[Samba] Share access permission errors after upgrade from 4.12.14

Rowland Penny rpenny at samba.org
Fri Jan 19 10:41:02 UTC 2024


On Fri, 19 Jan 2024 10:12:12 +0000
Rowland Penny via samba <samba at lists.samba.org> wrote:

> On Tue, 16 Jan 2024 23:28:24 +0000
> unraidster via samba <samba at lists.samba.org> wrote:
> 
> > On Tuesday, 16 January 2024 at 09:46, Rowland Penny via samba
> > <samba at lists.samba.org> wrote:
> > 
> > > As far as I can see, unraid is based on slackware, so it should
> > > work. Is it possible to check the ownership & permissions set on
> > > /mnt/user/PrivateShare ?
> > >
> > > Is either apparmor or selinux running ?
> > >
> > > Rowland
> > 
> > Thanks for the reply, I have included some responses below:
> > 
> > The permissions set to /mnt/user/PrivateShare is:
> > 
> > 	drwxrwx---+ 1 ur_admin   ur-lab_access 4.0K May 24  2023
> > PrivateShare/
> > 
> > There is an ACL set on that folder too:
> > 
> > 	getfacl: Removing leading '/' from absolute path names
> > 	# file: mnt/user/PrivateShare/
> > 	# owner: ur_admin
> > 	# group: ur-lab_access
> > 	user::rwx
> > 	user:ur-lab_access:rwx
> > 	user:ur-lab-privateshare-ro:r-x
> > 	user:ur-lab-privateshare-rw:rwx
> > 	group::rwx
> > 	group:ur_admin:rwx
> > 	group:ur-lab_access:rwx
> > 	group:ur-lab-privateshare-ro:r-x
> > 	group:ur-lab-privateshare-rw:rwx
> > 	mask::rwx
> > 	other::---
> > 	default:user::rwx
> > 	default:user:ur_admin:rwx
> > 	default:user:ur-lab-privateshare-ro:r-x
> > 	default:user:ur-lab-privateshare-rw:rwx
> > 	default:group::---
> > 	default:group:ur_admin:rwx
> > 	default:group:ur-lab_access:---
> > 	default:group:ur-lab-privateshare-ro:r-x
> > 	default:group:ur-lab-privateshare-rw:rwx
> > 	default:mask::rwx
> > 	default:other::---
> > 
> > 
> > The rwuser is a member of the ur-lab-privateshare-rw group. I
> > noticed that there are two groups (ur-lab-privateshare-ro and
> > ur-lab-privateshare-rw) setup with a user and a group permission in
> > the ACL. I retested after removing both groups' user permission
> > (leaving the intended group ACL entry for each group) and still
> > received the same error. The non-updated-IDMAP configuration I
> > started the thread with did not have a duplicate user ACL for the
> > groups and therefore I suspect it isn’t contributing to this issue.
> > 
> > apparmor: I tried the following commands to see if apparmor was
> > enabled: cat /sys/module/apparmor/parameters/enabled
> > 	sudo apparmor_status
> > 
> > 	Neither returned a result.
> > 
> > Selinux: I tried the following commands to see if selinux was
> > enabled: sudo getenforce
> > 	sudo sestatus
> > 
> > 	Neither returned a result.
> > 
> > Therefore, I suspect that apparmor and selinux are not
> > installed/enabled.
> > 
> > Best Regards,
> > Unraidster
> > 
> 
> Sorry to be so long in replying to this, but life got in the way.
> 
> You initially had an incorrect smb.conf and you changed it, but by
> doing so you will have changed the user & group IDs, not their names,
> the numbers. You will probably need to change the user & group
> ownership of all directories & files and run 'net cache flush' as
> root.
> 
> You also say this is on a computer running unraid, did your initial
> smb.conf come from just clicking things on a 'web page' on your unraid
> box ?
> 
> Rowland
>  
> 

So, I took a wander over to the unraid community forum and found a post
which seems to say that this problem has been going on for nearly a
year, is this correct ?

I was hoping to possibly find a link to the source, but couldn't find
one, so I have no idea just what the default smb.conf is.

Rowland



More information about the samba mailing list