[Samba] Permission issues
Last weekend I changed over to our new file server running Debian Lenny 64Bit Samba version 3.2.5... all seemed to work fine but we are getting the occasional file that ends up with permissions like -r--rwx--- ie the owning user has no write permission. Ive been unable to replicate but am told they are not new files. they seem to all be MS Office documents and the users just get access denied when they try and save the file. Not sure why this is happening but will post more info if I figure out more. Following is an extract of part of my samba config Ive only included the accounts share but its happening on several. [global] load printers = no security = ads workgroup = *** server string = File Store realm = * password server = *** wins server = ** dns proxy = no log file = /var/log/samba/log.%m max log size = 100 log level = 0 panic action = /usr/share/samba/panic-action %d encrypt passwords = true idmap backend = ad passdb backend = tdbsam idmap uid = 100-9 idmap gid = 100-9 winbind cache time = 300 winbind nss info = rfc2307 winbind enum groups = yes winbind enum users = yes winbind use default domain = yes winbind separator = / winbind nested groups = yes template homedir = /home/%U/homedir template shell = /bin/bash debug uid = yes obey pam restrictions = yes idmap alloc backend = tdb idmap alloc config:range = 9-10 [Accounts] comment = Accounts Stuff path = /filestore/accounts guest ok = no browseable = yes valid users = @accounts group writable = yes force create mode = 0660 force directory mode = 0770 fstype = EXT3 hide unreadable = yes dos filemode = yes acl map full control = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Secondary Groups
Thanks for the reply. After spending 2 days trying to get 3.5.2 compiled and working right I went back to the old version for a bit and discovered that writable = yes on the share fixed it. little confused why I could write to some shares even though I didn't have it but all seems to work properly now. Only thing Ive noticed is that I can't seem to change permissions from windows on a file/directory unless I personally own the file but not sure if that's a samba problem or a file system thing? On Tuesday 20 April 2010 03:41:57 grant little wrote: I had that problem with samba 3.4.X on ubuntu 9.10, the only way I could get it to work was to use 777 folder permissions as you describe. The fix for me was to go to samba 3.5.X which fixed that and several other problems like not being able to login to samba from OS X. Tried the same on a CENTOS 5.4 install as well and it works for SAMBA 3.0.33 with 770 folder permissions. Maybe a samba upgrade might fix what ails you but be careful what you upgrade to... On Sun, Apr 18, 2010 at 10:19 PM, David van Laatum da...@vanlaatum.id.auwrote: This has been bugging me for years but never got around to spending a lot of time on it until I now want/need to use it for work stuff. Problem is simple I get access denied when trying to create a file in a directory that is not owned by me or my primary group that doesn't have world writable permissions. Ive also had similar issues with NFS mounts where I can't move/create/delete files via nfs but works fine if I do it on the local machine even though I am the same user in the same groups. All relevant info I can think of follows let me know if anything else is needed. Spent all morning looking for an answer but only found hints of similar but not applicable problems. [14:14:36 r...@adl-nas-01 filestore]# smbd -V Version 3.2.5 [14:28:42 r...@adl-nas-01 filestore]# uname -a Linux adl-nas-01 2.6.26-2-amd64 #1 SMP Tue Mar 9 22:29:32 UTC 2010 x86_64 GNU/Linux [14:28:42 r...@adl-nas-01 filestore]# cat /etc/debian_version 5.0.4 [global] security = ads workgroup = VALEX server string = File Store realm = VALEX.LOCAL password server = ldap.valex.local wins server = 172.16.0.150 dns proxy = no log file = /var/log/samba/log.%m max log size = 100 log level = 3 syslog = 1 panic action = /usr/share/samba/panic-action %d encrypt passwords = yes printing = bsd printcap name = /etc/printcap idmap backend = ad passdb backend = tdbsam idmap uid = 100-9 idmap gid = 100-90 winbind cache time = 300 winbind nss info = rfc2307 winbind enum groups = yes winbind enum users = yes winbind use default domain = yes winbind separator = / winbind nested groups = yes template homedir = /home/%U/homedir template shell = /bin/bash debug uid = yes [Accounts] comment = Accounts Stuff path = /filestore/accounts guest ok = no browseable = yes ; valid users = @VALEX/vxAccounts @VALEX/vxSystems create mask = 0660 directory mask = 0770 fstype = EXT3 ; force group = +...@valex/vxAccounts [14:32:58 r...@adl-nas-01 filestore]# id dvanlaatum uid=10440(dvanlaatum) gid=2(vxsystems) groups=2(vxsystems),20002(domain admins),20003(domain users),20001(vxallusers),5006(BUILTIN/administrators),5007(BUILTIN/users) [14:35:02 r...@adl-nas-01 filestore]# ls -ald /filestore/accounts/ drwxrwxr-x 3 root vxallusers 4096 2010-04-19 11:32 /filestore/accounts/ [14:37:54 da...@l00018 ~]# smbclient -U dvanlaatum //adl-nas-01/Accounts Password: Domain=[VALEX] OS=[Unix] Server=[Samba 3.2.5] smb: \ mkdir test NT_STATUS_MEDIA_WRITE_PROTECTED making remote directory \test -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba Secondary Groups
This has been bugging me for years but never got around to spending a lot of time on it until I now want/need to use it for work stuff. Problem is simple I get access denied when trying to create a file in a directory that is not owned by me or my primary group that doesn't have world writable permissions. Ive also had similar issues with NFS mounts where I can't move/create/delete files via nfs but works fine if I do it on the local machine even though I am the same user in the same groups. All relevant info I can think of follows let me know if anything else is needed. Spent all morning looking for an answer but only found hints of similar but not applicable problems. [14:14:36 r...@adl-nas-01 filestore]# smbd -V Version 3.2.5 [14:28:42 r...@adl-nas-01 filestore]# uname -a Linux adl-nas-01 2.6.26-2-amd64 #1 SMP Tue Mar 9 22:29:32 UTC 2010 x86_64 GNU/Linux [14:28:42 r...@adl-nas-01 filestore]# cat /etc/debian_version 5.0.4 [global] security = ads workgroup = VALEX server string = File Store realm = VALEX.LOCAL password server = ldap.valex.local wins server = 172.16.0.150 dns proxy = no log file = /var/log/samba/log.%m max log size = 100 log level = 3 syslog = 1 panic action = /usr/share/samba/panic-action %d encrypt passwords = yes printing = bsd printcap name = /etc/printcap idmap backend = ad passdb backend = tdbsam idmap uid = 100-9 idmap gid = 100-90 winbind cache time = 300 winbind nss info = rfc2307 winbind enum groups = yes winbind enum users = yes winbind use default domain = yes winbind separator = / winbind nested groups = yes template homedir = /home/%U/homedir template shell = /bin/bash debug uid = yes [Accounts] comment = Accounts Stuff path = /filestore/accounts guest ok = no browseable = yes ; valid users = @VALEX/vxAccounts @VALEX/vxSystems create mask = 0660 directory mask = 0770 fstype = EXT3 ; force group = +...@valex/vxAccounts [14:32:58 r...@adl-nas-01 filestore]# id dvanlaatum uid=10440(dvanlaatum) gid=2(vxsystems) groups=2(vxsystems),20002(domain admins),20003(domain users),20001(vxallusers),5006(BUILTIN/administrators),5007(BUILTIN/users) [14:35:02 r...@adl-nas-01 filestore]# ls -ald /filestore/accounts/ drwxrwxr-x 3 root vxallusers 4096 2010-04-19 11:32 /filestore/accounts/ [14:37:54 da...@l00018 ~]# smbclient -U dvanlaatum //adl-nas-01/Accounts Password: Domain=[VALEX] OS=[Unix] Server=[Samba 3.2.5] smb: \ mkdir test NT_STATUS_MEDIA_WRITE_PROTECTED making remote directory \test -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba