samba applies group not user privileges

Issues related to configuring your network
Post Reply
krisr
Posts: 3
Joined: 2012/02/16 21:41:05

samba applies group not user privileges

Post by krisr » 2018/05/28 11:14:18

In short: if directory has 700 permission on linux machine being owner I'm not allowed to open the directory from windows. If I change it to 750 or 770 it works.
The same happens for files (but with 600 vs 640/660) .

The longer description:
I'm reinstalling our server under CentOS7. We were using samba for a simple sharing of directories.
SELinux is off and the firewall allows connections.

Code: Select all

uname -r
3.10.0-862.2.3.el7.x86_64

sestatus
SELinux status:                 disabled

firewall-cmd --zone=public --list-all |grep samba
        rule family="ipv4" source address="XXX.YYY.ZZ.1/24" service name="samba" log prefix="samba" accept
The `testuser` belongs to `testgroup`

Code: Select all

id
uid=1001(testuser) gid=1000(testgroup) groups=1000(testgroup),100(users)

Samba's config-file (some of options like write_list should not be required; valid_users should be enough - I was desperate):

Code: Select all

[global]
... # usual staff like master, group, netbios-name...
        load printers = no
        printing = cups
        veto files = /*.[mM][pP]3
        
        interfaces = lo enp3s0f0
        hosts allow = XXX.YYY.ZZZ.   #could be ignored as handled by firewalld

        security = user
[TestUser]
        path = /home/testuser
        writeable = yes
        browseable = yes
        read only = no
        valid users = testuser
        write list = testuser
        read list = testuser
        printable = no
        create mask = 0640
        directory mask = 710
        force create mode = 0640
        force directory mode = 0710
        inherit acls = no
        inherit permissions = no

I tested all files/directories in question with `getfacl /home/testuser/SOME/PATH` and all they have either 600/700 or 660/770 permissions.

Now the problem:
After giving IP address of the server I'm asked about user/passwd pair and then I see from windows machine all shares available on the linux server. Samba log indicate that testuser has successfully connected to service TestUser. I select my own share and then...

...if group has no read permission (or for directories rx) I am not allowed to open file/dir from windows but I can do whatever I want after log-in with `ssh` to linux machine. If I change permission to 644/750 then I can also work on these files from windows.

If samba is force to write files/dirs with 600/700 then the empty file/dir is created and immediately windows application tells me that I have no rights to work on it.

I don't need to tell that with samba 3.x the same setup was working.

I have no idea how to solve this. Any help would be appreciated.

best regards
Top
Post Reply

Return to “CentOS 7 - Networking Support”