Samba, GPFS, wordpad and create mask = 0777

Rolf Anders rolf.anders at rz.uni-augsburg.de
Wed Aug 31 10:17:03 MDT 2011 

Jeremy,

On Tue, Aug 30, 2011 at 10:16:09AM -0700, Jeremy Allison wrote:
> On Tue, Aug 30, 2011 at 10:14:19AM -0700, Richard Sharpe wrote:
> > Hi,
> > 
> > Somewhere between Samba 3.5.3 and 3.5.8 a small change was made in
> > source3/smbd/open.c:open_file_ntcreate.
> > 
> > The change was to change these lines:
> > 
> >         if ((flags2 & O_CREAT) && lp_inherit_acls(SNUM(conn)) &&
> >             (def_acl = directory_has_default_acl(conn, parent_dir))) {
> >                 unx_mode = 0777;
> >         }
> > 
> > to these:
> > 
> >         if ((flags2 & O_CREAT) && lp_inherit_acls(SNUM(conn)) &&
> >             (def_acl = directory_has_default_acl(conn, parent_dir))) {
> >                 unx_mode = (0777 & lp_create_mask(SNUM(conn)));
> >         }
> > 
> > 
> > That is, lp_create_mask is anded with 0777 now, rather than 0777 being used.
> > 
> > This causes a problem with wordpad on gpfs when you go to overwrite an
> > existing rtf file (seemingly because wordpad uses FILE_OVERWRITE_IF,
> > and saving any updates to an rtf file fails with "Unexpected error".
> > 
> > I have tested with Word, Notepad and wordpad, and only wordpad seems
> > to use this behavior, and it seems very specific to GPFS.
> > 
> > I do not yet have a test for the underlying problem, but I might develop one.
> > 
> > The workaround is to add "create mask = 0777" to any GPFS-based shares.
> 
> The change was correct. In the 3.5.3 code the explicit "create mask" setting
> was being ignored in this case - it should never be ignored when creating a
> new file.

it seems to me that the value of "create mask" should actually be ignored
in this case, since it is only ignored if an ACL is inherited from the
parent directory.

The description of "inherit acls" in smb.conf(5) as well as the
problem reported by Richard Sharpe suggest that a "create mask" which
is different from 0777 somehow interferes with ACL inheritance. Hence,
to make ACL inheritance work correctly, one would need to set "create
mask = 0777". This setting, however, would make all files world writable
that are created in a directory without inheritance.

OTOH, if "create mask" really should take precedence over ACL inheritance,
at least the man page smb.conf(5) needs to be updated ("inherit acls (S)
[...] Enabling this option sets the unix mode to 0777, thus guaranteeing
that default directory acls are propagated.").

Greetings,

Rolf

-- 
Rolf Anders ............................ http://www.rz.uni-augsburg.de
Universität Augsburg, Rechenzentrum ............. Tel. (0821) 598-2030
86135 Augsburg .................................. Fax. (0821) 598-2028
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20110831/22dc1b8f/attachment.pgp>

More information about the samba-technical mailing list