The Samba-Bugzilla – Bug 4331
Messes up file permissions in some conditions
Last modified: 2013-12-11 12:29:40 UTC
This has been reported by a Debian user, then later confirmed by another:
First user, John Goerzen:
We are running Samba 3.0.23c on Debian.
Over the weekend, we updated out file server to Debian's kernel 2.6.18.
We had previously never run a kernel with ACL support enabled. Since
the upgrade, we are seeing very strange permission behavior. It appears
to berelated to POSIX ACL support in Samba.
It seems that what's happening is this.
We have a number of files that are user/group writable (permissions 0664).
When a user that is someone other than the Unix owner of the file writes
to it, the permissions switch to 0474 (-r--rwxr--) and an ACL is added
with this second user getting read/write permission to it.
Unfortunately, the Unix owner of the file now is locked out of writing
We never had any problem with permissions on these files before using
the ACL-enabled kernel.
Second user, Geoff Crompton:
I'm also having this problem.
in my case, using ext3:
/dev/sda2 on /var/local type ext3 (rw,noatime,acl,user_xattr)
I've got the following global samba settings:
inherit acls = yes
ea support = yes
map acl inherit = yes
nt acl support = yes
And for that share I've got the following share specific settings:
comment = Company Files
path = /var/local/company
guest ok = No
browseable = Yes
read only = No
valid users = @users, root
invalid users = dataentry
directory mask = 0775
create mask = 0775
force group = users
admin users = root
nt acl support = yes
I can confirm that I get the same weird behaviour, ie what John Goersen
> When a user that is someone other than the Unix owner of the file
> writes to it, the permissions switch to 0474 (-r--rwxr--) and an ACL
> is added with this second user getting read/write permission to it.
Another comment from the second user reporting the bug:
My tests show that this problem has occured with excel 2003, and word
2003, but not with just a text file and using notepad.
It might be related to https://bugzilla.samba.org/show_bug.cgi?id=1094.
I'm unclear from that bug report if the solution was found, or not.
Created attachment 2252 [details]
Level 10 log file
Our user sent us a level 10 log file of his server when he experinced the problem
User's comment about the logfile I just sent:
I tried to email you the file, but even when bzipped it was too large
for the debian servers. So you can download it from here for the next 10
I've tried to highlight when things happened, hope thats helpful. The
line numbers may only be a guide though, I don't really know what will
be useful in the log file.
Before test, temp/Test_Sharing.xls had -rwxrw-r--
8:41:07, line 30909
testuser2 opened an existing file temp/Test_Sharing.xls.
8:41:13, line 40678
testuser2 Modified and saved file succesfully. Excel however showed the
message "The document was saved successfully, but Excel cannot re-open
it because of a sharing violation. Please close the document and try to
open it again."
File permissions are now -r--rwxr--+, and getfacl shows:
# file: Test_Sharing.xls
# owner: testuser2
# group: users
8:42 line 236239
testuser2 opened file, but couldn't save it, opened readonly
8:43 line 406609
tesuser1 opened file, but couldn't save it, opened readonly
Debian System Administrator
+61 3 9340 9000
Yet another user comment:
I've also just ran a test where I tried this on a share that has "nt acl
support = no". I didn't have any problems in this case. So this might be
an effective work around for my system.
. (don't worry, just a test I need on own of my bugs. Sorry for the noise)
the bug report was for 3.0.23c. I am pretty sure that this is not an issue in recent samba versions any more. If you can reproduce it with latest samba 4 releases, please reopen.