Authentication Puzzle

[Scott Ballantyne]

On a Samba share with Freenas 9.3 a file with the following permissions:

-rw-rw-rw- 1 root wheel 19817134 Feb 5 00:30 FOObar.flac
and
# getfacl FOObar.flac
# file: FOObar.flac
# owner: root
# group: wheel
owner@:rw-p--aARWcCos:------:allow
group@:rw-p--a-R-c--s:------:allow
everyone@:rw-p--a-R-c--s:------:allow

Will not allow writing from a windows XP machine (and perhaps other windows machines) for a user who is not root, although in the wheel group. If the file owner ship is changed to his user ID, he can modify the file, and can also create files in that directory.

For a similarly configured server on a FreeBSD 10.2 box, Samba4, the same user can modify a file with the same permissions and ownership (root:wheel).

Another curio is that the user must login to the Freenas box, but not the FreeBSD 10.2 box.

I am at a loss to explain or understand this, and wonder if someone more knowledgeable than I can help me understand what is going on here. I can post config files from both machines if that would be helpful.

Thank you.
Scott

 

[m0nkey_]

You shouldn't use root or wheel for Samba shares. The root account and wheel group is for administrative tasks. You need to configure Samba shares as described in the documentation: http://doc.freenas.org/9.3/freenas_...henticated-access-without-a-domain-controller

I also created a 10 minute tutorial video on Samba shares in FreeNAS for multiple users which you might be interested in: https://forums.freenas.org/index.php?threads/how-to-freenas-and-samba-cifs-permissions-video.41210/

 

[Scott Ballantyne]

You shouldn't use root or wheel for Samba shares. The root account and wheel group is for administrative tasks. You need to configure Samba shares as described in the documentation: http://doc.freenas.org/9.3/freenas_...henticated-access-without-a-domain-controller

I also created a 10 minute tutorial video on Samba shares in FreeNAS for multiple users which you might be interested in: https://forums.freenas.org/index.php?threads/how-to-freenas-and-samba-cifs-permissions-video.41210/

The owner of the file is irrelevant here, you seem to have missed my point. Even though the file permissions are set to rw for anyone, anywhere, and anyone can create files in that share, only the person who OWNS the file can modify it. The file can be owned by joe, bob or sally, and only joe, bob or sally will be able to modify it, even though the permissions are set to allow anyone to modify it.

Even if I create a group for all users that own the file, and that worked (which I doubt it will), the question would still remain: Why isn't samba allowing 'other' to modify the file, even though it is specifically set up to allow it?

 

[m0nkey_]

Is the dataset UNIX or Windows? If you're using Samba shares, you should be using a Windows dataset.