Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] Weird permissions problem
494 views
Skip to first unread message
Samba user
Mar 3, 2016, 2:50:04 PM3/3/16
to
Hello,
I'm having a permissions problem I just can't quite figure out. I can not access
any directory that is owned by my userid if the permissions are 700. If I change them
to 770, with my default group on the directory, then I can access the directory.
This was working fine with Fedora 19 for several years, and it broke when I upgraded
to Fedora 22, and still broken with F23.
my username is the same on Windows and Linux, passwords are synced, smb logs
show the correct usernames, just returning permission denied when I try to access it.
SELinux is disabled.
How do I go about figuring this out?
Thanks!
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
I'm having a permissions problem I just can't quite figure out. I can not access
any directory that is owned by my userid if the permissions are 700. If I change them
to 770, with my default group on the directory, then I can access the directory.
This was working fine with Fedora 19 for several years, and it broke when I upgraded
to Fedora 22, and still broken with F23.
my username is the same on Windows and Linux, passwords are synced, smb logs
show the correct usernames, just returning permission denied when I try to access it.
SELinux is disabled.
How do I go about figuring this out?
Thanks!
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Marc Muehlfeld
Mar 3, 2016, 3:10:04 PM3/3/16
to
Hello,
Am 03.03.2016 um 20:32 schrieb Samba user:
> I'm having a permissions problem I just can't quite figure out. I can
> not access
> any directory that is owned by my userid if the permissions are 700. If
> I change them
> to 770, with my default group on the directory, then I can access the
> directory.
>
> This was working fine with Fedora 19 for several years, and it broke
> when I upgraded
> to Fedora 22, and still broken with F23.
It would help if you would provide some information about your system:
- Samba version
- smb.conf
- "ls -ld" of the directory
- etc.
Regards,
Marc
Am 03.03.2016 um 20:32 schrieb Samba user:
> I'm having a permissions problem I just can't quite figure out. I can
> not access
> any directory that is owned by my userid if the permissions are 700. If
> I change them
> to 770, with my default group on the directory, then I can access the
> directory.
>
> This was working fine with Fedora 19 for several years, and it broke
> when I upgraded
> to Fedora 22, and still broken with F23.
- Samba version
- smb.conf
- "ls -ld" of the directory
- etc.
Regards,
Marc
Samba user
Mar 3, 2016, 3:30:03 PM3/3/16
to
On 3/3/2016 2:02 PM, Marc Muehlfeld wrote:
> It would help if you would provide some information about your system:
> - Samba version - smb.conf - "ls -ld" of the directory - etc. Regards,
> Marc
version:
samba-4.3.4-1.fc23.x86_64
ls -ld:
ls -ld /home/blaster
drwxrwx--- 76 blaster users 4096 Mar 3 14:15 /home/blaster
testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[public]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
# Global parameters
[global]
server string = %v Samba on %h
interfaces = 172.16.2.2/255.255.255.0
bind interfaces only = Yes
security = USER
write raw = No
unix extensions = No
deadtime = 1
keepalive = 30
load printers = No
os level = 255
preferred master = Yes
domain master = Yes
wins support = Yes
allow insecure wide links = Yes
idmap config * : backend = tdb
use client driver = Yes
case sensitive = No
[homes]
comment = %u's Unix home directory
read only = No
hide dot files = No
wide links = Yes
[public]
comment = Public
path = /export/home1/public
read only = No
create mask = 0775
wide links = Yes
Logfile snippet of attempting to open my home share when it's set to 700..
[2016/03/03 13:37:52.004211, 4]
../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
setting sec ctx (1022, 100) - sec_ctx_stack_ndx = 0
[2016/03/03 13:37:52.004385, 5]
../libcli/security/security_token.c:63(security_token_debug)
Security token SIDs (10):
SID[ 0]: S-1-5-21-2465798025-630197205-4024878614-1008
SID[ 1]: S-1-5-21-2465798025-630197205-4024878614-513
SID[ 2]: S-1-22-2-100
SID[ 3]: S-1-22-2-1006
SID[ 4]: S-1-22-2-1020
SID[ 5]: S-1-22-2-48
SID[ 6]: S-1-1-0
SID[ 7]: S-1-5-2
SID[ 8]: S-1-5-11
SID[ 9]: S-1-22-1-1022
Privileges (0x 0):
Rights (0x 0):
[2016/03/03 13:37:52.004803, 5]
../source3/auth/token_util.c:639(debug_unix_user_token)
UNIX token of user 1022
Primary group is 100 and contains 4 supplementary groups
Group[ 0]: 100
Group[ 1]: 1006
Group[ 2]: 1020
Group[ 3]: 48
[2016/03/03 13:37:52.005065, 5]
../source3/smbd/uid.c:363(change_to_user_internal)
Impersonated user: uid=(1022,1022), gid=(0,100)
[2016/03/03 13:37:52.005127, 4] ../source3/smbd/vfs.c:844(vfs_ChDir)
vfs_ChDir to /export/home1/home/blaster
[2016/03/03 13:37:52.005198, 4] ../source3/smbd/vfs.c:855(vfs_ChDir)
vfs_ChDir got /export/home1/home/blaster
[2016/03/03 13:37:52.005308, 5]
../source3/smbd/filename.c:257(unix_convert)
unix_convert called on file "desktop.ini"
[2016/03/03 13:37:52.005372, 5]
../source3/smbd/filename.c:449(unix_convert)
unix_convert begin: name = desktop.ini, dirpath = , start = desktop.ini
[2016/03/03 13:37:52.005531, 5]
../source3/smbd/filename.c:844(unix_convert)
New file desktop.ini
[2016/03/03 13:37:52.005601, 5]
../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order)
check lock order 1 for /var/lib/samba/lock/smbXsrv_open_global.tdb
[2016/03/03 13:37:52.005698, 5]
../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor)
release lock order 1 for /var/lib/samba/lock/smbXsrv_open_global.tdb
[2016/03/03 13:37:52.005763, 5] ../source3/smbd/files.c:128(file_new)
allocated file structure fnum 3023466581 (5 used)
[2016/03/03 13:37:52.005845, 5] ../source3/smbd/dosmode.c:196(unix_mode)
unix_mode(desktop.ini) returning 0744
[2016/03/03 13:37:52.005907, 5]
../source3/smbd/open.c:2550(open_file_ntcreate)
open_file_ntcreate: FILE_OPEN requested for file desktop.ini and file
doesn't exist.
[2016/03/03 13:37:52.005966, 5]
../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order)
check lock order 1 for /var/lib/samba/lock/smbXsrv_open_global.tdb
[2016/03/03 13:37:52.006029, 5]
../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor)
release lock order 1 for /var/lib/samba/lock/smbXsrv_open_global.tdb
[2016/03/03 13:37:52.006089, 5] ../source3/smbd/files.c:554(file_free)
freed files structure 3023466581 (4 used)
[2016/03/03 13:37:52.006942, 4] ../source3/smbd/uid.c:384(change_to_user)
Skipping user change - already user
[2016/03/03 13:37:52.007015, 5]
../source3/smbd/filename.c:257(unix_convert)
unix_convert called on file ""
[2016/03/03 13:37:52.007072, 5]
../source3/smbd/filename.c:291(unix_convert)
conversion finished "" -> .
[2016/03/03 13:37:52.007149, 5]
../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order)
check lock order 1 for /var/lib/samba/lock/smbXsrv_open_global.tdb
[2016/03/03 13:37:52.007237, 5]
../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor)
release lock order 1 for /var/lib/samba/lock/smbXsrv_open_global.tdb
[2016/03/03 13:37:52.007295, 5] ../source3/smbd/files.c:128(file_new)
allocated file structure fnum 4101001380 (5 used)
[2016/03/03 13:37:52.007395, 5] ../source3/smbd/dosmode.c:196(unix_mode)
unix_mode(.) returning 0744
[2016/03/03 13:37:52.007451, 8] ../source3/smbd/dosmode.c:583(dos_mode)
dos_mode: .
[2016/03/03 13:37:52.007526, 8]
../source3/smbd/dosmode.c:243(dos_mode_from_sbuf)
dos_mode_from_sbuf returning d
[2016/03/03 13:37:52.007618, 8]
../source3/smbd/dosmode.c:36(dos_mode_debug_print)
dos_mode returning d
[2016/03/03 13:37:52.007717, 4]
../source3/smbd/open.c:2727(open_file_ntcreate)
calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask =
0x100081, open_access_mask = 0x100081
[2016/03/03 13:37:52.007838, 5]
../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order)
check lock order 1 for /var/lib/samba/lock/smbXsrv_open_global.tdb
[2016/03/03 13:37:52.007900, 5]
../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor)
release lock order 1 for /var/lib/samba/lock/smbXsrv_open_global.tdb
[2016/03/03 13:37:52.007960, 5] ../source3/smbd/files.c:554(file_free)
freed files structure 4101001380 (4 used)
[2016/03/03 13:37:52.009011, 4] ../source3/smbd/uid.c:384(change_to_user)
Skipping user change - already user
[2016/03/03 13:37:52.009080, 5]
../source3/smbd/filename.c:257(unix_convert)
unix_convert called on file ""
[2016/03/03 13:37:52.009138, 5]
../source3/smbd/filename.c:291(unix_convert)
conversion finished "" -> .
[2016/03/03 13:37:52.009194, 5]
../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order)
check lock order 1 for /var/lib/samba/lock/smbXsrv_open_global.tdb
[2016/03/03 13:37:52.009281, 5]
../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor)
release lock order 1 for /var/lib/samba/lock/smbXsrv_open_global.tdb
[2016/03/03 13:37:52.009339, 5] ../source3/smbd/files.c:128(file_new)
allocated file structure fnum 4221565568 (5 used)
[2016/03/03 13:37:52.009438, 5] ../source3/smbd/dosmode.c:196(unix_mode)
unix_mode(.) returning 0744
[2016/03/03 13:37:52.009509, 8] ../source3/smbd/dosmode.c:583(dos_mode)
dos_mode: .
[2016/03/03 13:37:52.009585, 8]
../source3/smbd/dosmode.c:243(dos_mode_from_sbuf)
dos_mode_from_sbuf returning d
[2016/03/03 13:37:52.009678, 8]
../source3/smbd/dosmode.c:36(dos_mode_debug_print)
dos_mode returning d
[2016/03/03 13:37:52.009730, 4]
../source3/smbd/open.c:2727(open_file_ntcreate)
calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask =
0x80, open_access_mask = 0x80
[2016/03/03 13:37:52.009855, 5]
../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order)
check lock order 1 for /var/lib/samba/lock/smbXsrv_open_global.tdb
[2016/03/03 13:37:52.009918, 5]
../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor)
release lock order 1 for /var/lib/samba/lock/smbXsrv_open_global.tdb
[2016/03/03 13:37:52.009996, 5] ../source3/smbd/files.c:554(file_free)
freed files structure 4221565568 (4 used)
[2016/03/03 13:37:52.010027, 5] ../source3/smbd/open.c:3407(open_directory)
open_directory: opening directory ., access_mask = 0x80, share_access
= 0x7 create_options = 0x200000, create_disposition = 0x1,
file_attributes = 0x10
[2016/03/03 13:37:52.010145, 5]
../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order)
check lock order 1 for /var/lib/samba/lock/smbXsrv_open_global.tdb
[2016/03/03 13:37:52.010213, 5]
../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor)
release lock order 1 for /var/lib/samba/lock/smbXsrv_open_global.tdb
[2016/03/03 13:37:52.010274, 5] ../source3/smbd/files.c:128(file_new)
allocated file structure fnum 1031811608 (5 used)
[2016/03/03 13:37:52.010391, 5]
../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order)
check lock order 1 for /var/lib/samba/lock/locking.tdb
[2016/03/03 13:37:52.010493, 5]
../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor)
release lock order 1 for /var/lib/samba/lock/locking.tdb
[2016/03/03 13:37:52.010608, 8] ../source3/smbd/dosmode.c:583(dos_mode)
dos_mode: .
[2016/03/03 13:37:52.010686, 8]
../source3/smbd/dosmode.c:243(dos_mode_from_sbuf)
dos_mode_from_sbuf returning d
[2016/03/03 13:37:52.010765, 8]
../source3/smbd/dosmode.c:36(dos_mode_debug_print)
dos_mode returning d
[2016/03/03 13:37:52.011247, 4] ../source3/smbd/uid.c:384(change_to_user)
Skipping user change - already user
[2016/03/03 13:37:52.011310, 5]
../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order)
check lock order 1 for /var/lib/samba/lock/locking.tdb
[2016/03/03 13:37:52.011383, 5]
../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor)
release lock order 1 for /var/lib/samba/lock/locking.tdb
[2016/03/03 13:37:52.011445, 5]
../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order)
check lock order 1 for /var/lib/samba/lock/smbXsrv_open_global.tdb
[2016/03/03 13:37:52.011506, 5]
../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor)
release lock order 1 for /var/lib/samba/lock/smbXsrv_open_global.tdb
[2016/03/03 13:37:52.011565, 5] ../source3/smbd/files.c:554(file_free)
freed files structure 1031811608 (4 used)
[2016/03/03 13:37:52.356986, 4]
../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2016/03/03 13:37:52.357078, 5]
../libcli/security/security_token.c:53(security_token_debug)
Security token: (NULL)
[2016/03/03 13:37:52.357195, 5]
../source3/auth/token_util.c:639(debug_unix_user_token)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2016/03/03 13:37:52.357299, 5]
../source3/smbd/uid.c:425(smbd_change_to_root_user)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2016/03/03 13:37:52.357376, 5]
../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order)
check lock order 1 for /var/lib/samba/lock/smbXsrv_tcon_global.tdb
[2016/03/03 13:37:52.357473, 5]
../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor)
release lock order 1 for /var/lib/samba/lock/smbXsrv_tcon_global.tdb
[2016/03/03 13:37:52.357536, 3] ../source3/lib/access.c:338(allow_access)
Allowed connection from 172.16.2.27 (172.16.2.27)
[2016/03/03 13:37:52.357623, 3]
../source3/smbd/service.c:614(make_connection_snum)
Connect path is '/tmp' for service [IPC$]
[2016/03/03 13:37:52.357743, 3] ../source3/smbd/vfs.c:113(vfs_init_default)
Initialising default vfs hooks
[2016/03/03 13:37:52.357803, 3] ../source3/smbd/vfs.c:139(vfs_init_custom)
Initialising custom vfs hooks from [/[Default VFS]/]
Successfully loaded vfs module [/[Default VFS]/] with the new modules
system
[2016/03/03 13:37:52.357988, 4]
../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
setting sec ctx (1022, 100) - sec_ctx_stack_ndx = 0
[2016/03/03 13:37:52.358024, 5]
../libcli/security/security_token.c:63(security_token_debug)
Security token SIDs (10):
SID[ 0]: S-1-5-21-2465798025-630197205-4024878614-1008
SID[ 1]: S-1-5-21-2465798025-630197205-4024878614-513
SID[ 2]: S-1-22-2-100
SID[ 3]: S-1-22-2-1006
SID[ 4]: S-1-22-2-1020
SID[ 5]: S-1-22-2-48
SID[ 6]: S-1-1-0
SID[ 7]: S-1-5-2
SID[ 8]: S-1-5-11
SID[ 9]: S-1-22-1-1022
Privileges (0x 0):
Rights (0x 0):
[2016/03/03 13:37:52.358327, 5]
../source3/auth/token_util.c:639(debug_unix_user_token)
UNIX token of user 1022
Primary group is 100 and contains 4 supplementary groups
Group[ 0]: 100
Group[ 1]: 1006
Group[ 2]: 1020
Group[ 3]: 48
[2016/03/03 13:37:52.358592, 5]
../source3/smbd/uid.c:363(change_to_user_internal)
Impersonated user: uid=(1022,1022), gid=(0,100)
[2016/03/03 13:37:52.358709, 4]
../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2016/03/03 13:37:52.358762, 5]
../libcli/security/security_token.c:53(security_token_debug)
Security token: (NULL)
[2016/03/03 13:37:52.358852, 5]
../source3/auth/token_util.c:639(debug_unix_user_token)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2016/03/03 13:37:52.358942, 5]
../source3/smbd/uid.c:425(smbd_change_to_root_user)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2016/03/03 13:37:52.358999, 3]
../source3/smbd/service.c:864(make_connection_snum)
bear (ipv4:172.16.2.27:5440) connect to service IPC$ initially as
user blaster (uid=1022, gid=100) (pid 22531)
[2016/03/03 13:37:52.359082, 5]
../lib/dbwrap/dbwrap.c:178(dbwrap_check_lock_order)
check lock order 1 for /var/lib/samba/lock/smbXsrv_tcon_global.tdb
[2016/03/03 13:37:52.359139, 5]
../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor)
release lock order 1 for /var/lib/samba/lock/smbXsrv_tcon_global.tdb
[2016/03/03 13:37:52.359506, 4]
../source3/smbd/sec_ctx.c:321(set_sec_ctx_internal)
setting sec ctx (1022, 100) - sec_ctx_stack_ndx = 0
[2016/03/03 13:37:52.359588, 5]
../libcli/security/security_token.c:63(security_token_debug)
Security token SIDs (10):
SID[ 0]: S-1-5-21-2465798025-630197205-4024878614-1008
SID[ 1]: S-1-5-21-2465798025-630197205-4024878614-513
SID[ 2]: S-1-22-2-100
SID[ 3]: S-1-22-2-1006
SID[ 4]: S-1-22-2-1020
SID[ 5]: S-1-22-2-48
SID[ 6]: S-1-1-0
SID[ 7]: S-1-5-2
SID[ 8]: S-1-5-11
SID[ 9]: S-1-22-1-1022
Privileges (0x 0):
Rights (0x 0):
[2016/03/03 13:37:52.360064, 5]
../source3/auth/token_util.c:639(debug_unix_user_token)
UNIX token of user 1022
Primary group is 100 and contains 4 supplementary groups
Group[ 0]: 100
Group[ 1]: 1006
Group[ 2]: 1020
Group[ 3]: 48
[2016/03/03 13:37:52.360311, 5]
../source3/smbd/uid.c:363(change_to_user_internal)
Impersonated user: uid=(1022,1022), gid=(0,100)
[2016/03/03 13:37:52.360384, 4] ../source3/smbd/vfs.c:844(vfs_ChDir)
vfs_ChDir to /tmp
[2016/03/03 13:37:52.360489, 4] ../source3/smbd/vfs.c:855(vfs_ChDir)
vfs_ChDir got /tmp
[2016/03/03 13:37:52.360782, 4] ../source3/smbd/uid.c:384(change_to_user)
Skipping user change - already user
[2016/03/03 13:37:52.361100, 4] ../source3/smbd/uid.c:384(change_to_user)
Skipping user change - already user
Thank you for any help
Samba user
Mar 9, 2016, 6:00:03 PM3/9/16
to
I could still really use some help here....
After spending hours on this, I have determined that it's only my user
account that is having this problem. Everyone else can access 700
files/directories owned by them just fine.
Thinking of perhaps a UID conflict somewhere, even though there didn't
appear to be one, I deleted my account and recreated it with a new UID,
copied everything over into the new home directory, chowned all the
files and everything was working great! Awesome!
For about a week. Now, it's broke again. Everyone else can access
their 700 file/directories, except me. I need 770.
I'm by far the most active user, using multiple systems and moving a
fair amount of data.
Is something in a tdb database getting corrupt? Restarting the clients
and the Samba server have no affect.
Getting desperate here...
After spending hours on this, I have determined that it's only my user
account that is having this problem. Everyone else can access 700
files/directories owned by them just fine.
Thinking of perhaps a UID conflict somewhere, even though there didn't
appear to be one, I deleted my account and recreated it with a new UID,
copied everything over into the new home directory, chowned all the
files and everything was working great! Awesome!
For about a week. Now, it's broke again. Everyone else can access
their 700 file/directories, except me. I need 770.
I'm by far the most active user, using multiple systems and moving a
fair amount of data.
Is something in a tdb database getting corrupt? Restarting the clients
and the Samba server have no affect.
Getting desperate here...
Samba user
Mar 9, 2016, 7:10:04 PM3/9/16
to
So I just discovered that if I do...
smbpasswd -x myuserid
smbpasswd -a myuserid
didn't change anything.
But then if I stop/restart smb, it works fine again for me to access my
700 mode files.
So...What's going on here?
Why is the smb passwd database getting corrupted?
Why do I have to stop/restart smb to get it to recognize the change?
On 3/9/2016 4:52 PM, Samba user wrote:
> I could still really use some help here....
>
> After spending hours on this, I have determined that it's only my user
> account that is having this problem. Everyone else can access 700
> files/directories owned by them just fine.
>
> Thinking of perhaps a UID conflict somewhere, even though there didn't
> appear to be one, I deleted my account and recreated it with a new
> UID, copied everything over into the new home directory, chowned all
> the files and everything was working great! Awesome!
>
> For about a week. Now, it's broke again. Everyone else can access
> their 700 file/directories, except me. I need 770.
>
> I'm by far the most active user, using multiple systems and moving a
> fair amount of data.
>
> Is something in a tdb database getting corrupt? Restarting the
> clients and the Samba server have no affect.
>
> Getting desperate here...
0 new messages