[Samba] Group-based access instead of user-based?
tom uijldert
tom.uijldert at gmail.com
Fri Sep 9 14:34:06 UTC 2022
Hi,
�
Using the current V4.15.9-Ubuntu, a Windows client can access the top-level share, create a directory and browse there but not create a file in the subdir.
In the original setup (V4.13.7-Ubuntu), this was no problem and files and subdirs could be copied willy-nilly.
After rigorously hunting for differences in the setups I couldn’t find any.
So is there any changed default behaviour that I missed?
If not, suggestions on what to check?
�
Please find details below.
�
TIA,
Tom.
�
Original setup: Ubuntu server 20.04 with smbd (etc) V4.13.7
New setup: Ubuntu server 22.04 with V4.15.9.
�
Joined to our domain as member server, all domain users are mapped to 1 unix account/group.
Top-level share has “drwxrwxrwx”-security, hence copying is no problem.
Once subdir is created through the client, we see it is owned by that mapped unix user with “drwxr-xr-x”.
Using Windows File Explorer to try and copy a file into that subdir produces a “not allowed”
Only when the subdir gets added group-access (“drwxrwxr-x”) can the file be copied.
�
This is weird since the log *does* indicate that samba is using the correct uid/gid to do the copying.
See log-snippet here:
�
[2022/09/09 15:21:08.141987, 3] ../../source3/auth/user_util.c:406(map_username)
Mapped user SYSMX\mxs-10$ to administrator
[2022/09/09 15:21:08.151298, 3] ../../source3/auth/auth_generic.c:172(auth3_generate_session_info_pac)
Kerberos ticket principal name is [MXS-10$@SYSMX.NET]
[2022/09/09 15:21:08.153440, 3] ../../source3/param/loadparm.c:3962(lp_load_ex)
lp_load_ex: refreshing parameters
[2022/09/09 15:21:08.153586, 3] ../../source3/param/loadparm.c:557(init_globals)
Initialising global parameters
[2022/09/09 15:21:08.153838, 3] ../../source3/param/loadparm.c:2864(lp_do_section)
Processing section "[global]"
[2022/09/09 15:21:08.154368, 2] ../../source3/param/loadparm.c:2881(lp_do_section)
Processing section "[printers]"
[2022/09/09 15:21:08.154492, 2] ../../source3/param/loadparm.c:2881(lp_do_section)
Processing section "[print$]"
[2022/09/09 15:21:08.154589, 2] ../../source3/param/loadparm.c:2881(lp_do_section)
Processing section "[volwww]"
[2022/09/09 15:21:08.154678, 2] ../../source3/param/loadparm.c:2881(lp_do_section)
Processing section "[volnfs]"
[2022/09/09 15:21:08.154790, 3] ../../source3/param/loadparm.c:1665(lp_add_ipc)
adding IPC service
[2022/09/09 15:21:08.154942, 3] ../../source3/smbd/password.c:84(register_homes_share)
Adding homes service for user 'administrator' using home directory: '/home/administrator'
[2022/09/09 15:21:08.174611, 3] ../../lib/util/access.c:372(allow_access)
Allowed connection from 192.168.42.143 (192.168.42.143)
[2022/09/09 15:21:08.174745, 3] ../../source3/smbd/service.c:610(make_connection_snum)
make_connection_snum: Connect path is '/mnt/www' for service [volwww]
[2022/09/09 15:21:08.174825, 3] ../../source3/smbd/vfs.c:115(vfs_init_default)
Initialising default vfs hooks
[2022/09/09 15:21:08.174871, 3] ../../source3/smbd/vfs.c:141(vfs_init_custom)
Initialising custom vfs hooks from [/[Default VFS]/]
[2022/09/09 15:21:08.176152, 2] ../../source3/smbd/service.c:854(make_connection_snum)
192.168.42.143 (ipv4:192.168.42.143:51383) connect to service volwww initially as user administrator (uid=1000, gid=1000) (pid 4120)
[2022/09/09 15:21:08.235568, 3] ../../source3/smbd/dir.c:1031(smbd_dirptr_get_entry)
smbd_dirptr_get_entry mask=[*] found sounds/New folder (2)/. fname=. (.)
[2022/09/09 15:21:08.236861, 3] ../../source3/smbd/dir.c:1031(smbd_dirptr_get_entry)
smbd_dirptr_get_entry mask=[*] found sounds/New folder (2)/.. fname=.. (..)
[2022/09/09 15:21:08.239022, 3] ../../source3/smbd/smb2_server.c:3953(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[5] status[STATUS_NO_MORE_FILES] || at ../../source3/smbd/smb2_query_directory.c:160
[2022/09/09 15:21:09.718534, 3] ../../source3/smbd/smb2_server.c:3953(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_create.c:337
[2022/09/09 15:21:09.730407, 3] ../../source3/smbd/smb2_server.c:3953(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_create.c:337
[2022/09/09 15:21:09.741548, 3] ../../source3/smbd/smb2_server.c:3953(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_create.c:337
[2022/09/09 15:21:09.753652, 3] ../../source3/smbd/smb2_server.c:3953(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_create.c:337
[2022/09/09 15:21:09.765330, 3] ../../source3/smbd/smb2_server.c:3953(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_create.c:337
[2022/09/09 15:21:09.777182, 3] ../../source3/smbd/smb2_server.c:3953(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_create.c:337
[2022/09/09 15:21:09.789191, 3] ../../source3/smbd/smb2_server.c:3953(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_create.c:337
[2022/09/09 15:21:09.801010, 3] ../../source3/smbd/smb2_server.c:3953(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_create.c:337
[2022/09/09 15:21:09.812910, 3] ../../source3/smbd/smb2_server.c:3953(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_create.c:337
[2022/09/09 15:21:09.826372, 3] ../../source3/smbd/smb2_server.c:3953(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_create.c:337
[2022/09/09 15:21:09.839951, 3] ../../source3/smbd/smb2_server.c:3953(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_create.c:337
[2022/09/09 15:21:09.854998, 3] ../../source3/smbd/smb2_server.c:3953(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_create.c:337
[2022/09/09 15:21:09.868561, 3] ../../source3/smbd/smb2_server.c:3953(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_create.c:337
[2022/09/09 15:21:09.884403, 3] ../../source3/smbd/smb2_server.c:3953(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_create.c:337
[2022/09/09 15:21:09.897611, 3] ../../source3/smbd/smb2_server.c:3953(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_create.c:337
[2022/09/09 15:21:09.922228, 3] ../../source3/smbd/dir.c:1031(smbd_dirptr_get_entry)
smbd_dirptr_get_entry mask=[*] found sounds/New folder (2)/. fname=. (.)
[2022/09/09 15:21:09.923667, 3] ../../source3/smbd/dir.c:1031(smbd_dirptr_get_entry)
smbd_dirptr_get_entry mask=[*] found sounds/New folder (2)/.. fname=.. (..)
[2022/09/09 15:21:09.925967, 3] ../../source3/smbd/smb2_server.c:3953(smbd_smb2_request_error_ex)
�� smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[5] status[STATUS_NO_MORE_FILES] || at ../../source3/smbd/smb2_query_directory.c:160
[2022/09/09 15:21:11.805278, 3] ../../source3/smbd/smb2_notify.c:251(smbd_smb2_notify_send)
smbd_smb2_notify_send: notify change called on sounds/New folder (2), filter = DIR_NAME, recursive = 0
[2022/09/09 15:21:11.809835, 3] ../../source3/smbd/smb2_notify.c:251(smbd_smb2_notify_send)
smbd_smb2_notify_send: notify change called on sounds/New folder (2), filter = FILE_NAME|ATTRIBUTES|LAST_WRITE, recursive = 0
[2022/09/09 15:21:11.810911, 3] ../../source3/smbd/dir.c:1031(smbd_dirptr_get_entry)
smbd_dirptr_get_entry mask=[*] found . fname=. (.)
[2022/09/09 15:21:11.811690, 3] ../../source3/smbd/dir.c:1031(smbd_dirptr_get_entry)
smbd_dirptr_get_entry mask=[*] found .. fname=.. (..)
[
More information about the samba
mailing list