# Samba issues (permissions) [SOLVED]

## JamesCurtis

Hey guys, I just got a samba share up and running on my gentoo box I got installed two days ago.  This box is part of the workgroup - workgroup and I set the security level to user.  Right now i'm trying to access it from a windows server 2003 box.  I can get into the share using the root user, and I can creat a file.  I can open that file as long as it has no information in it.  When information is put in it and it is saved, I get access is denied when I try to open it on the server 2003 machine.  Is this a common problem?  

thx!Last edited by JamesCurtis on Mon Dec 11, 2006 10:29 pm; edited 1 time in total

----------

## rsa4046

Please post your /etc/samba/smb.conf file.

----------

## JamesCurtis

[global]

netbios name = linuxbox

workgroup = WORKGROUP

server string = Samba Server

log file = /var/log/samba/log.%m

max log size = 50

socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

interfaces = lo eth0

bind interfaces only = yes

hosts allow = 127.0.0.1 192.168.0.0/24

hosts deny = 0.0.0.0/0

security = user

wins support = yes

local master = no

vfs object = vscan-clamav

vscan-clamav: config-file = /etc/samba/vscan-clamav.conf

[public]

comment = Public Files

browseable = yes

public = yes

create mode = 0766

guest ok = no

path = /home/samba/public

valid users = root, jamie

ADMIN users = root

read list = root, jamie

write list = root, jamie

read only = no

I believe that covers it  :Smile: 

----------

## gsoe

Did you create the samba-user jamie? 

```
smbpasswd -a jamie
```

Do the unix permissions on your public directory allow samba to write to it?

----------

## rsa4046

In addition to gsoe's comment above, I also modified your smb.conf file to read:

```
global]

   workgroup = WORKGROUP

   netbios name = MYLINUXBOXNAME

   server string = Samba Server

   log file = /var/log/samba/log.%m

   wins support = yes

   max log size = 50

; Networks differ? I needed this changed from hosts allow = 127.0.0.1 192.168.0.0/24

   hosts allow = 127.0.0.1 192.168.1.0/24

   hosts deny = 0.0.0.0/0

   security = user

; The next line was necessary to login from XP

   smb passwd file = /etc/samba/smbpasswd

; Also added

   encrypt passwords = yes

   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

   interfaces = lo eth0

   bind interfaces only = yes

   local master = no

; I also added

   preserve case = yes

   default case = lower

   case sensitive = yes

[public]

   comment = Public Files

   browseable = yes

   public = no

   guest ok = no

   path = /home/samba/public

   valid users = root, myusername

   read only = no
```

As gsoe said above, also check the rwx permissions on /home/samba/public. With these changes, I could read all files, and create/edit new ones. HTH

EDIT: Fixed typos

----------

## JamesCurtis

OK, I made all the changes and made it look exactly like your figure.  I can get into it, but I can't open after the file contains information.  I CAN create a file and I CAN move files to there and from there, but I cannot open them once they contain data, it says access is denied.  I CAN open a new text document that doesn't contain data.  Could it be permissions?

edit - the permission on /home/samba/public is drwxr-xr-x

----------

## rsa4046

I'm no samba expert, so I hope I'm not off chasing a wild goose here. But if change permissions on /home/samba/public to

```
# ls -l

total 1

drwxrwxrwx 2 root root 488 2006-12-10 08:01 public/

# chmod o-w public

root@hotbox /home/samba

# ls -l

total 1

drwxrwxr-x 2 root root 488 2006-12-10 08:01 public
```

I can't write to the public folder at all. Changing them back to give global write access

```
 

# chmod o+w public

# ls -l

total 1

drwxrwxrwx 2 root root 568 2006-12-10 11:10 public
```

gives me read access on everything, but I only have write access to the files I created in the first place. From Windows XP, the security ALLOW permissions on files I've created/edited appear asEveryone: Read

MyUsername (SAMBA_NETBIOS_NAME\MyUsername): Full Control, Modify, Read & Execute, Read, Write

users (SAMBA_NETBIOS_NAME\users) ReadJust as an test, if you change unix write permissions for Other on /home/samba/public to rwx, does this allow you to alter/save files?

----------

## JamesCurtis

what's the command to change the permissions to rwx?

edit:  the permission for the directory is now, the permissions weren't too hard to figure out  :Smile: 

drwxrwxrwx 2 root root 88 Dec 10 10:25 public

----------

## rsa4046

Does this change the MODIFY behavior? From the Windows server (i.e., highlighting a file, right-click-->Properties-->Security), what are the security permissions on files you've created in this folder?

----------

## JamesCurtis

Everyone-

Read only

root (LINUXBOX\root) - 

Full Control

root (LINUXBOX\root) - 

Read only

I'm not really sure why it has two root linux users in there, that's strange to me.   I tried changing the permissions, I can get full control to apply to the second root, but everyone changes back every time I apply.

The effective owner of these documents is LINUXBOX\root

----------

## rsa4046

 *JamesCurtis wrote:*   

> I'm not really sure why it has two root linux users in there, that's strange to me.

 Me too; must be significant. *JamesCurtis wrote:*   

> I tried changing the permissions, I can get full control to apply to the second root, but everyone changes back every time I apply.
> 
> The effective owner of these documents is LINUXBOX\root

 And you've created these files logged in as yourself, i.e., as a normal user (not logged in as root)?

Edit added: What is your group affiliation on the user box, are you part of users? What permissions do these files show from /home/samba/public on the linux side?

----------

## JamesCurtis

I've created these logged in as the root user, i'll look into file permissions here in a little bit.

----------

## rsa4046

When you're trying to open/create/modify files in /home/samba/public from the Windows side, how have you logged into Windows session? As yourself (i.e., user=jamie)? If you're logged to Windows as yourself (and not as a user called root), then wouldn't that explain why you can't modify files owned by "root" from Windows? I don't know enough about the relationship between Windows user permissions versus linux, but perhaps trying to modify the file from the Windows necessitates there actually being a user named root on the Windows side. Since I'm guessing there probably isn't, Windows permissions may fail (security=user, not share) because there is no user name "root" .. I'm just guessing here, but try logging in as yourself (user=jamie), create a file in the Samba public share from Windows, and see if you can modify it successfully from there.

----------

## JamesCurtis

another thing, when I load top there are two smbd processes running.  Now when I try to access the samba shares, both shoot up to 50% cpu usage and stay there, just a second ago it crashed my windows explorer.  This can't be normal.  I did emerge net-fs/samba with the kerberos use flag and a couple others.

edit: also to note, I'm getting a lot of cups errors in my smbd log files.  I didn't set up cups or use the cups use flag or anything associated with cups, is this anything to worry about?

!!edit:  even worse news, I have samba panic messages in my log files talking about an internal error.  

in the rocketuser.log (server 2003 computer log)

[2006/12/10 21:03:26, 0] smbd/service.c:make_connection_snum(663)

  '/share/files' does not exist or permission denied when connecting to [files] Error was No such file or directory

[2006/12/10 21:03:31, 0[ lib/util.c:smb_panic2(1554)

     PANIC:  internal error

[2006/12/10 21:03:31, 0] lib/util.c:smb_panic2(1562)

     BACKTRACE: 23 stack frames:

#0 /usr/sbin/smbd(smb_panic2+0x8a) [0x801d9f3a]

#1 /usr/sbin/smbd(smb_panic+0x19) [0x801da189]

#2 /usr/sbin/smbd [0x801c465b2]

#3 /lib/libpthread.so.0 [0xb7ddc818]

#4 [0xb7f3b420]

#5 /usr/lib/libclamav.so.1(cli_parse_add+0x6b2) [0xb79e1762]

#6 /usr/lib/libclamav.so.1 [0xb79e1fb2]

#7 /usr/lib/libclamav.so.1(cl_loaddb+0x6e) [0xb79e21de]

#8 /usr/lib/libclamav.so.1(cl_loaddbdir+0x136) [0xb79e2526]

#9 /usr/lib/libclamav.so.1(cli_cvdload+0x1a9) [0xb79e31a9]

#10 /usr/lib/libclamav.so.1(cl_loaddb+0x112) [0xb79e2282]

#11 /usr/lib/libclamav.so.1(cl_loaddbdir+0x136) [0xb79e2526]

#12 /usr/lib/samba/vfs/vscan-clamav.so(vscan_clamav_lib_init+0x38) [0xb7a2e338]

#13 /usr/lib/samba/vfs/vscan-clamav.so [0xb7a2dd47]

#14 /usr/sbin/smbd [0x800a5bc3]

#15 /usr/sbin/smbd(make_connection+0x15f) [0x800a73ef]

#16 /usr/sbin/smbd(reply_tcon_and_X+0x1dd) [0x8006f2ad]

#17 /usr/sbin/smbd [0x800a30bd]

#18 /usr/sbin/smbd(process_smb+0x19f) [0x800a373f]

#19 /usr/sbin/smbd(smbd_process+0x208) [0x800a44b8]

#20 /usr/sbin/smbd(main+0x865) [0x8025dd15]

#21 /lib/libc.so.6(__libc_start_main+0xa3) [0xb7c35423]

#22 /usr/sbin/smbd [0x80039ea1]

One thing to note, when I was emerging samba, I tried EMERGE samba first, and cancelled that early.  Later I tried emerge net-fs/samba. Could this be causing problems?

----------

## rsa4046

 *JamesCurtis wrote:*   

> another thing, when I load top there are two smbd processes running.  Now when I try to access the samba shares, both shoot up to 50% cpu usage and stay there, just a second ago it crashed my windows explorer.  This can't be normal.  I did emerge net-fs/samba with the kerberos use flag and a couple others.

 I have 2 smbd procs as well. *JamesCurtis wrote:*   

> edit: also to note, I'm getting a lot of cups errors in my smbd log files.  I didn't set up cups or use the cups use flag or anything associated with cups, is this anything to worry about?

 Can't comment, as I do have a working cups installed. *JamesCurtis wrote:*   

> !!edit:  even worse news, I have samba panic messages in my log files talking about an internal error.  
> 
> in the rocketuser.log (server 2003 computer log)
> 
> [2006/12/10 21:03:26, 0] smbd/service.c:make_connection_snum(663)
> ...

 If you're unsure whether samba emerged successfully, just re-emerge it. samba versus net-fs/samba makes no difference:

```
# emerge -vp samba

These are the packages that would be merged, in order:

Calculating dependencies... done!

[ebuild   R   ] net-fs/samba-3.0.22-r3  USE="automount cups oav pam python readline winbind -acl -async -doc -examples -kerberos -ldap -ldapsam -libclamav -mysql -postgres -quotas (-selinux) -swat -syslog -xml" 0 kB

Total size of downloads: 0 kB

# emerge -vp net-fs/samba

These are the packages that would be merged, in order:

Calculating dependencies... done!

[ebuild   R   ] net-fs/samba-3.0.22-r3  USE="automount cups oav pam python readline winbind -acl -async -doc -examples -kerberos -ldap -ldapsam -libclamav -mysql -postgres -quotas (-selinux) -swat -syslog -xml" 0 kB

Total size of downloads: 0 kB
```

Despite errors (explorer crashes are hardly uncommon and not really diagnostic), it's still unclear from your description as to whether you can modify files created in Windows as a normal user. Can you?

----------

## JamesCurtis

I'll let you know when I'm able to get back into my shares  :Wink:   I'll try re-emerging.  Windows explorer was crashing because for some reason /share/music /files /programs /video all got removed for some reason.  now that I recreated them it no longer crashes, however I get the internal error in the logs every time I try to access the share.

edit: alright, I re-emerged my samba.  Now I am able to get into the shares with root, however the cpu usage is at 100% constantly and I only have 29MB of 512MB free (without anything going usually I have ~500MB free)

Any ideas as to why it's taking 100% cpu usage and ~400-450 MB of ram?

----------

## rsa4046

 *JamesCurtis wrote:*   

> Any ideas as to why it's taking 100% cpu usage and ~400-450 MB of ram?

 I guessing clamav? Try disabling (scanning?) the antivirus temporarily and see if things settle down.

----------

## JamesCurtis

Well, it looks like whatever it was, it was tied to clamav.  Now that I took the scripts out of samba and stopped the clamav proc, I can modify files, create files, and view files that have data.  I guess I should post my clamav config file to see what the problem was there?  Thx for your help guys, especially you rsa4046 for being patient and responsive  :Smile: 

----------

## rsa4046

Cool that it works now, James.   :Cool:   You should amend original post's title to include a SOLVED string, if appropriate ...

----------

## xmit

Solved? I ran into the same problem. Removing the on access virus scanner is no solution. Can please somebody tell us, how to integrate clamav correctly?

----------

## dannygentoo

I had the same problem. I solved it this way:

1.

In /etc/samba/smb.conf there´s been a wrong filename for the clamav-conf file (did copy & paste from a tutorial). The correct line has to be:

```
vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
```

2.

The second thing was an option that denied access on errors. As soon as I changed this option it´s been possible for me to copy files from server to the win workstation and to open files from the samba share. This is the line inside the /etc/samba/vscan-clamav.conf:

```
deny access on error = no
```

Hope it will help others too

----------

## tekro

 *dannygentoo wrote:*   

> I had the same problem. I solved it this way:
> 
> 1.
> 
> In /etc/samba/smb.conf there´s been a wrong filename for the clamav-conf file (did copy & paste from a tutorial). The correct line has to be:
> ...

 

I have the same problem - thanks.

Question: Is the virus-scanner still active on the samba shares, when..

deny access on error = no

----------

## dannygentoo

 *Quote:*   

> Question: Is the virus-scanner still active on the samba shares, when..
> 
> deny access on error = no

 

Yes. The option will only prevent the scanner to deny access on files if the communication with the clamav-daemon fails. So with the option set on "yes" - you´d be on the safe side. But if it won´t work (as in our case) I think it´s a good compromise to set it on "no"

----------

## tekro

 *dannygentoo wrote:*   

>  *Quote:*   Question: Is the virus-scanner still active on the samba shares, when..
> 
> deny access on error = no 
> 
> Yes. The option will only prevent the scanner to deny access on files if the communication with the clamav-daemon fails. So with the option set on "yes" - you´d be on the safe side. But if it won´t work (as in our case) I think it´s a good compromise to set it on "no"

 

Thanks - it's good when its working.

However in case there is a general problem preventing com between samba and clam, it would probabely mean that we would have no virusprotection at all.

----------

## tekro

 *tekro wrote:*   

>  *dannygentoo wrote:*    *Quote:*   Question: Is the virus-scanner still active on the samba shares, when..
> 
> deny access on error = no 
> 
> Yes. The option will only prevent the scanner to deny access on files if the communication with the clamav-daemon fails. So with the option set on "yes" - you´d be on the safe side. But if it won´t work (as in our case) I think it´s a good compromise to set it on "no" 
> ...

 

----------

