
> > >
> >
> > Can we see your entire smb.conf
> >
> > Rowland
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba


When zfsacl is not set on the share, the default VFS operations to get /
set NT ACLs will fall through the POSIX ACL code path. Since ZFS on FreeBSD
does not support POSIX1E ACLs, this may fail with EINVAL. Not sure if
that's what you are seeing here. Maybe boost log level and check for what
exactly is failing with ACCESS_DENIED. I usually start with 5 and if that
doesn't make the issue painfully obvious, bump up to 10.

More information about the samba mailing list