I would guess this is ZFS?
I think the problem occurs when samba+zfs interprets unix "no rights
granted to the world (other)" as "deny everyone" in windows.
For example, if you have a with unix perms of 770 - this means on the
unix level that the user and group have full permissions, no rights are
assigned to "other", and therefore if you are the user (owner) or group
you have rights, otherwise you don't. The permissions are additive and
omitting any permissions for "other" is not explicitly an access entry.
In Samba, this gets interpreted as "everyone is denied"- and even
though windows permissions are generally additive, denies trump
allows. The owner of the file can usually go into the advanced
windows permissions and clear the deny entries.
Root can also reset permissions as follows:
chmod -R A- thedirectory
chmod -R A=owner@:rwxpdDaARWcCos:allow ?thedirectory
chmod -R A+group@:rwxpdDaARWcCos:allow ?thedirectory
chmod -R A+someothergroup@:rwxpdDaARWcCos:allow ?thedirectory
If you have autofs involved you may want to fix the top level of an
autofs directory to allow root to still access it (require for mounting)
chmod A+user:nobody:aRc:allow thedirectory
ZFS is really great BUT Samba played nicer with UFS. Somewhat
ironically, I believe Samba with ZFS tries to more precisely map unix to
windows permissions than it did with UFS to Samba. With UFS, some of
problem permissions were just ignored in samba.
On 07/11/2011 12:15 PM, Daulton_Theodore wrote:
Hi all,
Running samba 3.5.5 in a Solaris non-global zone. I have created a folder
(StudentJobApplications) on a share which I want to make accessible only to
members of a Unix group (studempl). I have added myself to the group but when I
or other group members try to access the folder via Windows Explorer I get the
following:
I:\StudentJobApplications is not accessible
Access is denied
Here are some of the particulars:
The folder:
# ls -ld /departments/common/StudentJobApplications
drwxrwx--- 2 root studemp 2 Jul 11 08:34
/departments/common/StudentJobApplications
The group (etc/group):
studempl::2018:mylogin,otheruserlogin.....
The share definition in smb.conf:
# --------------------------------------
# shared directory for ALL staff
# --------------------------------------
[libshare]
comment = Library staff shared directory
path = /<path>
browseable = yes
writeable = yes
create mask = 0777
force create mode = 0777
directory mask = 0777
valid users = +group1 +group2 +group3 +group4 +group 5 +group6 +group7
+group8............+group17 +studempl
invalid users = +circdesk
Note: I am a member of one of the groups defined in valid users above.
I have not restarted the samba server but I don't think that would be necessary.
Actually I would like to set the permissions on the folder to be -rwxrws--- but
just being able to access it would be a start. I would appreciate ang comments
or suggestions.
Thank you.
~~~~~~~~~~~~~~~~~~~~~~~~
Daulton Theodore
Carleton University
Library, Systems Department
Vmail: (613) 520-2600, ext. 8352
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
