[Samba] unix_primary_group not used when writing files
Rowland Penny
rpenny at samba.org
Thu Aug 18 12:20:40 UTC 2022
On Thu, 2022-08-18 at 13:15 +0100, Matthew Richardson via samba wrote:
> > It looks like inheritance may be causing this.
> >
> > Can you run these commands:
> >
> > ls -lad /home
>
> drwxrwxr-x 5 root root 3 Aug 16 17:11 /home
> > getfacl /home
>
> getfacl: Removing leading '/' from absolute path names
> # file: home
> # owner: root
> # group: root
> user::rwx
> group::rwx
> other::r-x
>
> > sudo samba-tool ntacl get /home --as-sddl
> >
>
> security_descriptor: struct security_descriptor
> revision : SECURITY_DESCRIPTOR_REVISION_1 (1)
> type : 0x8004 (32772)
> 0: SEC_DESC_OWNER_DEFAULTED
> 0: SEC_DESC_GROUP_DEFAULTED
> 1: SEC_DESC_DACL_PRESENT
> 0: SEC_DESC_DACL_DEFAULTED
> 0: SEC_DESC_SACL_PRESENT
> 0: SEC_DESC_SACL_DEFAULTED
> 0: SEC_DESC_DACL_TRUSTED
> 0: SEC_DESC_SERVER_SECURITY
> 0: SEC_DESC_DACL_AUTO_INHERIT_REQ
> 0: SEC_DESC_SACL_AUTO_INHERIT_REQ
> 0: SEC_DESC_DACL_AUTO_INHERITED
> 0: SEC_DESC_SACL_AUTO_INHERITED
> 0: SEC_DESC_DACL_PROTECTED
> 0: SEC_DESC_SACL_PROTECTED
> 0: SEC_DESC_RM_CONTROL_VALID
> 1: SEC_DESC_SELF_RELATIVE
> owner_sid : *
> owner_sid : S-1-22-1-0
> group_sid : *
> group_sid : S-1-22-2-0
> sacl : NULL
> dacl : *
> dacl: struct security_acl
> revision : SECURITY_ACL_REVISION_NT4
> (2)
> size : 0x0088 (136)
> num_aces : 0x00000006 (6)
> aces: ARRAY(6)
> aces: struct security_ace
> type :
> SEC_ACE_TYPE_ACCESS_ALLOWED (0)
> flags : 0x00 (0)
> 0: SEC_ACE_FLAG_OBJECT_INHERIT
> 0: SEC_ACE_FLAG_CONTAINER_INHERIT
> 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
> 0: SEC_ACE_FLAG_INHERIT_ONLY
> 0: SEC_ACE_FLAG_INHERITED_ACE
> 0x00: SEC_ACE_FLAG_VALID_INHERIT (0)
> 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
> 0: SEC_ACE_FLAG_FAILED_ACCESS
> size : 0x0018 (24)
> access_mask : 0x001f01ff
> (2032127)
> object : union
> security_ace_object_ctr(case 0)
> trustee : S-1-22-1-0
> aces: struct security_ace
> type :
> SEC_ACE_TYPE_ACCESS_ALLOWED (0)
> flags : 0x00 (0)
> 0: SEC_ACE_FLAG_OBJECT_INHERIT
> 0: SEC_ACE_FLAG_CONTAINER_INHERIT
> 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
> 0: SEC_ACE_FLAG_INHERIT_ONLY
> 0: SEC_ACE_FLAG_INHERITED_ACE
> 0x00: SEC_ACE_FLAG_VALID_INHERIT (0)
> 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
> 0: SEC_ACE_FLAG_FAILED_ACCESS
> size : 0x0018 (24)
> access_mask : 0x001200a9
> (1179817)
> object : union
> security_ace_object_ctr(case 0)
> trustee : S-1-22-2-0
> aces: struct security_ace
> type :
> SEC_ACE_TYPE_ACCESS_ALLOWED (0)
> flags : 0x00 (0)
> 0: SEC_ACE_FLAG_OBJECT_INHERIT
> 0: SEC_ACE_FLAG_CONTAINER_INHERIT
> 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
> 0: SEC_ACE_FLAG_INHERIT_ONLY
> 0: SEC_ACE_FLAG_INHERITED_ACE
> 0x00: SEC_ACE_FLAG_VALID_INHERIT (0)
> 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
> 0: SEC_ACE_FLAG_FAILED_ACCESS
> size : 0x0014 (20)
> access_mask : 0x001200a9
> (1179817)
> object : union
> security_ace_object_ctr(case 0)
> trustee : S-1-1-0
> aces: struct security_ace
> type :
> SEC_ACE_TYPE_ACCESS_ALLOWED (0)
> flags : 0x0b (11)
> 1: SEC_ACE_FLAG_OBJECT_INHERIT
> 1: SEC_ACE_FLAG_CONTAINER_INHERIT
> 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
> 1: SEC_ACE_FLAG_INHERIT_ONLY
> 0: SEC_ACE_FLAG_INHERITED_ACE
> 0x0b: SEC_ACE_FLAG_VALID_INHERIT (11)
> 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
> 0: SEC_ACE_FLAG_FAILED_ACCESS
> size : 0x0014 (20)
> access_mask : 0x001f01ff
> (2032127)
> object : union
> security_ace_object_ctr(case 0)
> trustee : S-1-3-0
> aces: struct security_ace
> type :
> SEC_ACE_TYPE_ACCESS_ALLOWED (0)
> flags : 0x0b (11)
> 1: SEC_ACE_FLAG_OBJECT_INHERIT
> 1: SEC_ACE_FLAG_CONTAINER_INHERIT
> 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
> 1: SEC_ACE_FLAG_INHERIT_ONLY
> 0: SEC_ACE_FLAG_INHERITED_ACE
> 0x0b: SEC_ACE_FLAG_VALID_INHERIT (11)
> 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
> 0: SEC_ACE_FLAG_FAILED_ACCESS
> size : 0x0014 (20)
> access_mask : 0x001200a9
> (1179817)
> object : union
> security_ace_object_ctr(case 0)
> trustee : S-1-3-1
> aces: struct security_ace
> type :
> SEC_ACE_TYPE_ACCESS_ALLOWED (0)
> flags : 0x0b (11)
> 1: SEC_ACE_FLAG_OBJECT_INHERIT
> 1: SEC_ACE_FLAG_CONTAINER_INHERIT
> 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
> 1: SEC_ACE_FLAG_INHERIT_ONLY
> 0: SEC_ACE_FLAG_INHERITED_ACE
> 0x0b: SEC_ACE_FLAG_VALID_INHERIT (11)
> 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS
> 0: SEC_ACE_FLAG_FAILED_ACCESS
> size : 0x0014 (20)
> access_mask : 0x001200a9
> (1179817)
> object : union
> security_ace_object_ctr(case 0)
> trustee : S-1-1-0
> The University of Edinburgh is a charitable body, registered in
> Scotland, with registration number SC005336. Is e buidheann
> carthannais a th’ ann an Oilthigh Dhùn Èideann, clàraichte an Alba,
> àireamh clàraidh SC005336.
Can we see your entire smb.conf, sanitised if you must.
Rowland
More information about the samba
mailing list