Web lists-archives.com

Re: [Samba] Weird permissions issues with samba shares and XFS




Hi Louis,

Thanks for answering.

On Thu, Jun 14, 2018 at 4:56 PM, L.P.H. van Belle via samba <
samba@xxxxxxxxxxxxxxx> wrote:

> Read this :
>
> SHARE Permissions:
> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
> See : Setting Share Permissions and ACLs
> Click Start, enter Computer Management, and start the application.
> Select Action / Connect to another computer.
> Enter the name of the Samba host and click OK to connect the console to
> the host.
> Open the System Tools / Shared Folders / Shares menu entry.
>
> Folder permissions:
> Use explorer, browse to a folder, goto the security tab.
>
> Your problem is the "SHARE" permission.
>
> By default the SHARE permission is everybody Full controll
> Thats ok, now everybody is able to read/write..
> But only if the FOLDER permissions allow it.
>

So right now, I am not so concerned about the exact permissions as much as
understanding why something cannot be accessed at all (in particular just
listing directory content).


> My guess..
> /storage/test does not have the correct persmissions
> Share permissiong allow to write but Folder permissions not.
>
> And cp...
>
> cp -a  --preserve=xattr  wil help imo.
>

Thanks, I was not aware of this option, though here `cp -a` was actually
enough to get access (while adjusting unix + acl manually to match did not
work).


> Below i bit more
>
> > -----Oorspronkelijk bericht-----
> > I created three entries in our server's smb.conf:
> >
> > [test]
> >         path = /storage/test
> >         comment = Sharing root of XFS
> > [test-foo]
> >         path = /storage/test/foo
> >         comment = Sharing foo
> > [test-bar]
> >         path = /storage/test/bar
> >         comment = Sharing bar
> >
> > I can list all 3 shared with `smbclient -L //localhost`, as
> > expected. Now
> > for the issues I cannot figure out:
> >
> > 1. doing `ls` in `smbclient //localhost/test`, I get
> > "NT_STATUS_ACCESS_DENIED listing \*"
>
> Yes, but which user is runing the command?
>

Here every folder has at least r and x for others, so it should not matter
in this case, right ? But just in case, the user is `dcournapeau` and:

$ groups
dcournapeau domain_users research_engineering vpn_access ml_engineering
server_admins cglnas01_ssh_access global_ssh_access cglnas01_admins
backup_admins lastpass_sync-exempt prtg_monitor_access ml_assignment
hwr_data

My number one issue is the different behavior for 2 directories that seem
to have exactly the same permissions.

> ls -l /storage/test/
> > drwxrwxr-x+ 2 root domain_admins 6 Jun 14 10:37 bar
> > drwxrwxr-x+ 2 root domain_admins 6 Jun 14 10:37 foo
>
> You missed ls -l /storage
> What are the rights on /storage/test ?


Indeed:

$ ls -l /storage/
drwxrwxr-x. 4 root domain_admins   28 Jun 14 10:37 test

Thank you for your help,

David


>
Greetz,
>
> Louis
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>



-- 
*ダビド・クルナポ*
David Cournapeau, PhD
シニアリサーチエンジニア

*株式会社Cogent Labs*
〒150-0034 東京都渋谷区代官山町
20-23 TENOHA LAB
Tel: 03 6773 1836 <0367731836>

*Direct: 070 3123 1394 <07031231394>*
dcournapeau@xxxxxxxxxxxx

*www.cogent.co.jp <https://www.cogent.co.jp>*
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba