Web lists-archives.com

Re: [Samba] User permissions of profile/home directory lost

On Wed, 28 Feb 2018 21:00:24 -0700
"Paul R. Ganci via samba" <samba@xxxxxxxxxxxxxxx> wrote:

> Hi All,
> I run a small domain for my home that consists just of two user 
> accounts... one for my wife and one for me. I just have a single DC
> and the home and profile shares are located on the DC. For years this
> setup has served just fine giving me access to both linux and windows
> with a unified authentication and file server base.
> However, on Monday around 12 noon MST my wife lost permissions to her 
> home and profile directories on both our Windows 7 Pro and CentOS 6&7 
> systems. If I logged into the DC and did 'getent passwd' her account 
> showed up correctly. A 'ls -lat' command showed that the
> directory/files were owned properly by my wife's account. A getfacl
> showed that the ACLs were exactly like my own account which
> functioned properly. There was absolutely no reason for her to be
> denied permission to her directories or the files contained therein.
> And the permission issue was present even on the DC.
> After struggling with this problem for the past 48 hours I decided to
> do a 'chown -R' on her profile and home directories, even though I
> thought this was silly since other linux commands indicated
> everything was setup correctly. Much to my surprise the 'chown -R'
> command fixed the problem.
> I am at a loss as to what could have possibly occurred to make the DC 
> believe that my wife's account was not the owner of her home and
> profile directory and the files contained in those directories. It
> seems even stranger that on the DC, linux indicated that my wife's
> account owned the files but yet would not grant permission even
> though the ownership and ACLs were correct.
> Everything is well now, albeit for how long I don't know. I would be 
> extremely grateful for any thoughts on what might have occurred and
> how to avoid this issue in the future. My wife's email was lost for
> ~48 hours because a bounce occurred due to the inability of dovecot
> to write to her account's maildir. Needless to say my wife was not
> happy and an unhappy wife ... well I let's just say I would like to
> avoid that in the future.
> Thank you for any insights.

Is this a PDC (NT4-style domain) or an AD DC ?
Either way, I have never heard of anything like this happening before,
perhaps it might help if you post your smb.conf.


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba