[Samba] Regarding close-denied-share option
., Srikanth N S
srikanth.nagasubbaraoseetharaman at hpe.com
Wed Jun 18 13:36:25 UTC 2025
Thanks Rowland for the reply.
If I understand correctly, if the share permission was RW and if I add an user in the read list then close-denied-share will work because I am denying write permission. If I remove the user from the read list then close-denied-share will not have any effect because the user is not denied of any permission (read or write).
Please let us know if my understanding is correct. If so then could you please let us know how to notify this change to SMB client in this case.
We also tried the reverse scenario which is having RO permission for the share and then add an user to the write list. As mentioned earlier adding an user is notified to the windows client when we issue close-denied-share. But when we remove the user from the write list and then issue close-denied-share the client is not notified of the permission change. In this case the user is actually denied of write permission and hence we expect close-denied-share to notify the SMB client.
Please clarify.
Regards,
Srikanth NS
From: samba <samba-bounces at lists.samba.org> on behalf of Rowland Penny via samba <samba at lists.samba.org>
Date: Wednesday, 18 June 2025 at 6:12 PM
To: samba at lists.samba.org <samba at lists.samba.org>
Cc: Rowland Penny <rpenny at samba.org>
Subject: Re: [Samba] Regarding close-denied-share option
On Wed, 18 Jun 2025 12:01:14 +0000
"., Srikanth N S via samba" <samba at lists.samba.org> wrote:
> Hi,
>
> We have observed that when we remove the ACL of a Windows user and
> call smbcontrol close-denied-share the share permissions are not
> getting updated dynamically. Even if we unmap and map the share the
> share permissions are not getting reflected on Windows.
>
> But in case of Adding/Updating ACL using smbcontrol
> close-denied-share works as expected.
>
> Following is our test case details:
>
> * Created a share “share1” with RW permission
>
>
> [share1]
> path = /mnt/export
> read only = no
> read list =
> write list =
>
>
> * Logged in as user “matt” on windows and mapped “share1”. We can
> read and write on share1
> * Created an ACL for “matt” with RO permission
>
> [share1]
> path = /mnt/export
> read only = no
> read list = matt
> write list =
>
>
> * Ran smbcontrol smbd close-denied-share share1
> * Observed that the user “matt” cannot write i.e only has READ
> permissons as expected
> * Removed ACL for “matt”
>
> [share1]
> path = /mnt/export
> read only = no
> read list =
> write list =
>
>
> * Ran smbcontrol smbd close-denied-share share1
> * Observed that the user “matt” still has RO permission. We
> expected the user to have the default share1 permissions which is RW
>
> Please clarify.
>
> Thanks & Regards,
> Srikanth N S
I think if you read the man page for smbcontrol, you might understand
what is going on here.
The user is only disconnected if they are connected, but have been
placed on the 'read list' since they connected. If they are connected
and removed from the 'read list', they are not disconnected when
'smbcontrol smbd close-denied-share' is run, because they are allowed
access.
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://urldefense.com/v3/__https://lists.samba.org/mailman/options/samba__;!!NpxR!nfsKufAdk3_mUGcAv-5c8QAD58Esh6p6aDN2XtEn2VjcJOqcXXi0BbJ8qju6cLzBmvKqMuhjrGaz_reW4HN4R5Rq9LmmE53m$<https://urldefense.com/v3/__https:/lists.samba.org/mailman/options/samba__;!!NpxR!nfsKufAdk3_mUGcAv-5c8QAD58Esh6p6aDN2XtEn2VjcJOqcXXi0BbJ8qju6cLzBmvKqMuhjrGaz_reW4HN4R5Rq9LmmE53m$>
More information about the samba
mailing list