[Samba] folder permissions with Windows client, Samba server

Wed, 10 Mar 2010 11:19:50 -0800 

Hi list -
I've been using Samba since 2.x in the early 2000's, and a papercut I had eight years ago still plagues me today - when anyone on a Windows client right-clicks a folder on a Samba share and tries to view or change its permissions, it doesn't work right. The folder appears to have no permissions enabled for owner, group, or world (regardless of what the permissions actually are - and in fact, the Windows user can modify the folder or files in it without difficulty). Worse, if the Windows user attempts to SET permissions on the folder, the folder will end up with a completely different (and generally completely unusable) set of permissions; chmod 700 and chown root, if I recall correctly - so then the hapless user who tried to set permissions on a folder that he or she could access just fine is locked out of that folder completely until someone shells into the Samba server and resets permissions from the command line. 


I have seen this exact behavior on Samba 2.x / FreeBSD 4.x, 5.x, and 
6.x, both with and without ACLs enabled on the underlying filesystem, 
and just this week when I set up a Samba 3.4.0 server from the Ubuntu 
9.10 repositories, successfully joined it to a Windows 2003 domain with 
Kerberos working and Winbind mapping UIDs and GIDs properly... I STILL 
had the problem with the Windows GUI for setting folder permissions not 
mapping correctly!



Is this something I just have to live with, or is there something I 
don't understand about configuring Samba that would avoid this issue?



The smb.conf for the Ubuntu server I mentioned just now is unchanged 
from the default conf file shipping from the repository, with these 
exceptions:



####### Authentication #######

       security = ads
       realm = DOMAIN.LOCAL
       password server = 192.168.1.20
# note that workgroup is the 'short' domain name
       workgroup = DOMAIN
#       winbind separator = +
       idmap uid = 10000-20000
       idmap gid = 10000-20000
       winbind enum users = yes
       winbind enum groups = yes
       template homedir = /home/%D/%U
       template shell = /bin/bash
       client use spnego = yes
       client ntlmv2 auth = yes
       encrypt passwords = yes
       winbind use default domain = yes
       restrict anonymous = 2

[smbshare]
   comment = root of the Samba-accessible data storage
   read only = no
   writeable = yes
   path = /data/smbshare
   guest ok = no

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba






















					Reply via email to