Samba, GPFS, wordpad and create mask = 0777

Richard Sharpe realrichardsharpe at gmail.com
Thu Sep 1 12:55:58 MDT 2011 

On Wed, Aug 31, 2011 at 9:17 AM, Rolf Anders
<rolf.anders at rz.uni-augsburg.de> wrote:
> Jeremy,
>
> On Tue, Aug 30, 2011 at 10:16:09AM -0700, Jeremy Allison wrote:
>> On Tue, Aug 30, 2011 at 10:14:19AM -0700, Richard Sharpe wrote:
>> > Hi,
>> >
>> > Somewhere between Samba 3.5.3 and 3.5.8 a small change was made in
>> > source3/smbd/open.c:open_file_ntcreate.
>> >
>> > The change was to change these lines:
>> >
>> >         if ((flags2 & O_CREAT) && lp_inherit_acls(SNUM(conn)) &&
>> >             (def_acl = directory_has_default_acl(conn, parent_dir))) {
>> >                 unx_mode = 0777;
>> >         }
>> >
>> > to these:
>> >
>> >         if ((flags2 & O_CREAT) && lp_inherit_acls(SNUM(conn)) &&
>> >             (def_acl = directory_has_default_acl(conn, parent_dir))) {
>> >                 unx_mode = (0777 & lp_create_mask(SNUM(conn)));
>> >         }
>> >
>> >
>> > That is, lp_create_mask is anded with 0777 now, rather than 0777 being used.
>> >
>> > This causes a problem with wordpad on gpfs when you go to overwrite an
>> > existing rtf file (seemingly because wordpad uses FILE_OVERWRITE_IF,
>> > and saving any updates to an rtf file fails with "Unexpected error".
>> >
>> > I have tested with Word, Notepad and wordpad, and only wordpad seems
>> > to use this behavior, and it seems very specific to GPFS.
>> >
>> > I do not yet have a test for the underlying problem, but I might develop one.
>> >
>> > The workaround is to add "create mask = 0777" to any GPFS-based shares.
>>
>> The change was correct. In the 3.5.3 code the explicit "create mask" setting
>> was being ignored in this case - it should never be ignored when creating a
>> new file.
>
> it seems to me that the value of "create mask" should actually be ignored
> in this case, since it is only ignored if an ACL is inherited from the
> parent directory.
>
> The description of "inherit acls" in smb.conf(5) as well as the
> problem reported by Richard Sharpe suggest that a "create mask" which
> is different from 0777 somehow interferes with ACL inheritance. Hence,
> to make ACL inheritance work correctly, one would need to set "create
> mask = 0777". This setting, however, would make all files world writable
> that are created in a directory without inheritance.
>
> OTOH, if "create mask" really should take precedence over ACL inheritance,
> at least the man page smb.conf(5) needs to be updated ("inherit acls (S)
> [...] Enabling this option sets the unix mode to 0777, thus guaranteeing
> that default directory acls are propagated.").

While pursuing the underlying cause of this problem I have discovered
that my test was incorrect and the change I mentioned above is not the
culprit.

Back to the drawing boards. Digging deeper.

-- 
Regards,
Richard Sharpe

More information about the samba-technical mailing list