On 24.03.2011 10:09, Felix Brack wrote:
Hello,
After an upgrade to samba 3.5.8 (from 3.2.5) the option 'dos filemode'
does not seem to work anymore. If I (as a user) do not own the file I
can't change permissions.
I am user 'felix' and member of supplementary group 'Development'. To
test things I use the following share definition:
[Temp]
path = /srv/samba/file-shares/tmp
browseable = yes
read only = no
invalid users = root administrator
delete readonly = yes
inherit owner = yes
force group = Development
dos filemode = yes
A 'getfacl' on /srv/samba/file-shares/tmp returns:
# file: srv/samba/file-shares/tmp
# owner: root
# group: root
# flags: -s-
user::rwx
group::r-x
group:Development:rwx
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:Development:rwx
default:mask::rwx
default:other::---
From the 'smb.conf' man page concerning option 'dos filemode':
...
Enabling this parameter allows a user who has write access to the file
(by whatever means, including an ACL permission) to modify the
permissions (including ACL) on it.
...
My understanding: as a member of group 'Development' I do have write
access to '/srv/samba/file-shares/tmp' by means of the ACL.
Trying to modify permissions on a directory or file I create in that
share does not work and reports access denied, no matter if I use
Windows Explorer or smbclient from an other linux box.
What am I misunderstanding here?
Many thanks, Felix
I finally manged to write some code for my Windows box that shows the error:
#include <stdio.h>
#include <tchar.h>
#include <windows.h>
// directory name --------------------------------------
// share name -------------------------------- |
// server name -------------------- | |
// | | |
// v v v
const wchar_t strFirName[]= L"\\\\JUPITER\\testshare\\test-dir";
int main(void)
{
BOOL bRet;
DWORD dwError;
// create the directory
bRet= CreateDirectory(strFirName, NULL);
if (bRet != TRUE) {
dwError= GetLastError();
return -1;
}
// now set the file attribute of the newly created directory
bRet= SetFileAttributes(strFirName, FILE_ATTRIBUTE_NORMAL);
if (bRet != TRUE) {
// dwError will be 6 (ERROR_INVALID_HANDLE) in case of failure
dwError= GetLastError();
return -1;
}
return 0;
}
That's it! Creating a directory and then manipulating the attributes.
The server path to the share is /srv/samba/file-shares/testshare.
The code above fails while setting the attribute if the user (felix)
connecting to the samba share is _not_ the owner (root) of
/srv/samba/file-shares/testshare.
'getfacl /srv/samba/file-shares/testshare' returns:
# file: srv/samba/file-shares/testshare
# owner: root
# group: root
# flags: -s-
user::rwx
group::rwx
group:Development:rwx
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:group:Development:rwx
default:mask::rwx
default:other::---
If I type 'chown felix:root /srv/samba/file-shares/testshare' on the
samba server and then execute the code above, everything is fine.
'getfacl /srv/samba/file-shares/testshare' returns:
# file: srv/samba/file-shares/testshare
# owner: felix
# group: root
# flags: -s-
user::rwx
group::rwx
group:Development:rwx
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:group:Development:rwx
default:mask::rwx
default:other::---
As already stated 'felix' is member of group 'Development'.
Can somebody confirm that the code above works in case the user
connecting to the share is _not_ owning the share?
Felix
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
