ACL error messages in samba log; NET_SAMLOGON

TAKAHASHI Motonobu monyo at samba.org
Tue Aug 21 14:43:05 GMT 2001 

Tobias Burnus wrote:
>we observe on our TruCluster (OSF/1, Compaq Tru64Unix 5.1) these ACL
>errors:
>------------------------
>[2001/08/21 16:01:24, 0, pid=527108, effective(4149, 400), real(0, 0)]
>smbd/posix_acls.c:(1643)
>  set_canon_ace_list: Failed to create permset for mode (320) on entry 0.
>(Invalid argument)
>-----------------------

This is a known problem.
The following is a summary of the 2 mails posted recently.

>Date: Sat, 28 Jul 2001 10:21:10 -0700
>Date: Mon, 30 Jul 2001 09:38:51 -0700

>From: Michael Davidson <md at caldera.com>
>To: samba-technical at samba.org
>Subject: Re: ACLs on Digital UNIX

-----
>According to the logs the point of failure is:
>
>> [2001/07/28 16:35:22, 0] smbd/posix_acls.c:(1643)
>>   set_canon_ace_list: Failed to create permset for mode (448) on entry
>> 0. (Invalid argument)
>and
>> 
>> [2001/07/28 16:39:01, 0] smbd/posix_acls.c:(1643)
>>   set_canon_ace_list: Failed to create permset for mode (320) on entry
>> 0. (Invalid argument)
>> 
>
>At first sight the modes look slightly strange, but that's because
>they are printed in decimal rather than octal - so 448 -> 0700 and
>320 -> 0600, both of which are reasonable.
>
> The function which is failing is map_acl_perms_to_permset(), and it
> in turn must be failing because either sys_acl_clear_perms() or
> sys_acl_add_perm() is failing ... which is somewhat bizarre since
> both of these are trivial mappings onto the underlying acl_*
> functions.

*sigh* 

Well, as it turns out *both* acl_clear_perm() and acl_add_perm()
are failing - and they fail even in a trivial test program, which
leads me to wonder just how much the ACL interface on Digital UNIX
has ever been used.

Both of these funtions, and several others, map onto an underlying
and undocumented acl_mod_perm() function which appears to be
responsible for all permset manipulations.

A quick search through Compaq's web site didn't reveal any known
problems with ACLs, although I may have missed something since
the search engine isn't very smart and, unfortunately "acl" is
a substring of "Oracle" which results in a *lot* of spurious matches ...

-----
TAKAHASHI, Motonobu(monyo)         monyo at samba.org
Personal - http://home.monyo.com/
Samba Team - http://samba.org/     Samba-JP - http://www.samba.gr.jp/  
JWNTUG - http://www.jwntug.or.jp/  Analog-JP - http://www.jp.analog.cx/
MCSE+I, SCNA, CCNA, Turbo-CI

More information about the samba-technical mailing list