Here's a dialog from smbclient that illustrates the problem. I've
noticed that Samba doesn't map my UID and GID to an actual name...
Could this be a symptom of a larger problem with UID/GID mappings or
something?
And under what circumstances would Samba return a
NT_STATUS_ACCESS_DENIED error when the user the smbd process is
running as has permissions to access the file? (it runs as UID 5000,
the UID on the file is 5000, permissions are 600, therefore the smbd
process can access the file) It seems to me that if the spawned
process can access the file, then it should be working. Does Samba
put additional restrictions on file access above and beyond those
imposed by the underlying OS?
------------------------------------------------------------------------
-------
smb: \User\Brandon\test\> ls
. D 0 Wed Jul 5
16:51:41 2006
.. D 0 Mon Jul 3
16:06:45 2006
bar A 10 Mon Jul 3
16:09:54 2006
foo 5 Mon Jul 3
16:07:16 2006
61438 blocks of size 524288. 33649 blocks available
smb: \User\Brandon\test\> get foo
NT_STATUS_ACCESS_DENIED opening remote file \User\Brandon\test\foo
smb: \User\Brandon\test\> stat foo
File: \User\Brandon\test\foo
Size: 5 Blocks: 8 regular file
Inode: 17100 Links: 1
Access: (0600/-rw-------) Uid: 5000 Gid: 5000
Access: 2006-07-03 16:11:02 -0400
Modify: 2006-07-03 16:07:16 -0400
Change: 2006-07-05 09:58:33 -0400
smb: \User\Brandon\test\> get bar
getting file \User\Brandon\test\bar of size 10 as bar (9.8 kb/s)
(average 1.8 kb/s)
smb: \User\Brandon\test\> stat bar
File: \User\Brandon\test\bar
Size: 10 Blocks: 8 regular file
Inode: 17101 Links: 1
Access: (0764/-rwxrw-r--) Uid: 5000 Gid: 5000
Access: 2006-07-05 16:52:02 -0400
Modify: 2006-07-03 16:09:54 -0400
Change: 2006-07-05 09:58:33 -0400
smb: \User\Brandon\test\> put baz
putting file baz as \User\Brandon\test\baz (3.9 kb/s) (average 0.6 kb/s)
smb: \User\Brandon\test\> get baz
getting file \User\Brandon\test\baz of size 4 as baz (3.9 kb/s)
(average 1.9 kb/s)
smb: \User\Brandon\test\> stat baz
File: \User\Brandon\test\baz
Size: 4 Blocks: 8 regular file
Inode: 17099 Links: 1
Access: (0764/-rwxrw-r--) Uid: 5000 Gid: 5000
Access: 2006-07-05 16:52:15 -0400
Modify: 2006-07-05 16:52:07 -0400
Change: 2006-07-05 16:52:07 -0400
smb: \User\Brandon\test\> chmod 0600 baz
Pushing string of 'unlimited' length into non-SMB buffer!
smb: \User\Brandon\test\> stat baz
File: \User\Brandon\test\baz
Size: 4 Blocks: 8 regular file
Inode: 17099 Links: 1
Access: (0600/-rw-------) Uid: 5000 Gid: 5000
Access: 2006-07-05 16:52:15 -0400
Modify: 2006-07-05 16:52:07 -0400
Change: 2006-07-05 16:52:31 -0400
smb: \User\Brandon\test\> get baz
NT_STATUS_ACCESS_DENIED opening remote file \User\Brandon\test\baz
smb: \User\Brandon\test\>
Thanks again,
--
Brandon Dimcheff
IT Consultant
West Pole, Inc. - http://www.westpole.com
201 Nickels Arcade, Ann Arbor, MI 48104 - 734.995.6390 x21
On Jul 5, 2006, at 13:39, Brandon Dimcheff wrote:
... Or my smb.conf is pasted here, since attachments are removed
automatically ...
[global]
log level = 3
workgroup = WESTPOLE_BETA
server string = Unity
map to guest = Bad User
smb passwd file = /etc/samba/private/smbpasswd
passdb backend = ldapsam:ldap://unity.westpole.com/
log file = /var/log/samba3/log.%m
max log size = 5000
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = cups
dns proxy = No
add user script = /usr/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
#delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
#delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
"%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
ldap admin dn = cn=Manager,dc=westpole,dc=com
ldap delete dn = Yes
ldap group suffix = ou=Group
ldap idmap suffix = ou=People
ldap machine suffix = ou=Computers
ldap passwd sync = Yes
ldap suffix = dc=westpole,dc=com
ldap ssl = start tls
ldap user suffix = ou=People
printer admin = @adm
create mask = 0774
directory mask = 0775
domain logons = yes
preferred master = yes
domain master = yes
os level = 65
hide dot files = yes
load printers = yes
printing = cups
printcap name = cups
security = user
guest ok = no
use client driver = no
# For Samba 3.x. This enables ClamAV on access scanning.
vfs object = vscan-clamav
vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
wins support = yes
name resolve order = wins lmhosts host bcast
dns proxy = no
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
create mask = 0700
guest ok = Yes
printable = Yes
browseable = No
writeable = No
[brother_hl_2700cn]
comment = Brother HL2700cn Network Printer
printable = yes
path = /var/spool/samba
public = yes
guest ok = yes
printer admin = root
[hp_laserjet_4000]
comment = HP LaserJet 4000 Network Printer
printable = yes
path = /var/spool/samba
public = yes
guest ok = yes
printer admin = root
# Now we setup our print drivers information!
[print$]
comment = Printer Drivers
path = /etc/samba/printer
guest ok = yes
browseable = yes
read only = yes
# Modify this to "username,root" if you don't want root to
# be the only printer admin)
write list = @adm,root
[fileserver]
comment = West Pole File Server
path = /mnt/fileserver
read only = No
hide dot files = yes
[backups]
comment = West Pole File Server Daily Backups
path = /mnt/dailies
read only = Yes
hide dot files = yes
[netlogon]
path = /var/lib/samba/netlogon
guest ok = no
read only = yes
browseable = no
[profiles]
path = /var/lib/samba/profiles
browseable = no
writeable = yes
default case = lower
preserve case = no
short preserve case = no
case sensitive = no
hide files = /desktop.ini/ntuser.ini/NTUSER.*/
write list = @smbusers @root @westpole
create mask = 0600
directory mask = 0700
profile acls = no
Thanks,
--
Brandon Dimcheff
IT Consultant
West Pole, Inc. - http://www.westpole.com
201 Nickels Arcade, Ann Arbor, MI 48104 - 734.995.6390 x21
On Jul 5, 2006, at 10:11, Brandon Dimcheff wrote:
Hello,
I'm having trouble with permissions on Samba 3.0.21. It almost
seems that the "all" bits are the only ones that Samba is
obeying. For instance, I created this file remotely over a samba
share:
[EMAIL PROTECTED] ~/untitled folder $ ls -als
total 17
0 drwx--S--- 3 brandon.dimcheff westpole 160 Jul 3 15:51 .
1 drwx------ 12 brandon.dimcheff westpole 816 Jul 3 15:51 ..
4 -rw-rw---- 1 brandon.dimcheff westpole 4 Apr 12 17:41 test2
But when I try to access it, I get a permissions denied error and
the logs produce the following. If I set the permissions of the
file to 666, I can use the file just fine:
[2006/07/03 15:51:45, 3] smbd/process.c:process_smb(1194)
Transaction 321 of length 134
[2006/07/03 15:51:45, 3] smbd/process.c:switch_message(993)
switch message SMBntcreateX (pid 22541) conn 0x803b73f8
[2006/07/03 15:51:45, 3] smbd/dosmode.c:unix_mode(121)
unix_mode(untitled folder/test2) returning 0764
[2006/07/03 15:51:45, 3] smbd/open.c:open_file(276)
Error opening file untitled folder/test2 (Permission denied)
(local_flags=0) (flags=0)
[2006/07/03 15:51:45, 3] smbd/error.c:unix_error_packet(90)
unix_error_packet: error string = Permission denied
[2006/07/03 15:51:45, 3] smbd/error.c:error_packet(146)
error packet at smbd/trans2.c(2632) cmd=162 (SMBntcreateX)
NT_STATUS_ACCESS_DENIED
I'm running Samba with an LDAP backend and have ACL support
compiled in, and the filesystem has ACLs enabled. Samba is
serving as the PDC.
I appreciate any suggestions. My smb.conf is attached.
--
Brandon Dimcheff
IT Consultant
West Pole, Inc. - http://www.westpole.com
201 Nickels Arcade, Ann Arbor, MI 48104 - 734.995.6390 x21
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
