As explained in the URL, this is Debian bug #331502.: On a production server that I am maintaining, I use the option "hide unreadable" to keep unauthorized users from seeing such restricted directories and files. It worked perfectly up to version 3.0.11 of samba. Some later version changed that and version 3.0.14a-3 still hides those directories from authorized users. This bug could be related to bug#305747: samba: 'hide special files' option hides *all* files in 3.0.14a-1 This is actually *not* related to Debian bug #305747 which has been solved by upstream. I can confirm this bug myself: smb.conf excerpt: security=user [public] directory mask=0700 browseable=yes comment=Public read only=no create mask=0770 public=yes path=/var/tmp/samba-test hide unreadable = yes root@mykerinos:/var/tmp/samba-test# ls -la total 4 drwxrwxrwx 2 root root 26 2006-01-25 06:45 . drwxrwxrwt 9 root root 4096 2006-01-25 06:44 .. -rw------- 1 root root 0 2006-01-25 06:45 bar -rw------- 1 spongebob spongebob 0 2006-01-25 06:45 foo bubulle@mykerinos:~/src/debian/build> smbclient \\\\127.0.0.1\\public -U spongebob Password: Domain=[CC-MYKERINOS] OS=[Unix] Server=[Samba 3.0.21a] smb: \> ls . D 0 Wed Jan 25 06:45:16 2006 .. D 0 Wed Jan 25 06:44:31 2006 60675 blocks of size 32768. 30136 blocks available As you see, what is expected is "spongebob" to see the "foo" file while he should not see "bar".
I did some further investigation on this behavior. Interestingly, some strange combination of client OS and directory name on the server seems to result in this behavior. Given: Client-OS: Windows 98 SE Samba 3.0.14 (Debian Sarge) There's a directory on the server, that's owned be root.somegroup, with permissions of 0770. The user on the client machine is in group "somegroup", primary group is "othergroup". Now, it seems that as soon as the directory is named "y-something" or "Y-something" everything that would normally appear beneath that group is invisible (it's still accessible, tho). Now, change the Samba Server version to 3.0.11 and everything will get listed. Or change the name from "y-something" to "y_something" or "x-something" or "z-something"... Or: leave the Samba Server at version 3.0.14 and the directory named "y-something" and just used Windows XP (SP2) as the client OS - instead of Windows 98 SE. Same user, but in this combination "y-something" is visible... So, it seems that either Windows 98 SE sends a different request that causes Samba Version > 3.0.11 to choke on dirs called "y-something" or Samba Version > 3.0.11 changed something that causes Windows 98 SE to choke on dirs called "y-something". And to repeat: it's not just that directory that's hidden, it's everything that would be listed beneath/after/below that directory. This behavior first appeared in version 3.0.12. 3.0.11 works fine. Thanks!
same problem with ACL and hide unreadable option hides too much drwxrwx---+ 2 root root 48 May 7 15:28 usera/ sll:/smb/stuffer/tmp # getfacl * # file: usera # owner: root # group: root user::rwx user:erich:rwx group::rwx mask::rwx other::--- File usera is not visible to user erich
Checking in 3.3.0rc2 and 3.2.5, this bug is no longer here