[Samba] world-inaccessible home dirs and samba log noise
Michael Tokarev
mjt at tls.msk.ru
Mon Jun 9 14:04:18 UTC 2025
Hi!
Some of our users changed permissions for their home dirs to
revoke access for everyone, making it 0750 instead of 0755.
This is the default on same linux distributions for quite some
time already, too.
Now, samba logs a lot of noise like this:
[2025/06/08 11:11:02.896807, 0]
source3/smbd/smb2_service.c:117(chdir_current_service)
chdir_current_service: vfs_ChDir(/home/jatok) failed: \
Permission denied. Current token: uid=2100, gid=2000, \
4 groups: 2000 5000 5001 5002
(the groups comes from the domain controller, these are
2000 - domain computers
5000 - BUILTIN\administrators
5001 - BUILTIN\users
5002 - BUILTIN\guests
Why each computer is a member of BUILTIN\users group anyway,
when it is not a user but a computer?
So, which permissions should a user home directory have to
avoid this log spam by samba?
Thanks,
/mjt
More information about the samba
mailing list