[CentOS] Centos 7 Samba - all shares read only

Thu May 4 13:13:31 UTC 2017
Gary Stainburn <gary at ringways.co.uk>

I few weeks back my server started having a problem where all shares are now 
readonly.  AFAIK nothing has changed except a 'yum update' which was probably 
around the same time.

Everyone still has the shares on their Win7 PC's and can see the contents. 
However, if they try to open a file it opens read only. If the try to create 
a new file (e.g. right click -> New -> Text Document) it says that they don't 
have permission.

I am not seeing anything meaningful in the log files. Can anyone give me a 
clue how to fix this, or at least how to collect getting debug info?

SELinux has been disabled to eliminate that.

Gary

Global parameters
[global]
	netbios name = ZEPPO2
	server string = Ringways Doncaster Showroom Server
	workgroup = MOTORPARK
	os level = 33
	preferred master = Yes
	log file = /var/log/samba/log.%m
	max log size = 50
	guest account = gary
	security = USER
	username map = /etc/samba/smbusers
	wins proxy = Yes
	wins server = 10.1.1.101
	idmap config * : backend = tdb
	cups options = raw
	hosts allow = 127. 10.


[printers]
	comment = All Printers
	path = /var/spool/samba
	browseable = No
	printable = Yes
	guest ok = Yes


[tmp]
	comment = Temporary work area
	path = /user/remote/tmp
	guest ok = Yes
	read only = No


[goodwill]
	comment = Good will documents
	path = /user/remote/goodwill
	force user = gary
	guest ok = Yes
	read only = No
	valid users = gary


[service]
	comment = Temporary work area
	path = /user/remote/service
	force user = gary
	read only = No
	valid users = gary
	write list = gary


[sales_doc]
	comment = Sales D.O.C. spreadsheets
	path = /user/remote/sales_doc
	force user = gary
	guest ok = Yes
	read only = No
	valid users = gary

[root at zeppo ~]# smbstatus 

Samba version 4.4.4
PID     Username     Group        Machine                                   
Protocol Version  Encryption           Signing              
----------------------------------------------------------------------------------------------------------------------------------------
2552    gary         gary         10.6.103.236 (ipv4:10.6.103.236:50445)    
SMB2_10           -                    -                    

Service      pid     Machine       Connected at                     Encryption   
Signing     
---------------------------------------------------------------------------------------------
tmp          2552    10.6.103.236  Thu May  4 14:05:23 2017 
BST     -            -           

Locked files:
Pid          Uid        DenyMode   Access      R/W        Oplock           
SharePath   Name   Time
--------------------------------------------------------------------------------------------------
2552         1000       DENY_ALL   0x100080    RDONLY     
NONE             /user/remote/tmp   .   Thu May  4 14:05:23 2017
2552         1000       DENY_NONE  0x100081    RDONLY     
NONE             /user/remote/tmp   .   Thu May  4 14:05:39 2017

[root at zeppo ~]# 
ls -ld / /user /user/remote/ /user/remote/tmp/ /user/remote/service/
dr-xr-xr-x. 18 root root 4096 May  4 13:59 /
drwxr-xr-x.  4 root root   34 Nov  7  2013 /user
drwxr-xr-x. 22 gary gary 4096 Jun  2  2016 /user/remote/
drwxr-xr-x.  6 gary gary 4096 Apr 19 08:32 /user/remote/service/
drwxr-xr-x.  8 gary gary 4096 Feb 23 17:26 /user/remote/tmp/
[root at zeppo ~]#