Samba strange permission behavior

Software SW help
,
1

Hello. I can’t figure it out, maybe someone could help me.

I’ve attached an external USB device with 2 HDDs to my Omnia router and I’ve setup 2 samba shares:

root@turris:/mnt# cat /etc/config/samba4

config samba
	option workgroup 'WORKGROUP'
	option charset 'UTF-8'
	option description 'Omnia'
	option interface 'lan'

config sambashare
	option path '/mnt/hd0'
	option name 'nethd0'
	option guest_ok 'no'
	option read_only 'no'
	option users '@jacknet'
	option inherit_owner 'yes'
	option create_mask '0770'
	option dir_mask '0770'

config sambashare
	option path '/mnt/hd1'
	option name 'nethd1'
	option guest_ok 'no'
	option read_only 'no'
	option users '@jacknet'
	option inherit_owner 'yes'
	option create_mask '0770'
	option dir_mask '0770'

I want full rw access for members of the group “jacknet”. Permission of the mounted directories should be right:

drwxrws---    5 root     jacknet       4096 Jan  4 19:05 hd0/
drwxrws---   10 root     jacknet       4096 Mar  1 18:59 hd1/

Everything is working except that i only can create new files/folders on nethd1, but not on nethd0. I even tried to chmod 0777 on everything on hd0, but even this didn’t work :face_with_raised_eyebrow:

2

OK… I figured it out :slight_smile:

I had those two drives in a machine running Ubuntu, and I had an equal samba setup on that computer. What I didn’t notice was, that ACLs are enabled on the Omnia, so when I checked the ACLs i saw my mistake:

root@turris:/mnt# getfacl hd0
# file: hd0
# owner: root
# group: jacknet
# flags: -s-
user::rwx
group::r-x
other::---

root@turris:/mnt# getfacl hd1
# file: hd1
# owner: root
# group: jacknet
# flags: -s-
user::rwx
group::rwx
other::---

I did a…
root@turris:/mnt# setfacl -m g::rwx hd0
…and the “problem” was solved.

Edit: Maybe it is for interest for someone else. I did forget to mention that for inheritance of the ACLs to new directories the default ACL must be set:

root@turris:/mnt# setfacl -Rm d:g::rwx,g::rwx hd0

3

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.