Bug 2153 - Group permissions being partially ignored.
Summary: Group permissions being partially ignored.
Status: RESOLVED INVALID
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: File Services (show other bugs)
Version: 3.0.9
Hardware: All Linux
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-12-13 10:23 UTC by Rodrigo Severo
Modified: 2005-01-11 06:52 UTC (History)
1 user (show)

See Also:


Attachments
Log leve 10 of file access resulting in readonly access (6.13 KB, application/octet-stream)
2004-12-13 10:26 UTC, Rodrigo Severo
no flags Details
Log level 10 of failed "touch new_file" (2.29 KB, application/octet-stream)
2004-12-13 10:28 UTC, Rodrigo Severo
no flags Details
smb.conf (2.12 KB, text/plain)
2004-12-13 10:36 UTC, Rodrigo Severo
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Rodrigo Severo 2004-12-13 10:23:53 UTC
Group permissions aren't working as expected in two different situations:

1. I have the following file:

-r--rw----  1 apache_user developers_group 13285 Dec  9 12:53 index.html

I am a member of developers_group (not my primary group) and I can't edit this
file. If I give apache_user (the file's owner) the write permission then I can
edit the file. Why?

This only happens when I access the file through Samba, on the server itself
these rights work as I expect, i.e., no need of write permission to the owner.

2. I have the following directory:

dr-xrws---  1 apache_user developers_group     0 Mar 18  2004 userimages/

Again I, as a member of developers_group, should be able to create a new file.
But I can't: permission denied.

I saw bug #1126 that seems the same as this except that, as per Paul Gienger,
bug #1126 is strictly Solaris related.

If Paul is right, I believe I'm actually reporting a new bug. If not, please
forgive me for the duplicate bug.

BTW I using ldap based authentication and I have "unix extensions = yes".

This same behaviour has been observed on a Samba 3.0.8 server.
Comment 1 Rodrigo Severo 2004-12-13 10:26:34 UTC
Created attachment 839 [details]
Log leve 10 of file access resulting in readonly access

This is a log level 10 of a failed editing session of a file through Samba
which resulted in readonly access.

I expected read/write access.
Comment 2 Rodrigo Severo 2004-12-13 10:28:51 UTC
Created attachment 840 [details]
Log level 10 of failed "touch new_file"

Log level 10 of a failed "touch new_file" through a Samba share.

I expected a successfull creation of the file.
Comment 3 Rodrigo Severo 2004-12-13 10:36:02 UTC
Created attachment 841 [details]
smb.conf

My smb.conf file for your reference.
Comment 4 Andrew Bartlett 2004-12-22 20:02:22 UTC
I think this is by design.  The owner write bit is used to store the 'read only'
dos attribute.
Comment 5 Rodrigo Severo 2005-01-11 05:34:55 UTC
I believe you are right Andrew. It makes sense.

Even the Official HOWTO mentions it at
<http://samba.org/samba/docs/man/Samba-HOWTO-Collection/AccessControls.html#id2543920>.

Thanks for your attention.

I think this bug can be closed if Andrew's info is confirmed.
Comment 6 Gerald (Jerry) Carter (dead mail address) 2005-01-11 06:52:56 UTC
andrew's correct.