[Samba] chdir_current_service: vfs_ChDir(/srv/samba/users) failed: Permission denied.
Roy Eastwood
spindles7 at gmail.com
Mon Nov 29 10:21:08 UTC 2021
Ok, here are the results:
roy at lxd-m1:~$ sudo getfacl /srv
[sudo] password for roy:
getfacl: Removing leading '/' from absolute path names
# file: srv
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
roy at lxd-m1:~$ sudo getfacl /srv/samba
getfacl: Removing leading '/' from absolute path names
# file: srv/samba
# owner: root
# group: domain\040admins
# flags: -s-
user::rwx
group::rwx
other::--x
roy at lxd-m1:~$ sudo getfacl /srv/samba/users
getfacl: Removing leading '/' from absolute path names
# file: srv/samba/users
# owner: root
# group: domain\040admins
user::rwx
user:root:rwx
user:domain\040admins:rwx
user:domain\040computers:r-x
group::rwx
group:NT\040Authority\\authenticated\040users:rwx
group:NT\040Authority\\system:rwx
group:domain\040admins:rwx
group:domain\040computers:r-x
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:user:domain\040admins:rwx
default:group::---
default:group:NT\040Authority\\system:rwx
default:group:domain\040admins:rwx
default:mask::rwx
default:other::---
roy at lxd-m1:~$ sudo getfacl /srv/samba/users/karen
getfacl: Removing leading '/' from absolute path names
# file: srv/samba/users/karen
# owner: karen
# group: domain\040users
user::rwx
user:root:rwx
user:domain\040admins:rwx
group::---
group:NT\040Authority\\system:rwx
group:domain\040admins:rwx
group:domain\040users:---
group:karen:rwx
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:user:domain\040admins:rwx
default:user:karen:rwx
default:group::---
default:group:NT\040Authority\\system:rwx
default:group:domain\040admins:rwx
default:group:domain\040users:---
default:group:karen:rwx
default:mask::rwx
default:other::---
Thanks for your help,
Roy
On Mon, 29 Nov 2021, 09:54 L.P.H. van Belle via samba, <
samba at lists.samba.org> wrote:
> A full output of the created structure would be nice
> and helps to explain that.
>
> For all the used folders a getfacl should tell sufficent.
> getfacl /srv
> getfacl /srv/samba
> getfacl /srv/samba/users
> getfacl /srv/samba/users/username
>
> But i suspect "SYSTEM" is missing somewhere.
> And/Or did you change the Share Rights in Windows.
> Because, if you do that, AFTER users are created,
> it can mess up already existing folders and there rights.
>
> I work in this order.
> 1) install samba.
> 2) create the folders in /srv/samba and setup the shares.
> 3) setup the share and folder fights.
> 4) create users and set user home and profiles
>
> Greetz,
>
> Louis
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> > spindles seven via samba
> > Verzonden: zondag 28 november 2021 0:41
> > Aan: samba at lists.samba.org
> > CC: 'Patrick Goetz'
> > Onderwerp: Re: [Samba] chdir_current_service:
> > vfs_ChDir(/srv/samba/users) failed: Permission denied.
> >
> > On 27 November 2021 20:05 Ralph Boehme wrote:
> > > On 11/27/21 18:27, Patrick Goetz via samba wrote:
> > > > Sure, but Samba, which runs are root,
> > >
> > > smbd does not run as root when executing SMB requests, it
> > impersonates
> > > the user UNIX token while doing this.
> > >
> > OK, that explains why one of my Domain Computers got
> > permission denied, but that raises the other question - why
> > then is a normal user able to access his/her files which live
> > in /srv/samba/users/<username> without any problem? The
> > permissions on /srv/samba (before I added the "x") was
> > rwxrwx--- : root and Domain Admins only have access. So
> > Domain Users were able to traverse the hierarchy but not
> > Domain Computers. Why?
> >
> > Thanks,
> >
> > Roy
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list