[Samba] Group-based access instead of user-based?

tom uijldert tom.uijldert at gmail.com
Fri Sep 9 14:34:06 UTC 2022


Hi,

 �

Using the current V4.15.9-Ubuntu, a Windows client can access the top-level share, create a directory and browse there but not create a file in the subdir.

In the original setup (V4.13.7-Ubuntu), this was no problem and files and subdirs could be copied willy-nilly.

After rigorously hunting for differences in the setups I couldn’t find any.

So is there any changed default behaviour that I missed?

If not, suggestions on what to check?

 �

Please find details below.

 �

TIA,

    Tom.

 �

Original setup: Ubuntu server 20.04 with smbd (etc) V4.13.7

New setup: Ubuntu server 22.04 with V4.15.9.

 �

Joined to our domain as member server, all domain users are mapped to 1 unix account/group.

Top-level share has “drwxrwxrwx”-security, hence copying is no problem.

Once subdir is created through the client, we see it is owned by that mapped unix user with “drwxr-xr-x”.

Using Windows File Explorer to try and copy a file into that subdir produces a “not allowed”

Only when the subdir gets added group-access (“drwxrwxr-x”) can the file be copied.

 �

This is weird since the log *does* indicate that samba is using the correct uid/gid to do the copying.

See log-snippet here:

 �

[2022/09/09 15:21:08.141987,  3] ../../source3/auth/user_util.c:406(map_username)

  Mapped user SYSMX\mxs-10$ to administrator

[2022/09/09 15:21:08.151298,  3] ../../source3/auth/auth_generic.c:172(auth3_generate_session_info_pac)

  Kerberos ticket principal name is [MXS-10$@SYSMX.NET]

[2022/09/09 15:21:08.153440,  3] ../../source3/param/loadparm.c:3962(lp_load_ex)

  lp_load_ex: refreshing parameters

[2022/09/09 15:21:08.153586,  3] ../../source3/param/loadparm.c:557(init_globals)

  Initialising global parameters

[2022/09/09 15:21:08.153838,  3] ../../source3/param/loadparm.c:2864(lp_do_section)

  Processing section "[global]"

[2022/09/09 15:21:08.154368,  2] ../../source3/param/loadparm.c:2881(lp_do_section)

  Processing section "[printers]"

[2022/09/09 15:21:08.154492,  2] ../../source3/param/loadparm.c:2881(lp_do_section)

  Processing section "[print$]"

[2022/09/09 15:21:08.154589,  2] ../../source3/param/loadparm.c:2881(lp_do_section)

  Processing section "[volwww]"

[2022/09/09 15:21:08.154678,  2] ../../source3/param/loadparm.c:2881(lp_do_section)

  Processing section "[volnfs]"

[2022/09/09 15:21:08.154790,  3] ../../source3/param/loadparm.c:1665(lp_add_ipc)

  adding IPC service

[2022/09/09 15:21:08.154942,  3] ../../source3/smbd/password.c:84(register_homes_share)

  Adding homes service for user 'administrator' using home directory: '/home/administrator'

[2022/09/09 15:21:08.174611,  3] ../../lib/util/access.c:372(allow_access)

  Allowed connection from 192.168.42.143 (192.168.42.143)

[2022/09/09 15:21:08.174745,  3] ../../source3/smbd/service.c:610(make_connection_snum)

  make_connection_snum: Connect path is '/mnt/www' for service [volwww]

[2022/09/09 15:21:08.174825,  3] ../../source3/smbd/vfs.c:115(vfs_init_default)

  Initialising default vfs hooks

[2022/09/09 15:21:08.174871,  3] ../../source3/smbd/vfs.c:141(vfs_init_custom)

  Initialising custom vfs hooks from [/[Default VFS]/]

[2022/09/09 15:21:08.176152,  2] ../../source3/smbd/service.c:854(make_connection_snum)

  192.168.42.143 (ipv4:192.168.42.143:51383) connect to service volwww initially as user administrator (uid=1000, gid=1000) (pid 4120)

[2022/09/09 15:21:08.235568,  3] ../../source3/smbd/dir.c:1031(smbd_dirptr_get_entry)

  smbd_dirptr_get_entry mask=[*] found sounds/New folder (2)/. fname=. (.)

[2022/09/09 15:21:08.236861,  3] ../../source3/smbd/dir.c:1031(smbd_dirptr_get_entry)

  smbd_dirptr_get_entry mask=[*] found sounds/New folder (2)/.. fname=.. (..)

[2022/09/09 15:21:08.239022,  3] ../../source3/smbd/smb2_server.c:3953(smbd_smb2_request_error_ex)

  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[5] status[STATUS_NO_MORE_FILES] || at ../../source3/smbd/smb2_query_directory.c:160

[2022/09/09 15:21:09.718534,  3] ../../source3/smbd/smb2_server.c:3953(smbd_smb2_request_error_ex)

  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_create.c:337

[2022/09/09 15:21:09.730407,  3] ../../source3/smbd/smb2_server.c:3953(smbd_smb2_request_error_ex)

  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_create.c:337

[2022/09/09 15:21:09.741548,  3] ../../source3/smbd/smb2_server.c:3953(smbd_smb2_request_error_ex)

  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_create.c:337

[2022/09/09 15:21:09.753652,  3] ../../source3/smbd/smb2_server.c:3953(smbd_smb2_request_error_ex)

  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_create.c:337

[2022/09/09 15:21:09.765330,  3] ../../source3/smbd/smb2_server.c:3953(smbd_smb2_request_error_ex)

  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_create.c:337

[2022/09/09 15:21:09.777182,  3] ../../source3/smbd/smb2_server.c:3953(smbd_smb2_request_error_ex)

  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_create.c:337

[2022/09/09 15:21:09.789191,  3] ../../source3/smbd/smb2_server.c:3953(smbd_smb2_request_error_ex)

  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_create.c:337

[2022/09/09 15:21:09.801010,  3] ../../source3/smbd/smb2_server.c:3953(smbd_smb2_request_error_ex)

  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_create.c:337

[2022/09/09 15:21:09.812910,  3] ../../source3/smbd/smb2_server.c:3953(smbd_smb2_request_error_ex)

  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_create.c:337

[2022/09/09 15:21:09.826372,  3] ../../source3/smbd/smb2_server.c:3953(smbd_smb2_request_error_ex)

  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_create.c:337

[2022/09/09 15:21:09.839951,  3] ../../source3/smbd/smb2_server.c:3953(smbd_smb2_request_error_ex)

  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_create.c:337

[2022/09/09 15:21:09.854998,  3] ../../source3/smbd/smb2_server.c:3953(smbd_smb2_request_error_ex)

  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_create.c:337

[2022/09/09 15:21:09.868561,  3] ../../source3/smbd/smb2_server.c:3953(smbd_smb2_request_error_ex)

  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_create.c:337

[2022/09/09 15:21:09.884403,  3] ../../source3/smbd/smb2_server.c:3953(smbd_smb2_request_error_ex)

  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_create.c:337

[2022/09/09 15:21:09.897611,  3] ../../source3/smbd/smb2_server.c:3953(smbd_smb2_request_error_ex)

  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_create.c:337

[2022/09/09 15:21:09.922228,  3] ../../source3/smbd/dir.c:1031(smbd_dirptr_get_entry)

  smbd_dirptr_get_entry mask=[*] found sounds/New folder (2)/. fname=. (.)

[2022/09/09 15:21:09.923667,  3] ../../source3/smbd/dir.c:1031(smbd_dirptr_get_entry)

  smbd_dirptr_get_entry mask=[*] found sounds/New folder (2)/.. fname=.. (..)

[2022/09/09 15:21:09.925967,  3] ../../source3/smbd/smb2_server.c:3953(smbd_smb2_request_error_ex)

�� smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[5] status[STATUS_NO_MORE_FILES] || at ../../source3/smbd/smb2_query_directory.c:160

[2022/09/09 15:21:11.805278,  3] ../../source3/smbd/smb2_notify.c:251(smbd_smb2_notify_send)

  smbd_smb2_notify_send: notify change called on sounds/New folder (2), filter = DIR_NAME, recursive = 0

[2022/09/09 15:21:11.809835,  3] ../../source3/smbd/smb2_notify.c:251(smbd_smb2_notify_send)

  smbd_smb2_notify_send: notify change called on sounds/New folder (2), filter = FILE_NAME|ATTRIBUTES|LAST_WRITE, recursive = 0

[2022/09/09 15:21:11.810911,  3] ../../source3/smbd/dir.c:1031(smbd_dirptr_get_entry)

  smbd_dirptr_get_entry mask=[*] found . fname=. (.)

[2022/09/09 15:21:11.811690,  3] ../../source3/smbd/dir.c:1031(smbd_dirptr_get_entry)

  smbd_dirptr_get_entry mask=[*] found .. fname=.. (..)

[



More information about the samba mailing list