Univention Bugzilla – Bug 55205
"access based share enum" hides folders for all users
Last modified: 2022-10-10 13:21:35 CEST
Hello Developer, i am the Customer Max is talking about. 1 funny detail, when i am logged in with the "Administrator" account, and Administrator is in the Valid Users, The Administrator Account can see the Share. But with another account who is also in the Domain Admin Group can't. Standard users definitely can't see them. But every Valid User have Access to the Folder when they type the Path manually in the Explorer. Thanks in Advance Erwin
Hello Developer, it's my first bug report, inform me please if something is missing. a customer works with network shares on a 5.0-2 errata401 and he uses the "access based share enum" option and the "valid users" option to hide the folder where at least not any read-permission is set to the accessing users. It does not work anymore on their newer version, but it worked on 5.0-1 errata342 before. The folders are not visible for the list of the "valid users" with the "access based share enum" enabled. I did check the log files from samba and could find nothing related, maybe the bug prevents also to log because it wont trigger anything anymore, what was working before, for me it looks like a breaking change, but I couldn't find the root cause so far. We have recreated the problem on a 5.0-2 errata411 and also there was the same behavior. Please check why the option won't work anymore, it seems like a bug from my perspective. Best Regards, Max
Output from "udm shares/share list --filter cn=Testuser_Dok2": cn=Testuser_Dok2 DN: cn=Testuser_Dok2,cn=ldap.test.de,cn=shares,dc=test,dc=de directorymode: 0700 group: 0 host: ldap.test.de name: Testuser_Dok2 owner: 2054 path: /mnt/data/userdir/Testuser_Doc printablename: Testuser_Dok2 (ldap.test.de) root_squash: 1 sambaBlockSize: None sambaBlockingLocks: 1 sambaBrowseable: 1 sambaCreateMode: 0744 sambaCscPolicy: manual sambaCustomSettings: valid users = Testuser, Administrator sambaCustomSettings: access based share enum = yes sambaDirectoryMode: 0755 sambaDirectorySecurityMode: 0777 sambaDosFilemode: 0 sambaFakeOplocks: 0 sambaForceCreateMode: 00 sambaForceDirectoryMode: 00 sambaForceDirectorySecurityMode: 00 sambaForceGroup: None sambaForceSecurityMode: 00 sambaForceUser: None sambaHideFiles: None sambaHideUnreadable: 1 sambaInheritAcls: 1 sambaInheritOwner: 0 sambaInheritPermissions: 0 sambaInvalidUsers: None sambaLevel2Oplocks: 1 sambaLocking: 1 sambaMSDFSRoot: 0 sambaName: Testuser_Dok2 sambaNtAclSupport: 1 sambaOplocks: 1 sambaPostexec: None sambaPreexec: None sambaPublic: 0 sambaSecurityMode: 0777 sambaStrictLocking: Auto sambaVFSObjects: None sambaValidUsers: None sambaWriteList: None sambaWriteable: 1 subtree_checking: 1 sync: sync writeable: 1 despite the both entries: * sambaCustomSettings: valid users = Testuser, Administrator * sambaCustomSettings: access based share enum = yes Only "Administrator" can see the directory directly, "Testuser" cannot.