Bug 2376 - "write list" not working in securitry = ads
Summary: "write list" not working in securitry = ads
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: File Services (show other bugs)
Version: 3.0.10
Hardware: All Linux
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-02-22 06:07 UTC by Dany Hugelshofer
Modified: 2005-11-15 09:12 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Dany Hugelshofer 2005-02-22 06:07:54 UTC
[root@hugi-s-02 ~]# /usr/sbin/smbd --version
Version 3.0.10-1.fc3

This version has the following bug: "write list" argument does not work, but the 
alias "write ok" does work fine.

My box is as following configured:
I686 PC
Fedora Core 3
ADS Memberserver

when you need additional infos, do not hesitate to ask me.

thanks
Dany
Comment 1 Gerald (Jerry) Carter (dead mail address) 2005-02-22 06:26:54 UTC
'write list' and 'write ok' are not the same parameter.
Are you using 'security = share' by chance ?
Comment 2 Gerald (Jerry) Carter (dead mail address) 2005-02-25 21:19:20 UTC
invalid report
Comment 3 Dany Hugelshofer 2005-02-26 06:55:27 UTC
(In reply to comment #1)

> 'write list' and 'write ok' are not the same parameter.
Oh, da.... , my fault.
But the problem about the "non functional" Write List Parameter still persists.


> Are you using 'security = share' by chance ?
I'm using "Security = ADS"

Here is a dump of the smb.conf file, (prevously i used "Write List" instead of 
"Write Ok", but with no success)

Also remarkable is, the problem occurs only since i updated to 3.0.10 and only 
on new created shares. => as you see in the conf file, i still can use "write 
list" on the share "serverapps$".

#
# ----	SAMBA Configuration file for:
#	
#	Server name:	hugi-s-02
#	     Domain:	hds.hnet.home
#	   Services:	SAMBA ADS member server
#
# ----	Written by:
#
#	     Author:	Dany Hugelshofer
#              Date:	08.04.2004
#
#########################################################################

# ----	General settings
[global]
	netbios name		=hugi-s-02
	workgroup		=hds
	server string		=

	local master		=no
	security		=ads
	realm			=hds.hnet.home

	client ntlmv2 auth	=yes
	server signing		=auto
	
	winbind separator	=+
	winbind uid		=10000-20000
	winbind gid		=10000-20000


# ----	Share definitions
#[exchange$]
#	path			=/data/exchange
#	comment			=HNET public exchange drive
#	read only		=no
#	admin users		=@hds+"Domain Users"


#[data$]
#	path			=/data/data
#	comment			=HNET data drive
#
#	valid users		=@hds+hnetUF_Family @hds+hnetUS_DomainAdmins
#	admin users		=@hds+hnetUS_DomainAdmins
#	write list		=@hds+hnetSH_Data


[serverapps$]
	path			=/data/serverapps
	comment			=HNET terminal apps

	inherit permissions	=yes
	inherit acls		=yes
	valid users		=@hds+hnetUF_Family @hds+hnetUS_DomainAdmins
	admin users		=@hds+hnetUS_DomainAdmins"
	write list		=@hds+hnetSH_Serverapps


[install$]
	path			=/data/install
	comment			=HNET - setup and driver pool

	inherit permissions	=yes
	inherit acls		=yes
	write ok		=@hds+hnetSH_Install
	admin users		=@hds+hnetUS_DomainAdmins
	valid users		=@hds+hnetUF_Family @hds+hnetUS_DomainAdmins


[home$]
	path			=/data/home
	comment			=Home directories on HNET

	inherit permissions	=yes
	inherit acls		=yes
	valid users		=@hds+hnetUF_Family @hds+hnetUFR_Friends @hds+hnetUS_DomainAdmins
	admin users		=@hds+hnetUS_DomainAdmins
	read only		=no

[test$]
	path			=/data/test
	comment			=unix permissions and smbd testing

	inherit permissions	=yes
	inherit acls		=yes
	write ok		=@hds+hnetSH_Test
	admin users		=@hds+hnetUS_DomainAdmins
	valid users		=@hds+"Domain Users"
Comment 4 Dany Hugelshofer 2005-02-26 07:32:36 UTC
i've just realized, that the parameter "write ok" is boolean, so my smb.conf has 
a little bit of rubish inside.

but anyway, new created shares with "write list" does not work, => permission 
for writing is still denied.
The log file writes "No write permission on read only share"

the specified groups for "write list" are available trough Winbind (chgrp) - 
generaly winbind works fine.
Comment 5 Gerald (Jerry) Carter (dead mail address) 2005-02-26 07:39:28 UTC
reopening for further investigation
Comment 6 Gerald (Jerry) Carter (dead mail address) 2005-11-15 09:12:33 UTC
This should be fixed with Gunether's PAC work in 3.0.21rc1