Problems with "Read Only" on a Samba share from Windows machines

Posted by fistameeny on Server Fault See other posts from Server Fault or by fistameeny
Published on 2010-11-04T10:25:41Z Indexed on 2012/09/22 9:40 UTC
Read the original article Hit count: 317

Filed under:
|
|
|


We have a Ubuntu 10.04 Server that has a bunch of Samba shares on it that Windows workstations connect to. Each Windows workstation has a valid username/password to access the shares, which have restricted access governed by Samba.

The problem we are experiencing is that Samba doesn't seem to be able to mimic the Windows way of handling "Read Only" attributes.

Say I have two users, UserA and UserB, both a group called Staff - UserA creates a file that is readable/writeable by the group (ie. chmod rwxrwx---). If UserA then sets the "Read Only" flag, this changes the permissions to r-xr-x--- (i.e. no write for anyone).

As UserB is in the same group as UserA, they should be able to remove the "Read Only" permission - however, they can't as Samba won't allow it.

Is there a way to force Samba to allow users within the same group to remove the "Read Only" from a file not created by them?

Edit:
The Samba smb.conf is as follows:

The share is defined in the smb.conf as:

[global]
    log file = /var/log/samba/log.%m  
    passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .  
    obey pam restrictions = yes  
    map to guest = bad user  
    encrypt passwords = true  
    passwd program = /usr/bin/passwd %u  
    passdb backend = tdbsam  
    dns proxy = no  
    netbios name = ubsrv  
    server string = ubsrv  
    unix password sync = yes  
    os level = 20  
    syslog = 0  
    usershare allow guests = yes  
    panic action = /usr/share/samba/panic-action %d  
    max log size = 1000  
    pam password change = yes  
    workgroup = workgroup  

[Projects]  
    valid users = @Staff   
    writeable = yes  
    user = @Staff  
    create mode = 0777  
    path = /srv/samba/Projects  
    directory mode = 0777  
    store dos attributes = Yes  

The folder itself looks like this:

ls -l /srv/samba/
drwxrwxrwx 2 nobody Staff 4096 2010-11-04 10:09 Projects

Thanks in advance,
Matt

© Server Fault or respective owner

Related posts about Windows

Related posts about permissions