Change in the samba3x code from version 3.5.4-0.83.el5_7.2 to 3.5.10-0.108.el5_8 causes permissions issue.
Issue
Steps to reproduce the issue on a RHEL5.
$ mkdir /samba
$ getfacl /samba
getfacl: Removing leading '/' from absolute path names
# file: samba
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
$ mkdir /samba/test_share
$ getfacl /samba/test_share
getfacl: Removing leading '/' from absolute path names
# file: samba/test_share
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
$ setfacl -m u:IDM+248980:rwx /samba/test_share
$ setfacl -d -m u:IDM+248980:rwx /samba/test_share
$ setfacl -m g:users:rwx /samba/test_share
$ setfacl -d -m g:users:rwx /samba/test_share
$ getfacl /samba/test_share
getfacl: Removing leading '/' from absolute path names
# file: samba/test_share
# owner: root
# group: root
user::rwx
user:IDM+248980:rwx
group::r-x
group:users:rwx
mask::rwx
other::r-x
default:user::rwx
default:user:IDM+248980:rwx
default:group::r-x
default:group:users:rwx
default:mask::rwx
default:other::r-x
$ mkdir /samba/test_share/dir_create_from_unix
$ getfacl /samba/test_share/dir_create_from_unix
getfacl: Removing leading '/' from absolute path names
# file: samba/test_share/dir_create_from_unix
# owner: root
# group: root
user::rwx
user:IDM+248980:rwx
group::r-x
group:users:rwx
mask::rwx
other::r-x
default:user::rwx
default:user:IDM+248980:rwx
default:group::r-x
default:group:users:rwx
default:mask::rwx
default:other::r-x
Share definitions in smb.conf:
[test_share]
comment = RHEL Test
path = /samba/test_share
writable = yes
valid users = @IDM+domänen-benutzer (AD domain-users)
read only = No
create mask = 0770
browseable = Yes
public = no
guest ok = no
inherit acls = Yes
map acl inherit = Yes
store dos attributes = Yes
Now connect with a Windows machine to the share and login as a 'valid user'. Then create a new folder.
$ ls -l /samba/test_share/
total 16
drwxrwxr-x+ 2 root root 4096 May 3 14:06 dir_create_from_unix
drwxr-xr-x+ 2 IDM+248980 IDM+g-it-hw-betriebssysteme 4096 May 3 14:08 New folder
$ getfacl /samba/test_share/'New folder'
getfacl: Removing leading '/' from absolute path names
# file: samba/test_share/New folder# owner: IDM+248980
# group: IDM+g-it-hw-betriebssysteme
user::rwx
user:IDM+248980:rwx #effective:r-x
group::r-x
group:users:rwx #effective:r-x
mask::r-x
other::r-x
default:user::rwx
default:user:IDM+248980:rwx
default:group::r-x
default:group:users:rwx
default:mask::rwx
default:other::r-x
$ ls -l /samba/test_share/'New folder'/
total 8
-rwxrwx---+ 1 IDM+248980 IDM+g-it-hw-betriebssysteme 14 May 3 14:32 fox.txt
$ getfacl /samba/test_share/'New folder'
getfacl: Removing leading '/' from absolute path names
# file: samba/test_share/New folder
# owner: IDM+248980
# group: IDM+g-it-hw-betriebssysteme
user::rwx
user:IDM+248980:rwx #effective:r-x
group::r-x
group:users:rwx #effective:r-x
mask::r-x
other::r-x
default:user::rwx
default:user:IDM+248980:rwx
default:group::r-x
default:group:users:rwx
default:mask::rwx
default:other::r-x
Now login as a different user which is part of the 'users' group in the system.
[270181@bsm3 ~]$ groups
users wheel
[270181@bsm3 ~]$ cd /samba/test_share/'New folder'
[270181@bsm3 New folder]$ ls -l
total 8
-rwxrwx---+ 1 IDM+248980 IDM+g-it-hw-betriebssysteme 14 May 3 14:32 fox.txt
$ rm fox.txt
rm: cannot remove `fox.txt': Permission denied
The problem is that a different default mask is set to the share if you create it from a smb client. This was corrected in 3.5.4 and has been changed after this release. The change of behavior is still present in 3.6.x but has been changed back to what Linux does in 4.0.
Environment
- Red Hat Enterprise Linux 5
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Close
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.