The Samba-Bugzilla – Bug 3449
hide unreadable option hides too much
Last modified: 2008-12-29 06:08:11 UTC
As explained in the URL, this is Debian bug #331502.:
On a production server that I am maintaining, I use the option "hide
unreadable" to keep unauthorized users from seeing such restricted
directories and files.
It worked perfectly up to version 3.0.11 of samba. Some later version
changed that and version 3.0.14a-3 still hides those directories from
This bug could be related to bug#305747: samba: 'hide special files' option
hides *all* files in 3.0.14a-1
This is actually *not* related to Debian bug #305747 which has been solved by upstream.
I can confirm this bug myself:
hide unreadable = yes
root@mykerinos:/var/tmp/samba-test# ls -la
drwxrwxrwx 2 root root 26 2006-01-25 06:45 .
drwxrwxrwt 9 root root 4096 2006-01-25 06:44 ..
-rw------- 1 root root 0 2006-01-25 06:45 bar
-rw------- 1 spongebob spongebob 0 2006-01-25 06:45 foo
bubulle@mykerinos:~/src/debian/build> smbclient \\\\127.0.0.1\\public
Domain=[CC-MYKERINOS] OS=[Unix] Server=[Samba 3.0.21a]
smb: \> ls
. D 0 Wed Jan 25 06:45:16 2006
.. D 0 Wed Jan 25 06:44:31 2006
60675 blocks of size 32768. 30136 blocks available
As you see, what is expected is "spongebob" to see the "foo" file
while he should not see "bar".
I did some further investigation on this behavior.
Interestingly, some strange combination of client OS and directory name on the server seems to result in this behavior.
Given: Client-OS: Windows 98 SE
Samba 3.0.14 (Debian Sarge)
There's a directory on the server, that's owned be root.somegroup, with permissions of 0770. The user on the client machine is in group "somegroup", primary group is "othergroup".
Now, it seems that as soon as the directory is named "y-something" or "Y-something" everything that would normally appear beneath that group is invisible (it's still accessible, tho).
Now, change the Samba Server version to 3.0.11 and everything will get listed.
Or change the name from "y-something" to "y_something" or "x-something" or "z-something"...
Or: leave the Samba Server at version 3.0.14 and the directory named "y-something" and just used Windows XP (SP2) as the client OS - instead of Windows 98 SE. Same user, but in this combination "y-something" is visible...
So, it seems that either Windows 98 SE sends a different request that causes Samba Version > 3.0.11 to choke on dirs called "y-something" or Samba Version > 3.0.11 changed something that causes Windows 98 SE to choke on dirs called "y-something". And to repeat: it's not just that directory that's hidden, it's everything that would be listed beneath/after/below that directory.
This behavior first appeared in version 3.0.12. 3.0.11 works fine.
same problem with ACL and hide unreadable option hides too much
drwxrwx---+ 2 root root 48 May 7 15:28 usera/
sll:/smb/stuffer/tmp # getfacl *
# file: usera
# owner: root
# group: root
File usera is not visible to user erich
Checking in 3.3.0rc2 and 3.2.5, this bug is no longer here