Friday, January 3, 2014

Samba seems to be connecting to the share as root

www.unixbabuforum.inI'm running Solaris 10 which is the Samba server. The client is a Windows XP desktop. I have set this up for various other servers and this is the first time that I'm seeing the problem. 

I have a prod & test solaris samba server configured exactly the same and the share is encrypted by Vormetric. The production server works like a charm, NO PROBS. But the test server doesn't. Samba access is restricted by IP but I'm using the guest account for the connection. In order for my app to work, the files coming across have to be a specific user - encr. 

I am able to connect to the share from the Windows client. 
I can access and create dirs & files from the Windows client. 
The files and directories are created from the client with the correct ownership & file permissions encr 
Files created from the client appear encrypted to the encr user on the server. 
Files created on the server as encr are accessible but encrypted to the user on the Windows XP client. 
Verified all permission on the directories in the path 

Because of how Vormetric has the encryption configured, I can identify that something is occurring as root somewhere in the samba transactions but I do not know what. This works on prod but not test and I have configured samba the same on both. But, since these servers I inherited, there may have been something configured before that I'm missing. 

www.unixbabuforum.inCheck the ACL and permissions on both the parent and root directory of 
the filesystem. 
Determine whether any inherited ACLs exist that Samba might be mapping 
over the 
permissions that you see. 

I don't use Samba anymore, but the "native" CIFS client available in the 
latest Solaris 10. 
A common problem with this is that Windows and Posix have different 
notions of ACL inheritence. 
What I have had to do was to create ACLs in both the parent dir and 
filesystem root dir to 
ensure that the permissions were presented correctly to the client *AND* 
stayed that way 
after the client closed the file. 


Post a Comment

Design by BABU | Dedicated to grandfather | welcome to BABU-UNIX-FORUM