Bug 15180 - Inconsistent interpretation of UNIX folder permissions
Summary: Inconsistent interpretation of UNIX folder permissions
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services (show other bugs)
Version: 4.15.5
Hardware: x64 Linux
: P5 normal (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-09-15 09:53 UTC by Vicente Roca
Modified: 2022-09-23 02:21 UTC (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Vicente Roca 2022-09-15 09:53:40 UTC
We are using CIFS to mount user's home directories in our desktops. Unix Extensions are needed in order to start Gnome/KDE sessions over a CIFS fs.

Desktop systems are running AlmaLinux 8.6 (4.18.0-372.19.1.el8_6 --- CIFS Version 2.29 ---) and home dirs are mounted with these options: sec=krb5,domain=XXXX,vers=1.0,noforceuid,noforcegid,nobrl,iocharset=utf8

The server is running AlmaLinux 8.6 (4.15.5-8.el8_6), with userquota enabled and as domain member.

The desktop users cannot modify the permissions of a directory inside their home when the directory has not 'rwx' permissions for the owner. However, this does not happen with samba 4.13.3.

[user@desktop ~]$ mkdir FOLDER
[user@desktop ~]$ ls -ld FOLDER
drwx------ 2 user users 0 sep 15 09:35 FOLDER
[user@desktop ~]$ chmod u-rwx FOLDER/
[user@desktop ~]$ ls -ld FOLDER
ls: cannot access 'FOLDER': Permission denied
[user@desktop ~]$ chmod u+rwx FOLDER/
chmod: cannot access 'FOLDER/': Permission denied
Comment 1 Björn Jacke 2022-09-15 11:41:53 UTC
I'm afraid without more debugging the cause of the problem from your side this bug report will not end up anywhere. Increase the log level and make a network trace and find out where things are going wrong and come up with more details here. Eventually support from a company like those listed at https://www.samba.org/samba/support/globalsupport.html might be a good option also.
Comment 2 Rowland Penny 2022-09-15 18:17:35 UTC
(In reply to Björn Jacke from comment #1)
As Bjorn says, we are going to need more information, amongst which would be your smb.conf files.

I did notice this:

drwx------ 2 user users 0 sep 15 09:35 FOLDER

Why is the group 'users' and not 'Domain Users' if this is a Unix domain member ?