Secondary group member can't write on samba share if they have full permission
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Secondary group member can't write on samba share if they have full permission
Hi All,
Few days ago I have implemented Samba-LDAP PDC. and also a file server. File server join with PDC. Everything is working fine. I make two group in in PDC, and create some user .
In file server I make a share folder. Then I am setting acl for both groupsand give rwx permission on share folder. When I am browsing share folder on Windows client Only Primary groups user have rwx permission on this and secondary group users only get read(r--) permission, although they have full permission(rwx) on this share folder.
When try to wite on share folder as a secondary group member I get following error--
[root@flsrv ~]# smbclient //192.168.2.27/test -U jen
Password:
Domain=[PDCNOIDA] OS=[Unix] Server=[Samba 3.0.33-3.7.el5]
smb: \>
smb: \> dir
. D 0 Fri May 22 00:03:11 2009
.. D 0 Thu May 21 21:52:10 2009
sd D 0 Fri May 22 00:03:11 2009
smb: \> mkdir sdf
NT_STATUS_ACCESS_DENIED making remote directory \sdf
When I am checking log then I get following error--
[root@flsrv ~]# tailf /var/log/samba/smbd.log
[2009/05/22 01:30:06, 0] printing/print_cups.c:cups_connect(69)
Unable to connect to CUPS server localhost:631 - Connection refused
[2009/05/22 01:30:08, 1] smbd/service.c:make_connection_snum(1033)
flsrv (192.168.2.27) connect to service test initially as user PDCNOIDA\jen (uid=10001, gid=10006) (pid 3136)
[2009/05/22 01:31:26, 1] smbd/service.c:close_cnum(1230)
flsrv (192.168.2.27) closed connection to service test
[2009/05/22 01:31:38, 1] smbd/service.c:make_connection_snum(1033)
flsrv (192.168.2.27) connect to service test initially as user PDCNOIDA\jen (uid=10001, gid=10006) (pid 3139)
[2009/05/22 01:33:07, 1] smbd/service.c:close_cnum(1230)
flsrv (192.168.2.27) closed connection to service test
How are you granting/restricting access to a share ( direct acl on folder on server or via smb.com)? post your smb.conf
Also bear in mind that acl are read (owner,group,others) and group means primary group. If you want to grant control permissions to other user/groups, you use extended acls or posix acls;
eg; using setfacl:
[test]
path = /test
admin users = root write list = @stat @cad# these 2 grps will have write perms to the test share
store dos attributes = Yes
vfs objects = recycle
recycle:versions = yes
recycle:keeptree = yes
recycle:repository = .recycle
smb: \> ls
NT_STATUS_NETWORK_ACCESS_DENIED listing \*
whats this?? where are you doing this on? my commamnd and the command that you ran are very different, you failed to copy??
Quote:
smb: \>
this doesnt look like a linux shell prompt, what are you doing really?? where does the share reside?? my command was supposed to run on the linux samba server shell prompt not in smbclient. I wanted tto see the permissions of that share.
who do you log on as on the windows client?? also you have changed the users and groups from the original that you posted with, so I can no longer give correct references. Please maintain consistence in your test scenario. you now have Jen, who is jen? please maintain groups stat, cad and users joe and jack, also maintain a share test, then we can easily follow whats going on.
Last edited by chitambira; 05-26-2009 at 06:51 AM.
Secondary group member can't write on samba share if they have full permission
Actually I have a PDC(openldap + samba) and a samba file server.
File server join with PDC. Users and groups are exist on PDC not
file server.
I have set group based acl on share folder(share folder is exist on samba file server).Share folder permission is 770(rwxrwx---). I mentioned samba
file server smb.conf above.
I am using smbclient command to access share folder on samba file server.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.