Created attachment 10978 [details] config file See related bug #9746. Setting share "force user = nfsnobody" and "guest_only = yes" with global "guest account = nfsnobody" means you can create a file but not delete it. If I comment out the "force user", I can both create and delete OK. This is different from previous behavior with the same config file. (Though it may be my config setup was odd or wrong all along.) It looks like Jeremy's patch for #9746 wouldn't have this issue, but it sounds like there was some discussion on IRC resulting in Andrew's patch being preferred. With force user, the security token has SID's like this: SID[ 0]: S-1-22-1-65534 <== nfsnobody SID[ 1]: S-1-22-2-65534 <== nfsnobody SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-32-546 Without force user, the security token has SID's like this: SID[ 0]: S-1-5-21-1728798723-2110846055-115949566-501 <== default guest SID[ 1]: S-1-5-21-1728798723-2110846055-115949566-514 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-32-546 SID[ 5]: S-1-22-1-65534 <== nfsnobody And it's the -501 trustee which has rwx permission. What approach do you like for fixing this: (a) set use_guest_token TRUE when the force user is the same as guest account or (b) put the missing guest SID's in the security token on the force user path or (c) something else ? Config and log attached. Look for DENIED in the log.
Created attachment 10979 [details] log file
As mentioned on IRC, Samba 3.6 is discontinued. The current supported releases are 4.1 and 4.2, with Samba 4.0 getting security updates only. As such, the first step is to reproduce the issue with GIT master, and if possible propose a fix there, so we can consider backporting it to 4.0 and 4.1.