Hello I can't delete or rename file when connected with user that is member of group, tha has all permissions to file and directory. This, btw, happens only when I connect via Windows client. Same try with smbclient works. So more details. : I have this file : bash-3.00# getfacl test.txt # file: test.txt # owner: root # group: domain users user::rw- user:administrator:rwx #effective:rwx group::r-- #effective:r-- group:domain admins:rwx #effective:rwx group:inspectsystems:rwx #effective:rwx group:inspect admin:rwx #effective:rwx mask:rwx other:r-- bash-3.00# getfacl . # file: . # owner: root # group: domain users user::rwx user:administrator:rwx #effective:rwx group::r-x #effective:r-x group:domain admins:rwx #effective:rwx group:inspectsystems:rwx #effective:rwx group:inspect admin:rwx #effective:rwx mask:rwx other:r-x default:user::rwx default:user:administrator:rwx default:group::--- default:group:domain admins:rwx default:group:inspectsystems:rwx default:group:inspect admin:rwx default:mask:rwx default:other:r-x bash-3.00# When I try to delete or rename this file when conencted as user that is member of inspectsystems group I always get "access denied" : Z:\test>ren test.txt 1.txt Access is denied. Z:\test>del test.txt Z:\test\test.txt Access is denied. Z:\test> Here is last lines from "debug level" 10 for this operation : [2005/05/13 13:04:40, 10] smbd/statcache.c:stat_cache_lookup(243) stat_cache_lookup: lookup succeeded for name [TEST/TEST.TXT] -> [test/test.txt] [2005/05/13 13:04:40, 10] smbd/reply.c:can_delete(1502) can_delete: test/test.txt, dirtype = 0 [2005/05/13 13:04:40, 8] smbd/dosmode.c:dos_mode(283) dos_mode: test/test.txt [2005/05/13 13:04:40, 8] smbd/dosmode.c:dos_mode_from_sbuf(151) dos_mode_from_sbuf returning [2005/05/13 13:04:40, 8] smbd/dosmode.c:dos_mode(315) dos_mode returning [2005/05/13 13:04:40, 10] smbd/posix_acls.c:check_posix_acl_group_write(3874) check_posix_acl_group_write: file test match on group 101075 -> can write. [2005/05/13 13:04:40, 10] smbd/posix_acls.c:check_posix_acl_group_write(3919) check_posix_acl_group_write: file test returning (ret = 2). [2005/05/13 13:04:40, 3] smbd/error.c:error_packet(129) error packet at smbd/nttrans.c(800) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED (can send full file if required) Group 101075 is inspectsystems and user is member of that group. Why samba decide "can write" and later denies access ? Same operation via smbclient using same user credentials is working : smb: \test\> smb: \test\> dir received 3 entries (eos=1) . D 0 Fri May 13 13:14:41 2005 .. D 0 Fri May 13 12:54:05 2005 test.txt 7 Fri May 13 12:54:31 2005 42939 blocks of size 16777216. 42415 blocks available Total bytes listed: 7 smb: \test\> rename test.txt 1.txt smb: \test\> dir received 3 entries (eos=1) . D 0 Fri May 13 13:15:01 2005 .. D 0 Fri May 13 12:54:05 2005 1.txt 7 Fri May 13 12:54:31 2005 42939 blocks of size 16777216. 42415 blocks available Total bytes listed: 7 smb: \test\> But I think this is a little bit different when using native Windows and smbclient ? Any tips ? Thank you ! With best regards Martynas Buozis
Hi again Forgot to update OS and Hardware for Samba server, so changing with this submit. Martynas
Another thing (I am not sure if it's important) that I forgot to mention - I can update that file, but not delete : Z:\test>dir Volume in drive Z is august Volume Serial Number is 1C94-0B0F Directory of Z:\test 2005.05.13 13:15 <DIR> . 2005.05.13 12:54 <DIR> .. 2005.05.13 12:54 7 1.txt 1 File(s) 7 bytes 2 Dir(s) 711,595,255,808 bytes free Z:\test>echo tttt > 1.txt Z:\test>copy 1.txt con tttt 1 file(s) copied. Z:\test>del 1.txt Z:\test\1.txt Access is denied. Z:\test> Martynas
Hello This is already look like a big problem at least for me. Users keep bugging me that they can't delete/rename files. Can somebody take a look ?.. Thank you ! With best regards Martynas
Could you please check bug #2346 comment #16 et. seq.? Jeremy: If this isn't the case please have a look.
Hello Thank you for response. I tried applied patch from bug #2346, but it was not helpful : [2005/05/18 14:42:11, 10] smbd/nttrans.c:map_share_mode(423) map_share_mode: FILE_SHARE_DELETE requested. open_mode = 0x8000 [2005/05/18 14:42:11, 10] smbd/nttrans.c:map_share_mode(427) map_share_mode: DELETE_ACCESS requested. open_mode = 0x8000 [2005/05/18 14:42:11, 10] smbd/nttrans.c:map_share_mode(480) map_share_mode: Mapped desired access 0x10000, share access 0x7, file attributes 0x0 to open_mode 0x8040 [2005/05/18 14:42:11, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "test/1.txt" [2005/05/18 14:42:11, 10] smbd/statcache.c:stat_cache_lookup(243) stat_cache_lookup: lookup succeeded for name [TEST/1.TXT] -> [test/1.txt] [2005/05/18 14:42:11, 10] smbd/reply.c:can_delete(1502) can_delete: test/1.txt, dirtype = 0 [2005/05/18 14:42:11, 8] smbd/dosmode.c:dos_mode(283) dos_mode: test/1.txt [2005/05/18 14:42:11, 8] smbd/dosmode.c:dos_mode_from_sbuf(151) dos_mode_from_sbuf returning [2005/05/18 14:42:11, 8] smbd/dosmode.c:dos_mode(315) dos_mode returning [2005/05/18 14:42:11, 10] smbd/posix_acls.c:check_posix_acl_group_write(3889) check_posix_acl_group_write: file test match on group 101075 -> can write. [2005/05/18 14:42:11, 10] smbd/posix_acls.c:check_posix_acl_group_write(3934) check_posix_acl_group_write: file test returning (ret = 2). [2005/05/18 14:42:11, 3] smbd/error.c:error_packet(129) error packet at smbd/nttrans.c(800) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED Anything else can be done to solve this issue ? Thank you for support. With best regards Martynas
Hello Bug is fixed at least in version 3.0.15pre3-SVN-build-6959. Thank you ! Now I made my users really happy again. Martynas
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.