I'm actually running 3.0.3pre2 under FreeBSD 5.2.1, but 3.0.3pre2 is not an option in Bugzilla yet... Upgraded to 3.0.3pre2 from 3.0.2a and now I am unable to write to certain shares. A sample config that no longer works (from testparm): [fun] comment = Fun Stuff path = /usr/home/fun write list = @fun force group = fun create mask = 0664 directory mask = 0775 guest ok = Yes This used to allow anyone to read and people in the fun group to write. Now, everyone can read but no one can write. However, users have no problem writing to their home directories and this share still works fine (from testparm): [web] comment = Web Page path = /usr/local/www/data valid users = noackjr read only = No create mask = 0644 The log for the specific client shows that I am connecting with the correct group (500 = fun): [2004/04/09 06:53:26, 5] smbd/uid.c:change_to_user(267) change_to_user uid=(1001,1001) gid=(0,500) [2004/04/09 06:53:26, 1] smbd/service.c:make_connection_snum(619) 192.168.1.11 (192.168.1.11) connect to service fun initially as user noackjr (uid=1001, gid=500) (pid 34551) However, when I attempt to copy a file ("import") into the share: [2004/04/09 06:53:33, 5] smbd/filename.c:unix_convert(312) New file import [2004/04/09 06:53:33, 3] smbd/dosmode.c:unix_mode(111) unix_mode(import) returning 0664 [2004/04/09 06:53:33, 5] smbd/files.c:file_new(122) allocated file structure 7182, fnum = 11278 (1 used) [2004/04/09 06:53:33, 10] smbd/open.c:open_file_shared1(833) open_file_shared: fname = import, dos_attrs = 0, share_mode = 42, ofun = 12, mode = 664, oplock request = 0 [2004/04/09 06:53:33, 8] lib/util.c:is_in_path(1508) is_in_path: import [2004/04/09 06:53:33, 8] lib/util.c:is_in_path(1512) is_in_path: no name list. [2004/04/09 06:53:33, 4] smbd/open.c:open_file_shared1(1010) calling open_file with flags=0x2 flags2=0x0 mode=0664 [2004/04/09 06:53:33, 3] smbd/open.c:open_file(110) Permission denied opening import [2004/04/09 06:53:33, 5] smbd/files.c:file_free(385) freed files structure 11278 (0 used) [2004/04/09 06:53:33, 10] smbd/trans2.c:set_bad_path_error(2130) set_bad_path_error: err = 1 bad_path = 0 [2004/04/09 06:53:33, 3] smbd/error.c:error_packet(94) error string = Operation not permitted [2004/04/09 06:53:33, 3] smbd/error.c:error_packet(118) error packet at smbd/trans2.c(2139) cmd=45 (SMBopenX) NT_STATUS_ACCESS_DENIED I will email full logs on request.
Still not working with 3.0.3rc1. Again, the write list is ignored even though I can authenticate successfully with other shares. $ smbclient -U noackjr //optimator/fun Password: Domain=[JONES] OS=[Unix] Server=[Samba 3.0.3rc1] smb: \> put CHANGES NT_STATUS_ACCESS_DENIED opening remote file \CHANGES smb: \> quit $ smbclient -U noackjr //optimator/noackjr Password: Domain=[JONES] OS=[Unix] Server=[Samba 3.0.3rc1] smb: \> put CHANGES putting file CHANGES as \CHANGES (401.3 kb/s) (average 401.3 kb/s) smb: \> quit $ smbclient -U noackjr //optimator/web Password: Domain=[JONES] OS=[Unix] Server=[Samba 3.0.3rc1] smb: \> put CHANGES putting file CHANGES as \CHANGES (316.4 kb/s) (average 316.4 kb/s) smb: \> quit
Noticed the change to version 3.0.3: I can confirm that I still see this issue with 3.0.3. Again, I am happy to provide logs on request.
Still present in 3.0.4. I'll attach a level 10 log. The commands used are below. The output of 'testparm -s' is also below. ********************************************************************** $ whoami noackjr $ groups noackjr wheel fun download cvs $ cat sig.txt "Do not worry about your problems with computers, I assure you mine are far greater." -- Jonathan Noack $ sudo /usr/local/etc/rc.d/samba.sh start && smbclient //optimator/fun && sudo /usr/local/etc/rc.d/samba.sh stop ps: kvm_getprocs: No such process Starting SAMBA: removing stale tdbs : /var/db/samba/connections.tdb /var/db/samba/locking.tdb /var/db/samba/messages.tdb /var/db/samba/sessionid.tdb /var/db/samba/brlock.tdb Starting nmbd. ps: kvm_getprocs: No such process Starting smbd. Password: Domain=[JONES] OS=[Unix] Server=[Samba 3.0.4] smb: \> put sig.txt NT_STATUS_ACCESS_DENIED opening remote file \sig.txt smb: \> quit Stopping /usr/local/sbin/nmbd. Waiting for PIDS: 49510. Stopping /usr/local/sbin/smbd. ********************************************************************** $ testparm -s Load smb config files from /usr/local/etc/smb.conf Processing section "[homes]" Processing section "[web]" Processing section "[download]" Processing section "[fun]" Loaded services file OK. # Global parameters [global] workgroup = JONES server string = Samba Server security = SHARE passdb backend = tdbsam log file = /var/log/samba/log.%m max log size = 1000 load printers = No os level = 255 preferred master = Yes domain master = Yes dns proxy = No hosts allow = 127., 192.168.1. [homes] comment = Home Directories read only = No browseable = No [web] comment = Web Page path = /usr/local/www/data valid users = noackjr read only = No create mask = 0644 [download] comment = Downloaded Stuff path = /usr/home/download write list = @download force group = download create mask = 0664 directory mask = 0775 guest ok = Yes [fun] comment = Fun Stuff path = /usr/home/fun write list = @fun force group = fun create mask = 0664 directory mask = 0775 guest ok = Yes **********************************************************************
Created attachment 520 [details] tarred and gzipped level 10 log files
please try the patch in bug 1345
The patch from bug 1345 did not fix this problem.
I confirm too. version 3.0.4 exemple : 1/ readonly = yes write list = @test valid users = @test, @temp --> @test and @temp can't write, 2/ readonly = no write list = @test valid users = @test, @temp --> @test and @temp can write ! (normal) Guillaume
Also, it should be noted that 'read list' does not work correctly either. If you have read only = no, then users in 'read list' will have write access instead of read only access. It basically appears that the 'read only' attribute overrides both 'write list' and 'read list' parameters, which it is not supposed to do (according to the docs).
*** Bug 1532 has been marked as a duplicate of this bug. ***
Created attachment 578 [details] a patch for checking read list/write list parameters when security=share I'm not sure whether I am doing the right thing at the right place or not, but it works for this particular issue.
Created attachment 581 [details] a patch for checking read list/write list parameters when security=share Actually, the same sort of problem exists for "force user" parameter and my previous patch did not take account of that. An example of such configurations would be: [global] security = user [tmp] path = /tmp read only = yes force user = shiro write list = shiro
*** Bug 1844 has been marked as a duplicate of this bug. ***
*** Bug 1319 has been marked as a duplicate of this bug. ***
Please retry with 3.0.23d. This area has completely changed with 3.0.23, so the behaviour is at least completely different. Feel free to re-open if it does not work for you. Volker
Still not fixed in Samba 3.2.4. My smb.conf is: [global] security = share passdb backend = tdbsam [share1] read only = yes write list = share1rw username = share1ro share1rw path = /var/lib/samba/shares/tmp only user = yes If we authorized as share1rw, we cannot write.
Reopened for 3.2.x and above.
Created attachment 3774 [details] Patch for 3.2.x and above. This fixes the problem for me. Please test. Jeremy.
Created attachment 3775 [details] Better patch. Patch for 3.2.x only. Much better patch, changes less. Still works for me. Jeremy.
*** Bug 5905 has been marked as a duplicate of this bug. ***
I tested againt Samba 3.2.6 under #15 env. and found this bug is fixed at 3.2.6. Thanks!
*** Bug 5958 has been marked as a duplicate of this bug. ***
Closing -- please re-open if it's still an issue