[cifs-discuss] CIFS mkdir permission problems

Tue Jun 17 10:48:35 PDT 2008

Matt Estela wrote:
> Sure, sorry for the late reply, animation reviews etc...
> 
> The ACLs are unchanged when using both CIFS and Samba:
> 
> /tank# /bin/ls -dV deadline
> drwx---rwx+ 23 render   staff         27 Jun 17 10:34 deadline
>           everyone@:rwxpdDaARWcCos:fd-----:allow
> 
> The temp folder with 000 permission had the same ACL, so it was  
> definitely inheriting those settings, but had the 000 permissions  
> mask. Weird.
> 

Yes, this sounds strange. Could you actually send the output of "ls -dV"
for the temp folder? The temp folder looks ok when using Samba, right?
could you also send output of "ls -dV" for that folder when using Samba?

> Simple workgroup for now, there's only 2 actual users in the room but  
> several render machines, so no need for all that AD stuff:
> 
> /tank# smbadm list
> security mode: workgroup
> workgroup name: THOC
> 
> and the other settings (this is all under samba):
> 
> /tank# sharectl get smb
> system_comment=
> max_workers=64
> netbios_scope=
> lmauth_level=4
> keep_alive=5400
> wins_server_1=
> wins_server_2=
> wins_exclude=
> signing_enabled=false
> signing_required=false
> restrict_anonymous=false
> pdc=
> ads_site=
> ddns_enable=false
> autohome_map=/etc
> 
> When I was trying to debug CIFS I setup idmaps, but it broke  
> everything, so its back to no maps:
> 
> /tank# idmap list
> /tank# idmap dump
> 
> I'd switch over to CIFS and dump those entries again, but the farm is  
> rendering...
> 

If you are in workgroup mode you don't need to setup any rules, if you
actually do that it might create some confusion for the system as you
mentioned since idmap needs to talk to AD to perform its mappings and
there's no AD available in workgroup mode.

Afshin

> Cheers,
> 
> -matt
> 
> 
> 
> On 16 Jun 2008, at 18:19, Afshin Salek wrote:
> 
>> Matt Estela wrote:
>>> I can create directories manually fine from all machines, but when  
>>> our  render manager software creates directories they have empty   
>>> permissions (000).
>> How does the ACL look like on these directories with 000 permission?
>> How does the ACL look like on these directories when using Samba?
>>
>> Are you running in domain mode or workgroup mode?
>>
>> Can we get output of the following?
>>
>> # smbadm list
>> # sharectl get smb
>> # idmap list
>> # idmap dump
>>
>> Thanks,
>> Afshin
>>
>>> Also it seems that there were funny locking problems going on  
>>> under  CIFS. The render manager software would try to update or  
>>> open certain  files and fail. The same files shared via samba work  
>>> fine.
>>> I made a point of running everything in full promiscuous (!) mode,   
>>> full permissions for everyone on everything, just to ensure that   
>>> wasn't the cause of my woes, but it looks like its something  
>>> deeper  than that.
>>> On 16 Jun 2008, at 15:33, Mark Shellenbaum wrote:
>>>> Matt Estela wrote:
>>>>> Hi Mark,
>>>>> Yeah I already found that troubleshooting guide, the directory    
>>>>> permissions all look correct:
>>>>> # /bin/ls -Vd /tank/deadline
>>>>> drwx---rwx+ 21 render   root          25 Jun 13 13:41 /tank/ 
>>>>> deadline
>>>>>         everyone@:rwxpdDaARWcCos:fd-----:allow
>>>>> This morning I installed the samba package and tried that rather   
>>>>> than  the in-kernel CIFS, and now everything works. If I get  
>>>>> time  I'll try  and submit a bug report for the CIFS team.
>>>> I'm still not clear on what your actual problem is?  If you set  
>>>> up  your permissions correctly everything should work fine.  Are  
>>>> you  doing the mkdir form a windows client or a unix client?
>>>>
>>>> -Mark
>>> _______________________________________________
>>> cifs-discuss mailing list
>>> cifs-discuss at opensolaris.org
>>> http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
> 
> _______________________________________________
> cifs-discuss mailing list
> cifs-discuss at opensolaris.org
> http://mail.opensolaris.org/mailman/listinfo/cifs-discuss