Created attachment 15371 [details] Log.smbd with NT_STATUS_ACCESS_DENIED Hello, since at least RHEL7.6, the windows user logged into samba share as a guest is not able get write access to create any file or directory for example. Some additional information: [root@%TESTING_VM% samba]# testparm -s rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Registered MSG_REQ_POOL_USAGE Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[homes]" Processing section "[data]" Loaded services file OK. WARNING: The 'netbios name' is too long (max. 15 chars). Server role: ROLE_STANDALONE # Global parameters [global] map to guest = Bad User security = USER server string = Samba Server Version %v workgroup = MYGROUP idmap config * : backend = tdb [homes] comment = Home Directories read only = No [data] comment = Public share guest ok = Yes path = /data read only = No [root@ci-vm-10-0-138-64 data]# ls -alRZ .: drwxrwxrwx. nobody nobody unconfined_u:object_r:samba_share_t:s0 . dr-xr-xr-x. root root system_u:object_r:root_t:s0 .. drwxr-xr-x. nobody nobody unconfined_u:object_r:samba_share_t:s0 testdir ./testdir: drwxr-xr-x. nobody nobody unconfined_u:object_r:samba_share_t:s0 . drwxrwxrwx. nobody nobody unconfined_u:object_r:samba_share_t:s0 .. In the entry share directory called "data" with directory permissions set to 775, guest account mapped to "nobody" is allowed to create files. On the other hand, in inner directory called "testdir" with permissions set to 755, guest account is unable to create anything. If the permissions are set to 775 it works as expected. I've tried this scenario from Window Server 2019 and from Windows 10 using File Explorer GUI.
After reading https://lists.samba.org/archive/samba/2019-August/225498.html, I've tried to look at the permissions from windows client and nothing was set therefore denied access is reasonable here. Is this a bug ? Or is there any way how to have this permissions set automatically ?
this is more of a support request, we'can't handle this in bugizlla, please consult the samba mailing list or some other support option from https://www.samba.org/samba/support/