Samba, CIFS and mkfifo

Anders Karlsson anders.karlsson at redhat.com
Fri Jan 26 07:48:42 GMT 2007 

On Thu, 2007-01-25 at 19:08 -0800, Jeremy Allison wrote:
> Ok, I can see the problem in the capture trace. The
> mkfifo call is being done with uid and gid of zero
> - this is explicitly refused in the server.

In the trace, there is two attempts. One with the FIFO being called
'abc' - done as root. The other, a bit further on, called 'aabb' done as
the user 'cifs' which is the mount user (and admin user for the share).

Using a different user still yield a EACCES error.

>  See this
> code from smbd/trans2.c:
> 
> ---------------server code---------------------
> uid_t myuid = geteuid();
> gid_t mygid = getegid();
> 
> /* We can only create as the owner/group
>  * we are. */
> 
> if ((set_owner != myuid) && (set_owner != (uid_t)SMB_UID_NO_CHANGE))
> 	return(ERROR_DOS(ERRDOS,ERRnoaccess));
> if ((set_grp != mygid) && (set_grp != (gid_t)SMB_GID_NO_CHANGE))
> 	return(ERROR_DOS(ERRDOS,ERRnoaccess));
> ---------------end server code---------------------
> 
> Now look in the client code for mknod :
> 
>                 if(cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SET_UID) {
>                         rc = CIFSSMBUnixSetPerms(xid, pTcon, full_path,
>                                 mode,(__u64)current->fsuid,(__u64)current->fsgid,
>                                 device_number, cifs_sb->local_nls,
>                                 cifs_sb->mnt_cifs_flags &
>                                         CIFS_MOUNT_MAP_SPECIAL_CHR);
>                 } else {
>                         rc = CIFSSMBUnixSetPerms(xid, pTcon,
>                                 full_path, mode, (__u64)-1, (__u64)-1,
>                                 device_number, cifs_sb->local_nls,
>                                 cifs_sb->mnt_cifs_flags &
>                                         CIFS_MOUNT_MAP_SPECIAL_CHR);
>                 }
> 
> Note that if CIFS_MOUNT_SET_UID is set it makes the
> call with the current current->fsuid and current->fsgid
> and not -1, -1 (which maps to SMB_UID_NO_CHANGE and
> SMB_GID_NO_CHANGE in the server).
> 
> This means you're telling the client you want to use
> the same uid/gid's on the client as you do on the
> server but you haven't mapped the uids and gids on client
> and server to be identical.

In my scenario the client and the server machine is the same. Users were
added with 'useradd', and then 'smbpasswd -a' was run for those users.
Are you saying that /etc/samba/smbusers have to be updated for every
user added that require this functionality to work? (Scratch that, just
tried it, gives no change in behaviour.)

> Once you make sure the uid/gid that you're logged in on
> the client match the uid/gid that you are using on the
> server (ie. when you give username and password then
> the uid and gid must be the same on both server and
> client) then this should start working for you.

Okay, I am trying this.

Thanks!

/Anders

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3679 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20070126/2d787381/smime.bin

More information about the samba-technical mailing list