[Samba] No group write permission

Paul Muaddib paul.muaddib83 at gmail.com
Mon Mar 29 13:50:06 UTC 2021


I could not find any ACCESS_DENIED or EINVAL inside the log file with level
5
What I recoginzied is that the following errors are output dozens of times

  unix_mode: unix_mode(Share) returning 0770
../../source3/smbd/dosmode.c:423(get_ea_dos_attribute)
  get_ea_dos_attribute: Cannot get attribute from EA on file Share: Error =
Attribute not found

Did not find user fileserver

user2 opened file Share/test.docx read=No write=No

pdb_default_uid_to_sid: Did not find user fileserver (1005)

pdb_getsampwnam (TDB): error fetching database.
   Key: USER_fileserver


Am So., 28. März 2021 um 01:49 Uhr schrieb Andrew Walker <
walker.aj325 at gmail.com>:

>
>
> On Sat, Mar 27, 2021 at 9:00 AM Paul Muaddib via samba <
> samba at lists.samba.org> wrote:
>
>> Sure
>>
>> [global]
>>         log file        = /var/log/samba4/log.%m
>>
>>         server string   = NAS Server
>>         workgroup       =  WORKGROUP
>>
>>         bind interfaces only     = yes
>>         interfaces               = lo0 lagg0
>>
>>         security                       = user
>>         encrypt passwords      = true
>>
>>         time server                 = yes
>>         load printers               = no
>>
>>         template homedir         = /fileserver/users/%U
>>         allow insecure wide links = yes
>>
>> [data]
>>          comment    = Daten
>>         path            = /fileserver/data
>>         valid users     = @fileserver, @sales, @purchase
>>         write liste     = @fileserver, @sales, @purchase
>>
>>         browsable                   = yes
>>         writable                      = yes
>>         read only                    = no
>>         guest ok                     = no
>>         public                          = no
>>         follow symlinks            = yes
>>         wide links                    = yes
>>         create mask                 = 0770
>>         force create mode       = 0770
>>         directory mask             = 2775
>>         force directory mode    = 2770
>>         hide unreadable            = yes
>>         crossrename:sizelimit   = 50
>>
>> [users]
>>         comment         = Benutzer
>>         path                 = /fileserver/users
>>         valid users      = @fileserver
>>
>>         browsable       = yes
>>         writable           = yes
>>         read only        = no
>>         guest ok         = no
>>         public             = no
>>
>>         create mask               = 0750
>>         force create mode      = 0750
>>         directory mask            = 0750
>>         force directory mode   = 0750
>>
>>         hide unreadable = yes
>>
>> Am Sa., 27. März 2021 um 13:52 Uhr schrieb Rowland penny via samba <
>> samba at lists.samba.org>:
>>
>> > On 27/03/2021 12:31, Paul Muaddib via samba wrote:
>> > > Hi
>> > >
>> > > I have one shared folder [data] that is shared by multiple users.
>> Inside
>> > > this share are multiple folders with different group permissions. But
>> the
>> > > group permissions are bing ignored. For example when User2 wants to
>> open
>> > > „test.docx“ in the folder data/share then there is no write
>> permission in
>> > > windows although there is group write permission.
>> > >
>> >
>> > Can we see your entire smb.conf
>> >
>> > Rowland
>> >
>> >
>> >
>> > --
>> > To unsubscribe from this list go to the following URL and read the
>> > instructions:  https://lists.samba.org/mailman/options/samba
>> >
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>
>
> When zfsacl is not set on the share, the default VFS operations to get /
> set NT ACLs will fall through the POSIX ACL code path. Since ZFS on FreeBSD
> does not support POSIX1E ACLs, this may fail with EINVAL. Not sure if
> that's what you are seeing here. Maybe boost log level and check for what
> exactly is failing with ACCESS_DENIED. I usually start with 5 and if that
> doesn't make the issue painfully obvious, bump up to 10.
>


More information about the samba mailing list