conn->share_access appears not be be reset between users

Andrew Bartlett abartlet at
Thu Dec 20 14:40:38 MST 2012

I've been chasing down a bug for work, where it was reported that "write
list" (which overrides the read only=yes in smb.conf) does not work with
Samba 4.0.

This can be fixed by reverting 4544c52fc432c4eb5ba45389519d00923d9698ca.

However, this made me look into the whole situation around
conn->share_mask.  It appears that this member of connection_struct is
set during the tree connect so it can be used along side the per-file ACL
mask handling.  

This was added in:

commit 720fa46f9443ccbe471b265f1c2b9cb9782a3c26
Author: Volker Lendecke <vl at>
Date:   Mon Jul 4 18:35:21 2011 +0200

    s3: Calculate&store the maximum share access mask
    Signed-off-by: Stefan Metzmacher <metze at>

However, due to the way this code works, a new user connecting to a
share on the same tree connect will not have a new 'conn' structure, but
re-uses the structure esablished by the first user.  The code in
smbd/uid.c:check_user_ok() will replace the read_only and session_info
elements, but not the conn->share_access element.

The original code also appears to be the confusing factor here, as the
share ACL (rarely used ability to set an NT ACL on a share, using
sharesec or a windows GUI tool) is additionally checked before
change_to_user(), probably to give back a nicer error, and then along
with the other access checks, in change_to_user().  

As we (essentially) always honour posix permissions and the read only flag
as set on the connection, I see this as a correctness issue - we could 
get an odd interaction between the mask from the share ACL and the mask 
from the file ACL. 

The fix, as I see it, is to push all the per-user access control stuff
back into the change_to_user code, that is always run before a user can
access a share.

Once we sort this out, the attached is the test case for fixing "write list".

Fileed as to help us track this into 4.0


Andrew Bartlett
Andrew Bartlett                      
Authentication Developer, Samba Team 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-selftest-show-that-Samba-honours-write-list-and-vali.patch
Type: text/x-patch
Size: 3843 bytes
Desc: not available
URL: <>

More information about the samba-technical mailing list