Am 28.03.2013 09:40, schrieb Quintus:
Am Tue, 26 Mar 2013 19:38:48 +0100
schrieb steve <st...@steve-ss.com>:
WTF? Where did the write access for the group go?
Hi Marvin
Hi Steve,
Just a thought but I found out the hard way that when there are acl's
set, e.g. in your file called test2, the -rw-r----- bit of the
listing bit bears little resemblance to what the actual permissions
are. Have you actually checked to see that the file test2 really
isn't group writeable? Maybe worth a quick test.
I just tested it with another user and no, the file is really not
group-writable. But I found another really mysterious behaviour... This
time I’ve connected as user "steffi" who is in the "share" group as
well:
% sudo mount //avalon/share -t cifs -o user=steffi,gid=quintus /mnt
I tried to create a file now as this user:
----------------------------------------------------
(1067) [9:28:47 quintus@hades] /mnt
% ls -ahl
total 4.0K
drwxrws---+ 2 root quintus 0 Mar 28 09:28 .
drwxr-xr-x 20 root root 4.0K Mar 19 17:32 ..
-rw-rw----+ 1 quintus quintus 0 Mar 26 14:54 test
-rw-r-----+ 1 quintus quintus 0 Mar 26 15:04 test2
(1068) [9:29:29 quintus@hades] /mnt
% touch test3
touch: cannot touch ‘test3’: Permission denied
(1069) [9:29:34 quintus@hades] /mnt
% ls -ahl
total 4.0K
drwxrws---+ 2 root quintus 0 Mar 28 09:29 .
drwxr-xr-x 20 root root 4.0K Mar 19 17:32 ..
-rw-rw----+ 1 quintus quintus 0 Mar 26 14:54 test
-rw-r-----+ 1 quintus quintus 0 Mar 26 15:04 test2
-rw-r-----+ 1 1002 quintus 0 Mar 28 09:29 test3
----------------------------------------------------
That is, I get a "permission denied" on the "touch" command, but the
file is there nevertheless...? How is this possible at all? Even worse,
I cannot write to the file I just created:
(1070) [9:29:35 quintus@hades] /mnt
% echo foo > test3
zsh: permission denied: test3
And no, the file is really empty (I’ve chceked it on the server via
SSH). Writing to the files owned by someone else, but still in the
"share" group doesn’t work either:
(1071) [9:31:19 quintus@hades] /mnt
% echo foo > test2
zsh: permission denied: test2
And again, this file really is empty.
On the server, the permissions are reported like this:
----------------------------------------------------
(433) [9:33:34 quintus@avalon] /srv/cifs/share
% ls -ahl
insgesamt 8,0K
drwxrws---+ 2 root share 4,0K 28. Mär 09:29 .
drwxr-xr-x 7 root root 4,0K 26. Mär 14:19 ..
-rw-rw----+ 1 quintus share 0 26. Mär 14:54 test
-rw-r-----+ 1 quintus share 0 26. Mär 15:04 test2
-rw-r-----+ 1 steffi share 0 28. Mär 09:29 test3
(434) [9:33:41 quintus@avalon] /srv/cifs/share
% getfacl test3
# file: test3
# owner: steffi
# group: share
user::rw-
group::rwx #effective:r--
group:share:rwx #effective:r--
mask::r--
other::---
----------------------------------------------------
And I cannot write to the "test3" as user "quintus" on the server, but
as user "steffi" it works (again, through SSH):
----------------------------------------------------
(436) [9:35:32 quintus@avalon] /srv/cifs/share
% echo foo > test3
zsh: permission denied: test3
(437) [9:36:55 quintus@avalon] /srv/cifs/share
% ls -ahl
insgesamt 8,0K
drwxrws---+ 2 root share 4,0K 28. Mär 09:29 .
drwxr-xr-x 7 root root 4,0K 26. Mär 14:19 ..
-rw-rw----+ 1 quintus share 0 26. Mär 14:54 test
-rw-r-----+ 1 quintus share 0 26. Mär 15:04 test2
-rw-r-----+ 1 steffi share 0 28. Mär 09:29 test3
(438) [9:36:57 quintus@avalon] /srv/cifs/share
% sudo su -s /bin/zsh - steffi
[sudo] password for quintus:
(1) [9:37:31 steffi@avalon] /
% cd /srv/cifs/share
(2) [9:37:35 steffi@avalon] /srv/cifs/share
% echo foo > test3
(3) [9:37:38 steffi@avalon] /srv/cifs/share
% ls -ahl
insgesamt 12K
drwxrws---+ 2 root share 4,0K 28. Mär 09:29 .
drwxr-xr-x 7 root root 4,0K 26. Mär 14:19 ..
-rw-rw----+ 1 quintus share 0 26. Mär 14:54 test
-rw-r-----+ 1 quintus share 0 26. Mär 15:04 test2
-rw-r-----+ 1 steffi share 4 28. Mär 09:37 test3
(4) [9:37:39 steffi@avalon] /srv/cifs/share
% cat test3
foo
----------------------------------------------------
Cheers,
Steve
Any idea?
Vale,
Marvin
Hi Marvin,
Just an idea:
I remeber having an issue with testing permissions on cifs mounted
filesystems. I was using touch to create files and kept failing. It
turned out I had to make sure the file size exeeded 0 for the test to
succeed.
Mind you this was a couple of years ago and is possilbly not relevant
any more.
Greatings, Jochen
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
