[Samba] chdir_current_service: vfs_ChDir(/srv/samba/users) failed: Permission denied.

Patrick Goetz pgoetz at math.utexas.edu
Sat Nov 27 17:27:57 UTC 2021



On 11/27/21 05:35, Rowland Penny via samba wrote:
> On Sat, 2021-11-27 at 11:09 +0000, spindles seven via samba wrote:
>> On 27 November 2021 10:10 Ralph Boehme wrote:
>>> what about the permission on /, /srv and /srv/samba? The account
>>> needs
>>> at least "x" there.
>>>
>>> -slow
>>>
>> Thanks Ralph.
>>
>> So  "x" was missing on /srv/samba:
>> root at lxd-m1:~# ls -l /srv
>> total 16
>> drwxrwx--- 1 root domain admins 34 Feb 26  2021 samba
>>
>> So add it:
>> root at lxd-m1:~# chmod 771 /srv/samba
>> root at lxd-m1:~# ls -l /srv
>> total 16
>> drwxrwx--x 1 root domain admins 34 Feb 26  2021 samba
>>
>> The samba WiKi doesn't mention adding the "x" at all in the directory
>> hierarchy as far as I can see;   if so maybe a note needs adding to
>> the relevant page(s)?
> 
> That is because it is standard Unix, 'x' on a directory means 'enter'
> or 'traverse' and if you cannot traverse directories, then you cannot
> reach the share.
> 


Sure, but Samba, which runs are root, is acting as a middle man in the 
file service, so it's not transparently clear that user execute 
permission in a parent directory is a prerequisite for access; e.g. 
Samba could be treating this like a bind mount or NFS root. In fact, 
based on the way shares are accessed this would be a logical assumption. 
I mount \\server\share, not server:/data/share which is where the files 
actually live in the filesystem hierarchy so why should I care what the 
permissions on /data are?

This is something worth mentioning in a warning note.


>>
>> Have added the "x" to the /srv/samba directory and the logs haven't
>> recurred (so far!).
>>
>> Not sure I understand why this will work, considering that the line:
>> "acl_xattr:ignore system acl = yes" is in smb.conf?
>>
>> Checking man smb.conf I can't find the description of this parameter.
>> A search finds mention of "acl)xattr:ignore system acls = yes" (note
>> the plural of acl) but no actual description of the parameter.
> 
> man vfs_acl_xattr
> 
>>
>> The Wiki suggests adding "acl_xattr:ignore system acl = yes", but
>> should it be: "acl_xattr:ignore system acls = yes"?
> 
> Yes, I have fixed it.
> 
> Rowland
> 
> 
> 



More information about the samba mailing list