[Samba] Samba 3 handles Linux permissions differently then Samba 2 ?
This is a discussion on [Samba] Samba 3 handles Linux permissions differently then Samba 2 ? within the Samba forums, part of the Networking and Network Related category; Hi, we have a problem with permissions migrating from a custom 2.4 kernel Linux distro with Samba 2.2....
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
06-12-2008
|
|||
|
|||
[Samba] Samba 3 handles Linux permissions differently then Samba 2 ?
Hi,
we have a problem with permissions migrating from a custom 2.4 kernel Linux distro with Samba 2.2.5 to OpenSuSE 10.3 (with samba 3.0.26). We used to have directories like this (relative to the Samba share): /root/dir0/dir1/dir2/dir3/userdir1-1/userdir1-2 'root' and all it's parent directories have '0755' Linux permission. dir0-dir3 all have '0711' permissions and belong to USER0 / GROUP0. USER0 doesn't exist in 'smbpasswd' - everybody should be able to 'CD' into this directories, but shouldn't be able to list it's contents. These are several combinations of such directories on each samba server and we'd like to 'hide' them from users. 'userdir1-1' has '3750' permission, but it belongs to a group 'USERGROUP1'. USER1 belongs to this group and should be able to see what's in this directory, but nothing more. 'userdir1-2' has '3770' permissions and it also belongs to 'USERGROUP1'. USER1 should be able to create, change and delete files. On Windows, we use 'NET USE Q: \\samba\share /USER:USER1 PASS' to map the share. Then we use a special program that runs in a 'CMD' prompt (it's a DOS program) and will access 'Q:\dir0\dir1\dir2\dir3\userdir1-1\userdir1-2' - it will try to create a file, then wait for server side program to process this file and create a new response file. It will scan the directory periodically to detect the new file - then it will make a clean-up (remove all files that are related to this process). This works perfectly on Samba 2.2.5 and has been in use for several years. On Samba 3.0.26 it fails, the log reports "scan dir didn't open dir 'dir0'" - the next line is 'ACCESS DENIED'. If we change permissions of 'dir0-dir3' to '0755', it works - but it is desired to keep the structure from users. Another weird thing is that when we use 'CMD' and 'CD' into each of these directories, it behaves as expected - for example: If we do this: > Q: > CD \DIR0 > CD DIR1 > CD DIR2 > DIR we get a 'Path not found' message - that's correct - users shouldn see what's in there. They should know what belongs to them and go there directly. We can do this: > Q: > CD \DIR0 > CD DIR1 > CD DIR2 > CD DIR3 > CD USERDIR1-1 > CD USERDIR1-2 > MKDIR TEST > RMDIR TEST This is basically what the DOS program does... I don't understand why it would work for regular DOS commands, but not for our little DOS program (which, btw. is using DOS calls for file operations - the programmer told me he used '5B - create-new-file', but has also changed this to '3C - create-file' for testing - with the same result). Any ideas? Thanks for listening, Danilo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba 
|
Linear Mode
