RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1465388 - permission denied for subfolders after latest updates
Summary: permission denied for subfolders after latest updates
Keywords:
Status: CLOSED DUPLICATE of bug 1464334
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: samba
Version: 7.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Andreas Schneider
QA Contact: qe-baseos-daemons
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-06-27 11:09 UTC by Harald Reindl
Modified: 2017-06-28 10:40 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-06-28 10:40:24 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Harald Reindl 2017-06-27 11:09:37 UTC 
samba-4.4.4-14.el7_3.x86_64
samba-client-libs-4.4.4-14.el7_3.x86_64
samba-common-4.4.4-14.el7_3.noarch
samba-common-libs-4.4.4-14.el7_3.x86_64
samba-common-tools-4.4.4-14.el7_3.x86_64
samba-libs-4.4.4-14.el7_3.x86_64

after the security updates above while navigate through smb shares you get dandomly on the second or third subfolder a "permission denied" and in case of Konqueror on a Fedora machine you where asekd again for the password of the share while on MacOS the folder appears to be empty

since this affects two different machines running CentOS7 with current updates but *not* Fedora machines this smells like a backporting problem on the RHEL packages

since the permissions and POSIX ACL's on at least one of both affected machines are set recursive with a script it's impossible that there is a filesystem pmerissions problem underlying 
_______________________________

[global]
 server string = example.thelounge.net
 netbios name = example
 smb ports = 445
 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE

 interfaces = 192.168.196.111
 bind interfaces only = yes

 hosts allow = 192.168.196.18 192.168.196.30 192.168.196.99 192.168.196.107 192.168.196.131 192.168.196.200 192.168.196.201 192.168.196.202 192.168.196.203 192.168.196.204 192.168.196.205 192.168.196.206 192.168.196.207 192.168.196.208 192.168.196.209 192.168.196.210 192.168.196.211 192.168.196.212 192.168.196.213 192.168.196.214 192.168.196.215 192.168.196.216 192.168.196.217 192.168.196.218 192.168.196.219 192.168.196.220 192.168.196.221 192.168.196.222 192.168.196.223 192.168.196.224 192.168.196.225 192.168.196.226 192.168.196.227 192.168.196.228 192.168.196.229 192.168.196.230 192.168.196.231 192.168.196.232 192.168.196.233 192.168.196.234 192.168.196.235 192.168.196.236 192.168.196.237 192.168.196.238 192.168.196.239 192.168.196.240 192.168.196.241 192.168.196.242 192.168.196.243 192.168.196.244 192.168.196.245 192.168.196.246 192.168.196.247 192.168.196.248 192.168.196.249 192.168.196.250 192.168.196.251
 hosts deny = all
 hide files = /.AppleDesktop/.AppleDouble/.Parent/desktop.ini/$RECYCLE.BIN/
 veto files = /.AppleDesktop/.AppleDouble/.Parent/desktop.ini/$RECYCLE.BIN/
 delete veto files = yes

 access based share enum = yes
 hide unreadable = yes
 inherit permissions = yes
 inherit acls = yes
 nt acl support = no
 nt pipe support = yes
 browseable = yes
 writeable = yes
 guest ok = no
 wide links = no
 follow symlinks = no
 oplocks = no
 level2 oplocks = no
 vfs objects = catia fruit streams_xattr
 ea support = yes

 workgroup = LOUNGE
 lm announce = no
 lanman auth = no
 ntlm auth = no
 client lanman auth = no
 client ntlmv2 auth = yes
 client signing = auto
 server signing = auto
 security = user
 restrict anonymous = 2
 invalid users = nobody root admin administrator guest gast pcguest anonymous
 log file = /var/log/samba/samba.log
 log level = 1 auth:2 passdb:2 tdb:1 vfs:1 smb:1 locking:1 sam:1 winbind:1 idmap:1 quota:1 acls:0 msdfs:1 dmapi:1 registry:1 printdrivers:0 lanman:0 rpc_parse:0 rpc_srv:0 rpc_cli:0
 max log size = 4096
 os level = 0
 domain master = no
 preferred master = no
 local master = no
 disable netbios = yes
 wins support = no
 browse list = no
 dns proxy = no
 multicast dns register = no
 name resolve order = hosts bcast
 max smbd processes = 50
 use sendfile = yes
 read raw = yes
 write raw = yes
 getwd cache = yes
 stat cache = yes
 max stat cache size = 256
 ldap ssl = no
 time server = no
 unix extensions = no
 show add printer wizard = no
 load printers = no
 printable = no
 printing = bsd
 printcap name = /dev/null

[smb-share]
 path = /srv/smb
 valid users = reindl
 force group = smb-users
Comment 2 Andreas Schneider 2017-06-28 10:40:24 UTC 

*** This bug has been marked as a duplicate of bug 1464334 ***
Note You need to log in before you can comment on or make changes to this bug.