Bug 754584 - access denied for public share
Summary: access denied for public share
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: samba
Version: 16
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Guenther Deschner
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-11-16 21:58 UTC by Tom Horsley
Modified: 2012-10-26 15:26 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-10-26 15:26:12 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
smb.conf file (690 bytes, text/plain)
2011-11-16 21:59 UTC, Tom Horsley 		no flags Details
View All

Description Tom Horsley 2011-11-16 21:58:34 UTC 
Description of problem:

From ancient times through fedora 15 the attached smb.conf file allowed
me to have full read/write access to my /zooty/public shared directory
from all my windows machines.

Now in fedora 16, I get access denied errors if I attempt to delete
a file on the share while running in the windows machine (this happens
on both Windows XP and Windows 7 systems).

I have been through the smb.conf man page with a fine tooth comb, looking
up every option I have set in my smb.conf file, and they all appear to
be correct and should allow me write access.

Version-Release number of selected component (if applicable):
samba-3.6.1-74.fc16.x86_64


How reproducible:
Every time

Steps to Reproduce:
1.enable smb service
2.connect to network filesystem on windows
3.try to delete a file
  
Actual results:
access denied

Expected results:
file deletion

Additional info:
Comment 1 Tom Horsley 2011-11-16 21:59:14 UTC 
Created attachment 534104 [details]
smb.conf file
Comment 2 Tom Horsley 2011-11-17 10:21:21 UTC 
It acts like it isn't running as "tom" even though that is the user I
told it to run as for guest access. If I chmod the directory owned
by "tom" to 777 rather than 755, then I can delete files from the
Windows side.
Comment 3 Tom Horsley 2011-11-17 11:20:02 UTC 
It gets more mysterious. If I create a new file from the windows side
and look at it on linux, is is indeed owned by tom:

drwxrwxrwx 2 tom users 4096 Nov 17 06:15 ./
drwxr-xr-x 9 tom users 4096 Jun 12 07:02 ../
-rwxr--r-- 1 tom users  172 Nov 17 06:15 testing.doc*

So why can't I modify the directory which is also owned by tom unless
I change it to 777?
Comment 4 Andreas Schneider 2011-11-17 14:22:07 UTC 
'security = share' This option is deprecated as it is incompatible with SMB2.

You should use 'security = user'.

Normally you use permissions and ACLs to give permissions to a share.
Comment 5 Tom Horsley 2011-11-17 15:19:41 UTC 
There isn't a single shred of documentation in the smb.conf man page or
the samba.org web site saying that security=share no longer works, and
there is no message in the log files complaining about it either.

How the heck do I use security=user without being forced to provide
a password to connect the share inside the windows machine?
Comment 6 Andreas Schneider 2011-11-18 14:26:18 UTC 
You should use security = user and 'map to guest' if you want to mainly setup shares without a password (guest shares).
Comment 7 Tom Horsley 2011-11-25 17:45:13 UTC 
OK, I found the probable culprit: If I add the following parameter, everything
is back to working again with the guest user:

acl check permissions = false

My guess: The server is doing the ACL checks as the samba server user, not as the
guest user.

P.S. I still can't find any example of a samba config setup that uses
'map to guest' which doesn't require the window's user to go through
an annoying extra login prompt (though I can find examples which will
make any password work, it still does the annoying prompt :-).
Comment 8 Andreas Schneider 2012-10-26 15:26:12 UTC 
Probably:

map to guest = bad user
guest account = tom

[myshare]
guest ok = true
Note You need to log in before you can comment on or make changes to this bug.