samba-users February 2012 archive
Main Archive Page > Month Archives  > samba-users archives
samba-users: Re: [Samba] A windows user can create a file, but c

Re: [Samba] A windows user can create a file, but cannot delete

From: Michael P. Demelbauer <michael.demelbauer_at_nospam>
Date: Tue Feb 21 2012 - 11:11:59 GMT
To: samba@lists.samba.org

On Tue, Feb 21, 2012 at 12:43:14PM +0700, Victor Sudakov wrote:
> Colleagues,
>
> I have encountered a weird problem (FreeBSD 8.2, samba34-3.4.14).
> A user can create files in a samba share but cannot delete files from
> it (unless she is the owner of the file).
>
> The user is a member of a group with rwx permissions on this directory
> granted by a Posix ACL entry. The user can create and delete files in
> the directory from the shell on the file server (which is correct
> according to Unix logic), but only create from the Windows client.
>
> smbd seems to be interfering somehow with unlink(). If I make the user
> the owner of the file, or a member of the file's primary group, now
> the user can delete the file. If a user is a member of some other
> group which has rwx permissions on the directory, the user can only
> create files but not delete them.
>
> Certainly it's not a Unix permission issue. There is no "read only"
> attribute on the files, no sticky bit on the directory, no weird
> UFS file flags and attributes.
>
> I have tried "acl check permissions" both yes and no with no effect.
>
> TIA for any ideas. I have seen people with similar problems, like
> http://lists.samba.org/archive/samba/2006-May/120521.html
> but never a solution.
>
> --
> Victor Sudakov, VAS4-RIPE, VAS47-RIPN
> sip:sudakov@sibptus.tomsk.ru
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba

Sorry, I'm not a Samba-expert, but as far as I know, the following parameter(s?) in smb.conf take care of this in our config
(samba-3.0.9-1.3E.5 on an older linux machine):
inherit permission = yes

As far as we tested it, Linux-ACLs are working as expected with this.

One more question: You put default permissions on your ACL-entries (setfacl ... -m -d ... here) to define what permissions the directory passes on?
Or are you talking of normal UNIX-Permissions not ACLs?

Cheers
Michael
-- Michael P. Demelbauer Systemadministration WSR Arsenal, Objekt 20 1030 Wien -------------------------------------------------------------------------------------------------------------- /earth is 98% full ... please delete anyone you can. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba