[Samba] Cleanup permission settings / traverse folder

Rowland Penny rpenny at samba.org
Mon Mar 20 16:58:41 UTC 2023



On 20/03/2023 16:22, Thomas Hoffmann (Speed4Trade GmbH) via samba wrote:
> Hello,
> I have problems removing the permission settings on a directory/folder after configuration of a share.
> 
> My folders look like:
> /var/folder1/folder2/
> 
> I created share1 on folder1 and share2 on folder2.
> Afterwards, I activated ACLs and set permission on folder1 to domain/group1 and on folder2 to domain/group2.
> 
> I couldn't access share2 with a user from group2 and I figured out that Samba doesn't support SeChangeNotifyPrivilege  (bypass traverse checking).

According to 'net rpc rights list' it does, but it is described as 
'Register for change notify', however, in previous documentation it was 
described as 'Bypass traverse checking'. I do not know when the 
description changed or why.

> Because user2 from group2 doesn't have any permissions on folder1, the user can't access folder2 and therefore can't access share2.
> 
> So far, so good. I decided to remove share1 because it was only a share for convenience. Afterwards I deleted the ACLs on folder1 with "setfacl -bn /var/folder1/ "
> Unfortunately, user2 still can't access share2. Somehow folder1 is still blocking user2 to access folder2.
> When I create folder2 somewhere else with the exact same settings, everything works.
> Does samba store some permissions at another place? How to tidy up the settings on folder1 properly?
> Any hints would be appreciated. Thanks!
> I can provide smb-settings if needed.

Please post the output of 'testparm -s' (sanitised if required) and the 
permissions set on the share.

Rowland




More information about the samba mailing list