We have encountered an issue affecting Windows Offline Files when a directory on a Samba share has the Windows read‑only attribute set. In Windows, the read‑only attribute on directories is not intended to restrict modification; it functions as a UI hint rather than an access‑control mechanism.
However, in Samba 4.20.6, setting the read‑only attribute on a directory causes Windows Offline Files to fail with a permission error when the client goes offline. While the Windows client remains online, all operations continue to work normally.

Steps to Reproduce

Create a directory on a Samba share.
Set the Windows Read‑only attribute on that directory using attrib or a script.
(Note: Setting the attribute via the Windows Explorer UI does not work.)
Enable Windows Offline Files for the share.
Ensure the directory is fully synced.
Disconnect the client from the network (e.g., disable the network interface).
Attempt to create a file or folder inside the offline‑cached directory.


Observed Result
Windows reports a permission error when attempting to create files or folders offline.
Expected Behavior
Creating files or folders should succeed offline, consistent with Windows server behavior and with Samba versions prior to 4.18.

Additional Technical Details
When preparing to operate offline, Windows uses the SMB2_CREATE_QUERY_MAXIMAL_ACCESS_REQUEST create context to determine and cache the allowed access mask for the directory.

In Samba 4.17, the returned access mask was:
0x001f01ff
In Samba 4.20, the returned access mask is reduced to:
0x000c00e9

The reduced mask appears to cause Windows to treat the directory as lacking sufficient permissions for offline modifications.
We traced the regression to a behavior change introduced in Samba 4.18, likely related to the logic around read‑only directory handling in open.c:
https://gitlab.com/samba-team/samba/-/blob/samba-4.18.0/source3/smbd/open.c?ref_type=tags#L3505