[Solved] Samba share setting the group owner to the incorrect group

Issues related to applications and software problems
Post Reply
Chancellor
Posts: 2
Joined: 2018/04/25 02:22:50

[Solved] Samba share setting the group owner to the incorrect group

Post by Chancellor » 2018/04/25 03:03:11

I have just setup a NAS server using CentOS 7 minimal. I have been able to join it to a windows active directory domain (galaxy.far-away-galaxy.com) and set up two smb shares (Media and TimPageBackup).

This issue that I am currently having is that with one of the shares (TimPageBackup) when I create a new folder from windows 10 accessing the smb share it is creating the folder with the incorrect group owner. The user owner is being set to the user that created the folder but the group owner is being set to a random group that the user is a member of.

This can be seen with the ls -l command on the server

Code: Select all

[chancellor@galaxy.far-away-galaxy.com@jedi-archive share]$ ls -l /TimPageBackup/share
total 9652724
-rwxrw-r--. 1 spmilenniumfalcon@galaxy.far-away-galaxy.com domain users@galaxy.far-away-galaxy.com               9884374016 Apr 25 12:40 C_VOL-b001.spf.tmp
drwxrwxr-x. 3 root                                         jedi-archive-timpagebackup@galaxy.far-away-galaxy.com       4096 Apr 25 11:20 ShadowProtect
drwxrwxr-x. 2 hansolo@galaxy.far-away-galaxy.com           galaxy remote users@galaxy.far-away-galaxy.com              4096 Apr 25 12:38 Test
[chancellor@galaxy.far-away-galaxy.com@jedi-archive share]$ ls -l /Media/share
total 16
drwsrwsr-x. 6 root                               jedi-archive-media@galaxy.far-away-galaxy.com 4096 Apr 23 17:57 Data
drwxrwsr-x. 6 root                               jedi-archive-media@galaxy.far-away-galaxy.com 4096 Apr 24 03:02 SoftwareArchive
drwxrwsr-x. 4 root                               jedi-archive-media@galaxy.far-away-galaxy.com 4096 Apr 24 03:17 Table Top RPG
drwxrwsr-x. 2 hansolo@galaxy.far-away-galaxy.com jedi-archive-media@galaxy.far-away-galaxy.com 4096 Apr 25 12:38 Test
[chancellor@galaxy.far-away-galaxy.com@jedi-archive share]$
Notice that the Test folder in the /TimPageBackup/share directory has a group owner of "galaxy remote users@galaxy.far-away-galaxy.com" and I would have expected it to have "jedi-archive-Timpagebackup@galaxy.far-away-galaxy.com" as the group owner as this is the only group that has access to the smb share. This is not an issue if there is only one user accessing the share but as soon as user that is not part of the random group that was selected but is a member of the group that has been given permission to the share tries to access the folder they run into permission issues.

Here is my smb.conf file for reference.

Code: Select all

# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.

[global]
        workgroup = GALAXY
        security = ads
        encrypt passwords = yes
        passdb backent = tdbsam
        realm = galaxy.far-away-galaxy.com

        printing = cups
        printcap name = /dev/null
        load printers = no
        cups options = raw

[Media]
        comment = Media files
        path = /Media/share
        public = no
        writable = yes
        guest ok = no
        valid users = @"jedi-archive-media@galaxy.far-away-galaxy.com"
        create mask = 0775
        directory mask = 0775

[TimPageBackup]
        comment = Shadow Protect Backup
        path = /TimPageBackup/share
        public = no
        writable = yes
        guest ok = no
        valid users = @"jedi-archive-TimPageBackup@galaxy.far-away-galaxy.com"
        create mask = 0775
        directory mask = 0775
I can not see any difference between the two shares so I do not know why one is working and the other is not any help would be greatly appreciated.
Last edited by Chancellor on 2018/04/26 13:01:34, edited 1 time in total.

hunter86_bg
Posts: 2019
Joined: 2015/02/17 15:14:33
Location: Bulgaria
Contact:

Re: Samba share setting the group owner to the incorrect group

Post by hunter86_bg » 2018/04/25 06:42:23

Have you created the top folder with SGID ?
In your case all users should have the same group so you can set the 2 folders '2777' (ownership nobody:groupname) which will guarantee that the files/folders will have the same group.
Another option is to enforce that via samba, but i think that the first option is better ( personal preference).

Chancellor
Posts: 2
Joined: 2018/04/25 02:22:50

Re: Samba share setting the group owner to the incorrect group

Post by Chancellor » 2018/04/26 06:50:54

Thanks hunter86_bg!

That has fixed my issue. For anyone else who has this issue here is what I had to do to deploy the change.
  • Update the smb.conf file - set the create mask to 2775 and the directory mask to 2775
  • sudo chmod -R 2775 /TimPage/Backup
This sets new files and folders to 2775, updates all existing folders and files to 2775 and cleans up the group owner on all folders and files.

Post Reply