Re: [Samba] Users can create, but not delete files.

[Nathan Sinton]

Oops, I meant to send this to the samba list.

On Tue, Nov 11, 2008 at 11:06 AM, Nathan Sinton [EMAIL PROTECTED] wrote:
 I got excited for a second because I hadn't tried this, but it didn't
 work unfortunately.

 Another thing that I forgot to mention is that when viewing the
 permissions of a file from a windows box  Everyone has read access
 and there is a null SID (S-1-0-0) that has full control.  There are no
 other users listed regardless of the user and group ownership of the
 file.  Is this normal?


 On Tue, Nov 11, 2008 at 10:28 AM, Dale Schroeder
  wrote:
 Nathan

 Adding
 dos filemode = Yes
 to the share should allow this.

 Dale

 From SWAT:

 dos filemode (S)

 The default behavior in Samba is to provide UNIX-like behavior where only
 the owner of a file/directory is able to change the permissions on it.
 However, this behavior is often confusing to DOS/Windows users. Enabling
 this parameter allows a user who has write access to the file (by whatever
 means, including an ACL permission) to modify the permissions (including
 ACL) on it. Note that a user belonging to the group owning the file will not
 be allowed to change permissions if the group is only granted read access.
 Ownership of the file/directory may also be changed.

 Default: dos filemode = no

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Users can create, but not delete files.

[Nathan Sinton]

I have an ubuntu 8.10 server that is authenticating against active
directory (Win2k3) and acting as a fileserver.  I used likewise open
to setup the AD authentication.  If a user creates a file in a
directory that he doesn't own, he can modify the contents of the file,
but not delete or rename it.  The group permissions should allow the
user to do this.  If the user owns the directory, (including a
user-created directory inside the problem directory.) they can
delete/rename files.  Windows throws an error about the disk being
full or write protected or the file is is use etc...  I can log on
locally as a user and am able to manipulate files as expected.

I've come across a few other people having a similar issue during my
search and no one seems to have an answer.  Help?



Kernel: 2.6.27-7-server
Samba: 3.2.3

Smb.conf:

[global]
workgroup = WORKGROUP
  realm = WORKGROUP
  preferred master = no
  server string = Linux Test Machine
  security = ADS
  encrypt passwords = yes
  log level = 3
  log file = /var/log/samba/%m
  max log size = 50
  socket options = TCP_NODELAY
  winbind enum users = Yes
  winbind enum groups = Yes
  winbind use default domain = Yes
  winbind nested groups = Yes
  idmap backend = lwopen
  idmap uid = 2000-2
  idmap gid = 2000-2
  directory security mask =0775
  security mask = 0775
  create mask = 0775
  directory mask = 0775
  map acl inherit = yes
  client use spnego = yes

[test]
comment = testing stuff
path= /shared/test
valid users = @WORKGROUP\Domain Users
writable=yes
browseable=yes
create mask = 775
#

The samba log when trying to delete a file:
#
[2008/11/11 08:27:40,  3] smbd/process.c:process_smb(1549)
 Transaction 153 of length 53 (0 toread)
[2008/11/11 08:27:40,  3] smbd/process.c:switch_message(1361)
 switch message SMBecho (pid 23286) conn 0x0
[2008/11/11 08:27:40,  3] smbd/sec_ctx.c:set_sec_ctx(324)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/11/11 08:27:40,  3] smbd/reply.c:reply_echo(4580)
 echo 1 times
[2008/11/11 08:27:40,  3] smbd/sec_ctx.c:set_sec_ctx(324)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/11/11 08:27:51,  3] smbd/process.c:process_smb(1549)
 Transaction 154 of length 80 (0 toread)
[2008/11/11 08:27:51,  3] smbd/process.c:switch_message(1361)
 switch message SMBtrans2 (pid 23286) conn 0xb9195f38
[2008/11/11 08:27:51,  3] smbd/sec_ctx.c:set_sec_ctx(324)
 setting sec ctx (846727731, 846725633) - sec_ctx_stack_ndx = 0
[2008/11/11 08:27:51,  3] smbd/trans2.c:call_trans2qfilepathinfo(3932)
 call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004
[2008/11/11 08:27:51,  3] smbd/trans2.c:call_trans2qfilepathinfo(4006)
 call_trans2qfilepathinfo . (fnum = -1) level=1004 call=5 total_data=0
[2008/11/11 08:27:51,  3] smbd/process.c:process_smb(1549)
 Transaction 155 of length 130 (0 toread)
[2008/11/11 08:27:51,  3] smbd/process.c:switch_message(1361)
 switch message SMBtrans2 (pid 23286) conn 0xb9195f38
[2008/11/11 08:27:51,  3] smbd/trans2.c:call_trans2findfirst(1918)
 call_trans2findfirst: dirtype = 16, maxentries = 1366,
close_after_first=1, close_if_end = 1 requires_resume_key = 1 level =
0x104, max_data_bytes = 16384
[2008/11/11 08:27:51,  3] smbd/dir.c:dptr_create(520)
 creating new dirptr 256 for path ./, expect_close = 1
[2008/11/11 08:27:51,  3] locking/locking.c:fetch_share_mode_unlocked(857)
 fill_share_mode_lock failed
[2008/11/11 08:27:51,  3] smbd/process.c:process_smb(1549)
 Transaction 156 of length 130 (0 toread)
[2008/11/11 08:27:51,  3] smbd/process.c:switch_message(1361)
 switch message SMBtrans2 (pid 23286) conn 0xb9195f38
[2008/11/11 08:27:51,  3] smbd/trans2.c:call_trans2findfirst(1918)
 call_trans2findfirst: dirtype = 16, maxentries = 1366,
close_after_first=1, close_if_end = 1 requires_resume_key = 1 level =
0x104, max_data_bytes = 16384
[2008/11/11 08:27:51,  3] smbd/dir.c:dptr_create(520)
 creating new dirptr 256 for path ./, expect_close = 1
[2008/11/11 08:27:51,  3] locking/locking.c:fetch_share_mode_unlocked(857)
 fill_share_mode_lock failed
[2008/11/11 08:27:52,  3] smbd/process.c:process_smb(1549)
 Transaction 157 of length 134 (0 toread)
[2008/11/11 08:27:52,  3] smbd/process.c:switch_message(1361)
 switch message SMBntcreateX (pid 23286) conn 0xb9195f38
[2008/11/11 08:27:52,  3] lib/util_seaccess.c:se_access_check(249)
[2008/11/11 08:27:52,  3] lib/util_seaccess.c:se_access_check(252)
 se_access_check: user sid is S-1-5-21-3647005163-2223630916-80292403-2611
 se_access_check: also S-1-5-21-3647005163-2223630916-80292403-513
 se_access_check: also S-1-1-0
 se_access_check: also S-1-5-2
 se_access_check: also S-1-5-11
 se_access_check: also S-1-5-21-3647005163-2223630916-80292403-1175
 se_access_check: also S-1-5-21-3647005163-2223630916-80292403-1171
 se_access_check: also S-1-5-21-3647005163-2223630916-80292403-1625
 se_access_check: also S-1-5-21-3647005163-2223630916-80292403-512
 se_access_check: also S-1-5-21-3647005163-2223630916-80292403-1176