Re: [Samba] Strange file permissions

Tue, 27 Nov 2007 01:22:59 -0800

In my opinion even your no access folder should use a group. Make your lowest permissions group nogroup then add all users to the group. Then change smb conf user security entry to valid users = @nogroup 

Mark.


On 26 Nov 2007, at 22:59, DNL <[EMAIL PROTECTED]> wrote:




Mark Adams wrote:

Is sgid on the top level dir?
Set for subdirectory cp, but not for projects as different directories at that level require no access control 
/projects/cp# ls -al
total 164
drwxrws--- 26 dnl     cp         4096 2007-11-23 15:37 .
drwxr-xr-x 17 root    root       4096 2007-11-16 22:35 ..
drwxrws---  2 daniel  cp         4096 2007-06-18 11:52 4 Spencer Close
drwxrws---  2 daniel  cp         4096 2007-09-01 19:20 Addresses


Also have you tried force group samba option?
My understanding is that this would force the same group for all the PROJECT share, but I only want it for a subdirectory. Am I forced into making projects/cp a separate share and using this samba option? 
Mark.

Thanks for your response.
Dave.

On 24 Nov 2007, at 13:13, DNL <[EMAIL PROTECTED]> wrote:

Hi
I have a samba server with tdbsam passwords, and a share, PROJECTS,
which is accessed by various XP home clients, the usenames and passwords being manually synced to the samba ones (less than 10 users, and only 4 workstations). There is one win2K machine, which is a domain member. Subdirectories on PROJECTS have g+s set, so only users, who are members of specific Linux groups, have access to the files in them. Recently, a laptop with XP professional has been connected, and the user on it can access the correct directories, but when he edits or creates a 
file, the group owner and file permissions are wrong:

/home/projects/cp/CP 2007# ls -alt
total 2932
drwxrwsrw-  4 daniel  cp              4096 2007-11-24 12:35 .
-r-------- 1 haffers BUILTIN\users 197120 2007-11-24 12:34 CP 11 Nova.xls -rw-rw-rw- 1 haffers BUILTIN\users 199168 2007-11-23 19:47 CP 10 Octa.xls drwxrwsrwx 2 daniel cp 4096 2007-11-23 19:34 FORMS 2007 -rw-rw-rw- 1 haffers BUILTIN\users 299520 2007-11-23 19:20 2007 ANALYSIS.xls 
drwxrws--- 26 dnl     cp              4096 2007-11-23 15:37 ..
-r-------- 1 haffers BUILTIN\users 197120 2007-11-23 14:40 CP 10 Oct.xls -rwxrwx--- 1 haffers cp 196608 2007-11-18 18:51 CP 11 Nov.xls -rwxrwx--- 1 haffers cp 192512 2007-11-18 17:47 CP 09 Sep.xls
The files he creates are therefore unusable until permissions are changed. Various searches on the internet and reading of the Samba documentation have failed give me any idea on why this is happening, or how to put it right. How is Samba managing to not respecting the Linux g+s bit? How do I make this system work correctly? Can you assist? 

Background information:
The log-on of the user on the XP professional machine:

# tail -14 andylap.old
[2007/11/24 01:32:01, 1] smbd/service.c:close_cnum(1150)
andylap (192.168.0.168) closed connection to service projects
[2007/11/24 11:13:20, 2] smbd/sesssetup.c:setup_new_vc_session(799)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close 
all old resources.
[2007/11/24 11:13:20, 2] smbd/sesssetup.c:setup_new_vc_session(799)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close 
all old resources.
[2007/11/24 11:13:20, 2] lib/access.c:check_access(323)
Allowed connection from (192.168.0.168)
[2007/11/24 11:13:20, 2] smbd/reply.c:reply_tcon_and_X(711)
Serving IPC$ as a Dfs root
[2007/11/24 11:13:20, 2] auth/auth.c:check_ntlm_password(309)
check_ntlm_password: authentication for user [haffers] -> [haffers]
-> [haffers] succeeded
[2007/11/24 11:13:20, 2] smbd/utmp.c:sys_utmp_update(419)
utmp_update: uname:/var/run/utmp wname:/var/log/wtmp

# head -24 andylap
[2007/11/24 11:13:20, 2] lib/access.c:check_access(323)
Allowed connection from (192.168.0.168)
[2007/11/24 11:13:20, 1] smbd/service.c:make_connection_snum(950)
andylap (192.168.0.168) connect to service projects initially as user 
haffers (uid=529, gid=502) (pid 17358)
[2007/11/24 11:13:20, 2] smbd/reply.c:reply_tcon_and_X(711)
Serving projects as a Dfs root
[2007/11/24 11:13:20, 2] smbd/utmp.c:sys_utmp_update(419)
utmp_update: uname:/var/run/utmp wname:/var/log/wtmp
[2007/11/24 11:13:20, 1] smbd/service.c:close_cnum(1150)
andylap (192.168.0.168) closed connection to service projects
[2007/11/24 11:13:20, 2] auth/auth.c:check_ntlm_password(309)
check_ntlm_password: authentication for user [haffers] -> [haffers]
-> [haffers] succeeded
[2007/11/24 11:13:20, 2] smbd/utmp.c:sys_utmp_update(419)
utmp_update: uname:/var/run/utmp wname:/var/log/wtmp
[2007/11/24 11:13:20, 2] lib/access.c:check_access(323)
Allowed connection from (192.168.0.168)
[2007/11/24 11:13:20, 1] smbd/service.c:make_connection_snum(950)
andylap (192.168.0.168) connect to service projects initially as user 
haffers (uid=529, gid=502) (pid 17358)
[2007/11/24 11:13:20, 2] smbd/reply.c:reply_tcon_and_X(711)
Serving projects as a Dfs root
[2007/11/24 11:14:36, 2] lib/access.c:check_access(323)
Allowed connection from (192.168.0.168)
[2007/11/24 11:14:36, 2] smbd/reply.c:reply_tcon_and_X(711)
Serving IPC$ as a Dfs root

The most recent problem file in that log:
/var/log/samba# grep Nova andylap
unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
haffers opened file cp/CP 2007/CP 11 Nova.xls read=Yes write=No (numopen=3) 
unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
haffers opened file cp/CP 2007/CP 11 Nova.xls read=No write=No (numopen=4) 
haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=3)
haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=2)
unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
haffers opened file cp/CP 2007/CP 11 Nova.xls read=Yes write=No (numopen=3) 
haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=2)
unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
haffers opened file cp/CP 2007/CP 11 Nova.xls read=Yes write=No (numopen=3) 
haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=2)
unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
haffers opened file cp/CP 2007/CP 11 Nova.xls read=Yes write=Yes (numopen=3) 
unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
haffers opened file cp/CP 2007/CP 11 Nova.xls read=Yes write=No (numopen=4) 
haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=3)
unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
haffers opened file cp/CP 2007/CP 11 Nova.xls read=Yes write=No (numopen=4) 
haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=3)
unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
haffers opened file cp/CP 2007/CP 11 Nova.xls read=Yes write=No (numopen=4) 
haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=3)
unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
haffers opened file cp/CP 2007/CP 11 Nova.xls read=Yes write=No (numopen=4) 
haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=3)
unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
haffers opened file cp/CP 2007/CP 11 Nova.xls read=No write=No (numopen=4) 
haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=3)
unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
haffers opened file cp/CP 2007/CP 11 Nova.xls read=No write=No (numopen=4) 
haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=3)
unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
haffers opened file cp/CP 2007/CP 11 Nova.xls read=No write=No (numopen=4) 
haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=3)
unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
haffers opened file cp/CP 2007/CP 11 Nova.xls read=Yes write=No (numopen=4) 
haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=3)
haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=2)
unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
haffers opened file cp/CP 2007/CP 11 Nova.xls read=No write=No (numopen=3) 
haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=2)
unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
haffers opened file cp/CP 2007/CP 11 Nova.xls read=Yes write=No (numopen=3) 
unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
haffers opened file cp/CP 2007/CP 11 Nova.xls read=No write=No (numopen=5) 
haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=4)
haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=3)
unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
haffers opened file cp/CP 2007/CP 11 Nova.xls read=No write=No (numopen=4) 
haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=3)
unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
haffers opened file cp/CP 2007/CP 11 Nova.xls read=No write=No (numopen=3) set_canon_ace_list: sys_acl_set_file type file failed for file cp/ CP 2007/CP 11 Nova.xls (Operation not supported). 
haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=2)
unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
haffers opened file cp/CP 2007/CP 11 Nova.xls read=Yes write=No (numopen=3) 
haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=2)
unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
haffers opened file cp/CP 2007/CP 11 Nova.xls read=Yes write=No (numopen=3) 
haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=2)
unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
haffers opened file cp/CP 2007/CP 11 Nova.xls read=Yes write=No (numopen=3) 
haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=2)
unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
haffers opened file cp/CP 2007/CP 11 Nova.xls read=Yes write=No (numopen=3) 
haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=2)
unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
haffers opened file cp/CP 2007/CP 11 Nova.xls read=Yes write=No (numopen=3) 
haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=2)
unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
haffers opened file cp/CP 2007/CP 11 Nova.xls read=Yes write=No (numopen=3) 
unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
haffers opened file cp/CP 2007/CP 11 Nova.xls read=No write=No (numopen=4) 
unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
haffers opened file cp/CP 2007/CP 11 Nova.xls read=No write=No (numopen=5) 
haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=4)
haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=3)
haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=2)

The log at the time of the faulty file:
[2007/11/24 11:18:28, 2] smbd/close.c:close_normal_file(344)
haffers closed file cp/CP 2007/CP 11 Nov.xls (numopen=5)
[2007/11/24 11:18:28, 2] smbd/close.c:close_normal_file(344)
haffers closed file cp/CP 2007/CP 11 Nov.xls (numopen=4)
[2007/11/24 12:34:48, 2] lib/access.c:check_access(323)
Allowed connection from  (192.168.0.168)
[2007/11/24 12:34:48, 2] smbd/reply.c:reply_tcon_and_X(711)
Serving IPC$ as a Dfs root
[2007/11/24 12:35:17, 2] smbd/dosmode.c:unix_mode(96)
unix_mode(cp/CP 2007/410CE081.tmp) inheriting from cp/CP 2007
[2007/11/24 12:35:17, 2] smbd/dosmode.c:unix_mode(104)
unix_mode(cp/CP 2007/410CE081.tmp) inherit mode 42776
[2007/11/24 12:35:17, 2] smbd/open.c:open_file(352)
haffers opened file cp/CP 2007/410CE081.tmp read=No write=Yes (numopen=4) 
[2007/11/24 12:35:17, 2] smbd/close.c:close_normal_file(344)
haffers closed file cp/CP 2007/410CE081.tmp (numopen=3)
[2007/11/24 12:35:17, 2] smbd/close.c:close_normal_file(344)
haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=2)
[2007/11/24 12:35:17, 2] smbd/dosmode.c:unix_mode(96)
unix_mode(cp/CP 2007/CP 11 Nova.xls) inheriting from cp/CP 2007
[2007/11/24 12:35:17, 2] smbd/dosmode.c:unix_mode(104)
unix_mode(cp/CP 2007/CP 11 Nova.xls) inherit mode 42776
[2007/11/24 12:35:17, 2] smbd/open.c:open_file(352)
haffers opened file cp/CP 2007/CP 11 Nova.xls read=No write=No (numopen=3) 
[2007/11/24 12:35:17, 2] smbd/close.c:close_normal_file(344)
haffers closed file cp/CP 2007/CP 11 Nova.xls (numopen=2)



# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[print$]"
Processing section "[printers]"
Processing section "[homes]"
Processing section "[netlogon]"
Processing section "[profiles]"
Processing section "[projects]"
Processing section "[dnlweb]"
Processing section "[Brother]"
Loaded services file OK.
Invalid combination of parameters for service Brother. Level II oplocks can only be set if oplocks are also set. 
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions
[projects]
      comment = projects directory
      path = /home/projects
      read only = No
      inherit permissions = Yes
      guest ok = Yes

[Brother]
      comment = HL1260 running HP LJ 4+ emulation 26M
      path = /var/spool/samba
      read only = No
      guest ok = Yes
      printable = Yes
      printer name = Brother
      oplocks = No
      share modes = No
There is something that Samba does not like about the oplocks here, but SWAT does not have an oplocks option on the Brother printer share, so I am confused on this, but expect it is not relevant to the main problem. 

smb.conf file
# Samba config file created using SWAT
# from 192.168.0.187 (192.168.0.187)
# Date: 2007/11/24 13:03:18

[global]
  unix charset = LOCALE
  workgroup = STONES
  server string = %h server (Samba %v)
  interfaces = Eth0, lo
  bind interfaces only = Yes
  map to guest = Bad Password
  passdb backend = tdbsam
  guest account = stones
  pam password change = Yes
  passwd program = /usr/bin/passwd %u
passwd chat = *New*Password* %n\n *Re-enter*new*password*%n\n *Password*changed* 
  username map = /etc/samba/smbusers
  unix password sync = Yes
  log level = 2 passdb:2 auth:2 winbind:4
  log file = /var/log/samba/%m
  max log size = 100
  smb ports = 139
  name resolve order = hosts wins bcast
  time server = Yes
  printcap name = CUPS
  show add printer wizard = No
  add user script = /usr/sbin/useradd -m '%u'
  delete user script = /usr/sbin/userdel -r '%u'
  add group script = /usr/sbin/groupadd '%g'
  delete group script = /usr/sbin/groupdel '%g'
  add user to group script = /usr/sbin/usermod -G '%g' '%u'
  delete user from group script = /usr/sbin/groupmod -R %u %g
  add machine script = /usr/sbin/useradd -s /bin/false -d /tmp '%u'
  shutdown script = /var/lib/samba/scripts/shutdown.sh
  abort shutdown script = /sbin/shutdown -c
  logon script = logon.bat
  logon path = \\%N\profiles\%U
  logon drive = H:
  domain logons = Yes
  os level = 35
  preferred master = Yes
  domain master = Yes
  wins support = Yes
  ldap ssl = no
  utmp = Yes
  panic action = /usr/share/samba/panic-action %d
  idmap uid = 15000-20000
  idmap gid = 15000-20000
  hosts allow = 192.168.0., 192.168.1., 127.
  printing = cups
  print command =
  lpq command = %p
  lprm command =
  veto files = /*.eml/*.nws/*.{*}/

[print$]
  comment = Printer Drivers
  path = /var/lib/samba/printers
  admin users = root, Administrator
  write list = root

[printers]
  comment = SMB Print Spool
  path = /var/spool/samba
  guest ok = Yes
  printable = Yes
  browseable = No
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Reply via email to