Ask a new question

Files read-only on LINUX Samba fileshare. How do I set permissions properly?

And another year later... The problem is still there.

I'm having the problem with all Office documents on an iMac running Mavericks and Office 2011. The files are stored on a Linux fileserver using Samba. Not a Synology problem, we don't have any Synology kit.

I would say it is down to MS Office or OS X, although given this problem has existed over 3 versions of OS X now, it is either a really poor showing by Apple or the bug is Microsoft.

That said, there was a post at the end of page one, which said "users diconnecting from the network without closing," the iMac loses its connection to the network when the screen goes black after 10 minutes of idling. This often means that the shares have disappeared and I have to use FInder-> Go To Server to "wake up" the connection again.

Edit: Oops, just seen I replied to the wrong post...

One other thing, I did notice that a temporary Office files was sitting in the directory, when I tried to open the file. It doesn't seem to bother Office on Windows though.

[New question split by volunteer moderator from this answered question. The moderator, who tried to get the essence of the question, supplied the title of the new question.

Why are my files getting locked (read-only) automatically? - Microsoft Community

 

Note from moderator: new questions get answered much faster when asked as new questions. When a new question or follow-up question is tacked onto an answered question you can only hope a moderator stumbles across it and splits it off, which can take days, or may ever happen.]

Answer
Answer

Hello,

While transitioning my organization from aging XServe hardware running 10.6.8 OpenDirectory over to a Samba4 AD setup, I also experienced exactly this issue in addition to one other when managing ACLs from Windows. The issue exibits itself on OSX 10.7, 10.8 and 10.9. 10.6.8 will not behave with Samba4 at all (it has erratic behavior with any files it does not have access to, nothing I can find can fix it.)

One workaround you'll see everywhere to fix this and other issues is to disable SMB2/3 on the Mac. Since my organization has 400+ Macs that are not centrally managed (another long story) this is not practical. I have since found that this issue can be resolved by disabling SMB2/3 functionality in smb.conf, going back to the standard CIFS or NT1 protocol on the server. Although this is less than ideal as SMB2/3 has a lot of new features that improve performance, using Samba4 is hands down faster than AFP in almost every scenario.

Here is the line to add to your smb.conf:

server max protocol = NT1

The other part of the issue we had was the locked office files as described in this article: My file server administrator found a workaround for this:

"It seems that the built in user group “Everyone” must have access to “write attributes” and “write extended attributes”.
I think MS Office uses these attributes in determining how to handle the file.

I have tested this quite a bit and so far it seems to be working as we need.

User Group “A” has read/write access to create MS Office files.
Nobody else should be able to gain access to the folder.

By setting the “Everyone” group with the two special permissions I listed, this allows User Group A to open the MS Office files as read/write, and also prohibits any other person/group (except for admins) gaining access to the folder."

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

 
 

Question Info

Last updated May 11, 2023 Views 3,563 Applies to: