[Samba] chdir_current_service: vfs_ChDir(/srv/samba/users) failed: Permission denied.

spindles seven spindles7 at gmail.com
Sun Nov 28 00:00:26 UTC 2021


On 27 November 2021 18:22 Rowland Penny wrote: 
> On Sat, 2021-11-27 at 11:27 -0600, Patrick Goetz via samba wrote:
> >
> > On 11/27/21 05:35, Rowland Penny via samba wrote:
> > > On Sat, 2021-11-27 at 11:09 +0000, spindles seven via samba wrote:
> > > > On 27 November 2021 10:10 Ralph Boehme wrote:
> > > > The samba WiKi doesn't mention adding the "x" at all in the
> > > > directory
> > > > hierarchy as far as I can see;   if so maybe a note needs adding
> > > > to
> > > > the relevant page(s)?
> > >
> > > That is because it is standard Unix, 'x' on a directory means
> > > 'enter'
> > > or 'traverse' and if you cannot traverse directories, then you
> > > cannot
> > > reach the share.
> > >
> >
> > Sure, but Samba, which runs are root, is acting as a middle man in
> > the
> > file service, so it's not transparently clear that user execute
> > permission in a parent directory is a prerequisite for access; e.g.
> > Samba could be treating this like a bind mount or NFS root. In fact,
> > based on the way shares are accessed this would be a logical
> > assumption.
> > I mount \\server\share, not server:/data/share which is where the
> > files
> > actually live in the filesystem hierarchy so why should I care what
> > the
> > permissions on /data are?
> >
> > This is something worth mentioning in a warning note.
> 
> Possibly, but the share permissions should be set at creation and as
> this is on Linux, you would expect the Linux sysadmin to be aware of
> this. The other problem is just where to put such a note/warning ?
> 
I agree with Patrick, it's not obvious that the folders above the share need 'world' "x" as it can be assumed that as samba runs as root it's not necessary as normal users can access their files without the "x".   (Now we know samba impersonates the user.) 

So I would think a note in https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs where you create the folder, would be the appropriate place.

Roy




More information about the samba mailing list