[PR PATCH] disable_openfile_inode_check

Jeremy Allison jra at samba.org
Thu Dec 10 16:56:40 UTC 2015

On Thu, Dec 10, 2015 at 12:04:14PM +0100, Volker Lendecke wrote:
> On Thu, Dec 10, 2015 at 07:58:52AM +0000, github at samba.org wrote:
> > There is a new pull request by RG72 against master on the Samba Samba Github repository
> > 
> > https://github.com/RG72/samba master
> > https://github.com/samba-team/samba/pull/44
> > 
> > disable_openfile_inode_check
> >  Add a option disable_openfile_inode_check.
> > 
> > I use samba over overlayfs. 
> > When users try to open file for write, they will get NT_STATUS_ACCESS_DENIED and file opens for read only. 
> > Because open_file_ntcreate: file %s - dev/ino mismatch.
> > 
> > With disable_openfile_inode_check = true, users can openfile for write.
> > I build a time machine of share, with overlayfs and hard links.
> Well, it very much seems the file system you have is really, really
> broken. It changes inode numbers on the fly as it pleases? That breaks
> quite some assumptions in Samba that lie pretty deep.  None of the locking
> we do can work if inodes are just volatile floating values. Please do
> not use Samba on that file system, it will reliably destroy your data.
> With best regards,

Not only broken, but also really, really insecure ! Bonus :-).

Many apps depend on the idiom

fd = open(name,..)
fstat(fd, &st1)

and then check that st.ino == st1.ino for security
purposes. That won't work on this filesystem either..

More information about the samba-technical mailing list