bad rights -rwxrw---- 1 gbayard enseign 8 avr 29 15:03 truc.txt
must be -rwxrwx--- 1 gbayard enseign 8 avr 29 15:03 truc.txt ----------------------------------- Stéphane PURNELLE Admin. Systèmes et Réseaux Service Informatique Corman S.A. Tel : 00 32 (0)87/342467 samba-bounces+stephane.purnelle=corman...@lists.samba.org a écrit sur 06/05/2009 12:50:51 : > Hello all, > > I want to set up a share for a project (enseign) > First thing I did is to create a group for that project (with > smbldap-groupadd) and add project members to that group. > Then I created a test_smb directory on my linux server with the > following access rights: > > drwxrwx--- 2 gbayard enseign 4096 avr 29 15:03 /test_smb > > Note: the idea is that only group members should be able to > create/destroy files in this share (the user value should not be used) > > Then I added the following to smb.conf: > > [test] > path = /test_smb > writable = yes > # browseable = no > # create mask = 0770 > # valid users = @enseign > # directory mask = 0775 > # force group = enseign > > Commented values work fine but are not required to expose my problem so > I use very basic share settings > > Under linux I create the following file in /test_smb: > -rwxrw---- 1 gbayard enseign 8 avr 29 15:03 truc.txt > > After I restart smb with /etc/init.d/smb restart I switch to XP and go > to my share \\server\test and here is what's happening: > - if I connect with user gbayard (who is the share user) everything is > right. I can create/edit/destroy files > - if I connect with user javerage who belongs to group enseign then I > can modify the content of truc.txt (so group membership seems > acknowledged by windows) but I can't destroy the file (seems like > directory 'write' right to the group enseign is ignored). If I want to > create a new file it works but I can't rename or destroy it (I end up > with a "new document.txt" file that I can edit but not rename or > destroy)... Mmm. I'm puzzled! > > I've check access to the share from a linux client (through gvfs on > ubuntu) and it works as expected. So it seems like a windows XP client > problem. I've checked all smb.conf options and could not find any > workaround option. > > As additionnal info I'm attaching samba log for file deletion trial from > XP (failure) and from linux (success). And also my server's options > (testparm -sv) > > Any ideas? > > Gildas > > > Load smb config files from /etc/samba/smb.conf > Processing section "[homes]" > Processing section "[projects]" > Processing section "[test]" > Processing section "[web]" > Processing section "[netlogon]" > Loaded services file OK. > Server role: ROLE_DOMAIN_PDC > [global] > dos charset = CP850 > unix charset = UTF-8 > display charset = LOCALE > workgroup = HDS > realm = > netbios name = NEO > netbios aliases = > netbios scope = > server string = storage > interfaces = 172.17.1.42/16 > bind interfaces only = Yes > security = USER > auth methods = > encrypt passwords = Yes > update encrypted = No > client schannel = Auto > server schannel = Auto > allow trusted domains = Yes > map to guest = Never > null passwords = No > obey pam restrictions = No > password server = * > smb passwd file = /etc/samba/smbpasswd > private dir = /etc/samba > passdb backend = ldapsam:ldap://ldap.gi.utc:983 > algorithmic rid base = 1000 > root directory = > guest account = ftp > enable privileges = Yes > pam password change = No > passwd program = > passwd chat = *new*password* %n\n *new*password* %n\n *changed* > passwd chat debug = No > passwd chat timeout = 2 > check password script = > username map = /etc/samba/smbusers > password level = 8 > username level = 8 > unix password sync = No > restrict anonymous = 0 > lanman auth = Yes > ntlm auth = Yes > client NTLMv2 auth = No > client lanman auth = Yes > client plaintext auth = Yes > preload modules = > use kerberos keytab = No > log level = 4 > syslog = 1 > syslog only = No > log file = /var/log/samba/%m.log > max log size = 50 > debug timestamp = Yes > debug prefix timestamp = No > debug hires timestamp = No > debug pid = No > debug uid = No > enable core files = Yes > smb ports = 445 139 > large readwrite = Yes > max protocol = NT1 > min protocol = CORE > read bmpx = No > read raw = Yes > write raw = Yes > disable netbios = No > reset on zero vc = No > acl compatibility = auto > defer sharing violations = Yes > nt pipe support = Yes > nt status support = Yes > announce version = 4.9 > announce as = NT > max mux = 50 > max xmit = 16644 > name resolve order = host wins lmhosts > max ttl = 259200 > max wins ttl = 518400 > min wins ttl = 21600 > time server = No > unix extensions = Yes > use spnego = Yes > client signing = auto > server signing = No > client use spnego = Yes > enable asu support = No > svcctl list = > deadtime = 60 > getwd cache = Yes > keepalive = 300 > lpq cache time = 30 > max smbd processes = 0 > paranoid server security = Yes > max disk size = 0 > max open files = 101 > open files database hash size = 10007 > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 IPTOS_LOWDELAY > use mmap = Yes > hostname lookups = No > name cache timeout = 660 > load printers = Yes > printcap cache time = 750 > printcap name = > cups server = > iprint server = > disable spoolss = No > addport command = > enumports command = > addprinter command = > deleteprinter command = > show add printer wizard = Yes > os2 driver map = > mangling method = hash2 > mangle prefix = 1 > max stat cache size = 1024 > stat cache = Yes > machine password timeout = 604800 > add user script = /usr/local/sbin/smbldap-useradd -m "%u" > rename user script = > delete user script = /usr/local/sbin/smbldap-userdel "%u" > add group script = /usr/local/sbin/smbldap-groupadd -p '%g' > delete group script = /usr/local/sbin/smbldap-groupdel "%g" > add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g" > delete user from group script = /usr/local/sbin/smbldap-groupmod > -x "%u" "%g" > set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u" > add machine script = /usr/local/sbin/smbldap-useradd -w -i '%u' > shutdown script = > abort shutdown script = > username map script = > logon script = logon.bat > logon path = \\%N\%U\profile > logon drive = > logon home = \\%N\%U > domain logons = Yes > os level = 33 > lm announce = Auto > lm interval = 60 > preferred master = Yes > local master = Yes > domain master = Yes > browse list = Yes > enhanced browsing = Yes > dns proxy = Yes > wins proxy = No > wins server = 172.17.1.23 > wins support = No > wins hook = > kernel oplocks = Yes > lock spin time = 200 > oplock break wait time = 0 > ldap admin dn = "cn=Manager,dc=gi,dc=utc" > ldap delete dn = No > ldap group suffix = ou=Groups > ldap idmap suffix = > ldap machine suffix = ou=Computers > ldap passwd sync = Yes > ldap replication sleep = 1000 > ldap suffix = dc=gi,dc=utc > ldap ssl = no > ldap timeout = 15 > ldap page size = 1024 > ldap user suffix = ou=people > add share command = > change share command = > delete share command = > eventlog list = > config file = > preload = > lock directory = /var/cache/samba > pid directory = /var/run > utmp directory = > wtmp directory = > utmp = No > default service = > message command = > get quota command = > set quota command = > remote announce = > remote browse sync = > socket address = 0.0.0.0 > homedir map = auto.home > afs username map = > afs token lifetime = 604800 > log nt token command = > time offset = 0 > NIS homedir = No > usershare allow guests = No > usershare max shares = 0 > usershare owner only = Yes > usershare path = /var/cache/samba/usershares > usershare prefix allow list = > usershare prefix deny list = > usershare template share = > panic action = > host msdfs = Yes > passdb expand explicit = No > idmap domains = > idmap backend = > idmap alloc backend = > idmap cache time = 900 > idmap negative cache time = 120 > idmap uid = 16777216-33554431 > idmap gid = 16777216-33554431 > template homedir = /home/%D/%U > template shell = /bin/false > winbind separator = \ > winbind cache time = 300 > winbind enum users = No > winbind enum groups = No > winbind use default domain = No > winbind trusted domains only = No > winbind nested groups = Yes > winbind nss info = template > winbind refresh tickets = No > winbind offline logon = No > winbind normalize names = No > comment = > path = > username = > invalid users = > valid users = > admin users = > read list = > write list = > printer admin = > force user = > force group = > read only = Yes > acl check permissions = Yes > acl group control = No > acl map full control = Yes > create mask = 0744 > force create mode = 00 > security mask = 0777 > force security mode = 00 > directory mask = 0755 > force directory mode = 00 > directory security mask = 0777 > force directory security mode = 00 > force unknown acl user = No > inherit permissions = No > inherit acls = No > inherit owner = No > guest only = No > guest ok = No > only user = No > hosts allow = 172.17., 172.26.128.0/255.255.240.0, 172.26.240. > 0/255.255.252.0, 172.22., 172.24., 172.26.240.0/255.255.240.0, 172.18.153.159 > hosts deny = > allocation roundup size = 1048576 > aio read size = 0 > aio write size = 0 > aio write behind = > ea support = No > nt acl support = Yes > profile acls = Yes > map acl inherit = No > afs share = No > block size = 1024 > change notify = Yes > directory name cache size = 100 > kernel change notify = Yes > max connections = 150 > min print space = 0 > strict allocate = No > strict sync = No > sync always = No > use sendfile = No > write cache size = 0 > max reported print jobs = 0 > max print jobs = 1000 > printable = No > printing = cups > cups options = > print command = > lpq command = %p > lprm command = > lppause command = > lpresume command = > queuepause command = > queueresume command = > printer name = > use client driver = No > default devmode = Yes > force printername = No > printjob username = %U > default case = lower > case sensitive = Auto > preserve case = Yes > short preserve case = Yes > mangling char = ~ > hide dot files = Yes > hide special files = No > hide unreadable = No > hide unwriteable files = No > delete veto files = No > veto files = /lost+found/.recycle/ > hide files = > veto oplock files = /*.mdb/*.doc/*.xls/*.ppt/ > map archive = Yes > map hidden = No > map system = No > map readonly = yes > mangled names = Yes > mangled map = > store dos attributes = No > dmapi support = No > browseable = Yes > blocking locks = Yes > csc policy = manual > fake oplocks = No > locking = Yes > oplocks = Yes > level2 oplocks = Yes > oplock contention limit = 2 > posix locking = Yes > strict locking = Auto > share modes = Yes > dfree cache time = 0 > dfree command = > copy = > include = > preexec = > preexec close = No > postexec = > root preexec = > root preexec close = No > root postexec = > available = Yes > volume = > fstype = Samba > set directory = No > wide links = Yes > follow symlinks = Yes > dont descend = /proc,/dev > magic script = > magic output = > delete readonly = Yes > dos filemode = No > dos filetimes = Yes > dos filetime resolution = No > fake directory create times = No > vfs objects = > msdfs root = No > msdfs proxy = > > [homes] > comment = Home Directories > read only = No > create mask = 0700 > directory mask = 0700 > max connections = 5 > browseable = No > > [projects] > comment = Projects directories > path = /storage/projects > read only = No > create mask = 0775 > directory mask = 0775 > > [test] > path = /test_smb > read only = No > > [web] > path = /WEB > valid users = colligno > read only = No > browseable = No > > [netlogon] > comment = Network Logon Service > path = /home/netlogon > read only = No > share modes = No > root preexec = /bin/sh -c 'echo "[%T] %u se connecte depuis %m (% > I)" >> /var/log/samba/connexion.log' > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba