Samba, CIFS and mkfifo
Jeremy Allison
jra at samba.org
Fri Jan 26 03:08:04 GMT 2007
On Thu, Jan 25, 2007 at 01:25:24PM +0000, Anders Karlsson wrote:
>
> I thought I'd drop you a line about the discussion we are conducting on
> the samba-technical mailing list. I hope I have not been annoying you
> with the problem I am describing on there, but a client I am looking
> after is very keen on having a resolution to this particular problem.
>
> What can I do to help / progress this towards a resolution?
Ok, I can see the problem in the capture trace. The
mkfifo call is being done with uid and gid of zero
- this is explicitly refused in the server. See this
code from smbd/trans2.c:
---------------server code---------------------
uid_t myuid = geteuid();
gid_t mygid = getegid();
/* We can only create as the owner/group
* we are. */
if ((set_owner != myuid) && (set_owner != (uid_t)SMB_UID_NO_CHANGE))
return(ERROR_DOS(ERRDOS,ERRnoaccess));
if ((set_grp != mygid) && (set_grp != (gid_t)SMB_GID_NO_CHANGE))
return(ERROR_DOS(ERRDOS,ERRnoaccess));
---------------end server code---------------------
Now look in the client code for mknod :
if(cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SET_UID) {
rc = CIFSSMBUnixSetPerms(xid, pTcon, full_path,
mode,(__u64)current->fsuid,(__u64)current->fsgid,
device_number, cifs_sb->local_nls,
cifs_sb->mnt_cifs_flags &
CIFS_MOUNT_MAP_SPECIAL_CHR);
} else {
rc = CIFSSMBUnixSetPerms(xid, pTcon,
full_path, mode, (__u64)-1, (__u64)-1,
device_number, cifs_sb->local_nls,
cifs_sb->mnt_cifs_flags &
CIFS_MOUNT_MAP_SPECIAL_CHR);
}
Note that if CIFS_MOUNT_SET_UID is set it makes the
call with the current current->fsuid and current->fsgid
and not -1, -1 (which maps to SMB_UID_NO_CHANGE and
SMB_GID_NO_CHANGE in the server).
This means you're telling the client you want to use
the same uid/gid's on the client as you do on the
server but you haven't mapped the uids and gids on client
and server to be identical.
Once you make sure the uid/gid that you're logged in on
the client match the uid/gid that you are using on the
server (ie. when you give username and password then
the uid and gid must be the same on both server and
client) then this should start working for you.
Jeremy.
More information about the samba-technical
mailing list