samba 3.3.x and SMB RAW-ACLs

yaberger at ca.ibm.com yaberger at ca.ibm.com
Mon Feb 23 07:55:45 MST 2009 

Hello,

I'm having some issues with the SMB RAW-ACLs in the 3.3.x tree and my 
filesystem (IBM DFS).

The original commit that seems to bring the problem (most likely the 
smbd/open.c check_open_rights() call in open_file() )
http://gitweb.samba.org/?p=samba.git;a=commit;h=cc8207790ef2fc38635415501a83a0161d48015a

With 3.3.0, I wasn't able to delete/rename files (access denied) that I'm 
not the owner (user or group). But I have the rights on the DFS ACLs 
layer. (see log and details at the end of the mail)


I've applied the 2 followings patches to 3.3.0 and delete is now working, 
No luck with the rename.
#6082
http://gitweb.samba.org/?p=samba.git;a=commit;h=c5462c8b43435763783185a03029903efe3b0c11
#6090
http://gitweb.samba.org/?p=samba.git;a=commit;h=249dab1abbf49b0ca45360eb9aedb20d51a80e5f


 I'm afraid that there might be more problems that we haven't discovered 
yet since there is no VFS module for DFS. Samba is using the aix one.


On short term, I've decided to comment the logic calling 
check_open_rights() that have been added in smbd/open.c in the original 
commit but I'm looking for a mid/long term that will allow me to use the 
main samba tree


Here is a log level 10. trying to move the file toto1 -> toto2. There is 
some debug entries that I've added for my comprehension.



Also, this is the unix and DFS ACLs. My network drive is mapped with user 
yaberger.
==> ls /dfs/home/yaberger/toto1
-rwxrwx---    1 yaberge2 yaberge2          0 Feb 23 08:27 
/dfs/home/yaberger/toto1
==> ls -n /dfs/home/yaberger/toto1
-rwxrwx---    1 5684     45936             0 Feb 23 08:27 
/dfs/home/yaberger/toto1
==> dcecp -c acl show /dfs/home/yaberger/toto1
{mask_obj rwxcid}
{user_obj rwxc--}
{user yaberger rwxc--}
{group_obj ------}
{group subsys/dce/dfs-bak-servers r-xc--}
{group subsys/dce/dfs-admin rwxcid}
{other_obj ------}
{any_other ------}


Any ideas/suggestions?

Regards,


Yannick Bergeron
yaberger at ca.ibm.com
IT Specialist
AIX / Samba / Load Balancer / DCE/DFS / SCM / Apache / Security / Perl 
scripting / etc. 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: log.move
Type: application/octet-stream
Size: 33006 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20090223/b605c577/log.obj

More information about the samba-technical mailing list