[Samba] samba share not allowing owner of folder
maillists_samba at diversity.nl
maillists_samba at diversity.nl
Sat Apr 30 11:04:24 UTC 2022
a possible important detail I forgot to mention is that the filesystem
is ZFS. Does that matter?
Just to be complete in info I'll include extra info on how the
filesystem is set
* acltype=posixacl
* aclmode=discard
* aclinherit=discard
-------- Original Message --------
Subject: Re: [Samba] samba share not allowing owner of folder
Date: 30-04-2022 08:07
From: maillists_samba at diversity.nl
To: samba at lists.samba.org
In the meantime I have added the
vfs objects = acl_xattr
to the global section
I changed the chmod to 770 recursivly
I changed the owner (chown) to root:root recursivly
I added the proxmox user to the acl using setfacl
I am still failing ;( What am I missing?
# testparm -s
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Weak crypto is allowed
Server role: ROLE_STANDALONE
# Global parameters
[global]
log file = /var/log/samba/log.%m
logging = file
map to guest = Bad User
max log size = 1000
obey pam restrictions = Yes
pam password change = Yes
panic action = /usr/share/samba/panic-action %d
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
passwd program = /usr/bin/passwd %u
server role = standalone server
unix password sync = Yes
idmap config * : backend = tdb
vfs objects = acl_xattr
[proxmox-trx40]
comment = Aiii
inherit permissions = Yes
path = /{redacted}/hypervisors/proxmox/trx40_1
read only = No
valid users = master proxmox
ls -l /{redacted}/
drwxrwx---+ 3 root root 3 Mar 24 18:04 hypervisors
getfacl hypervisors
# file: hypervisors
# owner: root
# group: root
user::rwx
user:master:rwx
user:proxmox:rwx
group::rwx
mask::rwx
other::---
smbclient "\\\\{redacted}\\proxmox-trx40" -U proxmox
Enter WORKGROUP\proxmox's password:
Try "help" to get a list of possible commands.
smb: \> ls
NT_STATUS_ACCESS_DENIED listing \*
smb: \>
On 11-04-2022 13:02, Rowland Penny via samba wrote:
> On Mon, 2022-04-11 at 12:30 +0200, maillists_samba--- via samba wrote:
>> How to allow the owner of a folder that is shared access to that
>> share?
>>
>> I have;
>>
>> Samba version 4.13.13-Debian
>>
>> # testparm -s
>> Load smb config files from /etc/samba/smb.conf
>> Loaded services file OK.
>> Weak crypto is allowed
>> Server role: ROLE_STANDALONE
>>
>> ----------
>> # Global parameters
>> [global]
>> log file = /var/log/samba/log.%m
>> logging = file
>> map to guest = Bad User
>> max log size = 1000
>> obey pam restrictions = Yes
>> pam password change = Yes
>> panic action = /usr/share/samba/panic-action %d
>> passwd chat = *Enter\snew\s*\spassword:* %n\n
>> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>> passwd program = /usr/bin/passwd %u
>> server role = standalone server
>> unix password sync = Yes
>> usershare allow guests = Yes
>> idmap config * : backend = tdb
>>
>> [proxmox-trx40]
>> comment = Aiii
>> inherit permissions = Yes
>> path = /{redacted}/hypervisors/proxmox/trx40_1
>> read only = No
>> valid users = proxmox
>>
>> ----------
>>
>> ls -l /{redacted}/
>>
>> drwxrwx---+ 3 proxmox proxmox 3 Mar 24 18:04 hypervisors
>
> On the face of it, only 'proxmox' and members of the 'proxmox' group
> can enter the hypervisors directory, but notice the '+' on the end of
> the permissions, this means that you have extended ACLs set. However
> you are missing a parameter in the smb.conf global section.
>
> Add 'vfs objects = acl_xattr' to smb.conf, restart Samba and then read
> up on 'setfacl' and 'getfacl'.
>
> Rowland
More information about the samba
mailing list