samba 4.5.0 on hpux ia64:- permission denied error for the share.
Uri Simchoni
uri at samba.org
Fri Dec 9 04:46:37 UTC 2016
Arjit,
Please try the attached patch - it adds a debug print in the spot where
the HP-UX ACL system call return values are translated to Samba common
ACL permissions. Since the result of this translation appears to be
zero, I'd like to see what are the values before translation.
Please apply the patch, rebuild, set log level to 10, try to access the
share, and bring back the full log.smbd.
Thanks,
Uri.
On 12/08/2016 04:05 PM, Arjit Gupta wrote:
> Hello Uri,
>
> On debugging further i observer the below difference when run with and
> without acl
>
> *with-acl:*
>
> sd: struct security_descriptor
>
> dacl : *
>
> dacl: struct security_acl
>
> ..
>
> aces: struct security_ace
>
> ..
>
> *access_mask : 0x00000000 (0)*
>
>
>
> *without-acl:*
>
> sd: struct security_descriptor
>
> dacl : *
>
> dacl: struct security_acl
>
> ..
>
> aces: struct security_ace
>
> ..
>
> *access_mask : 0x001f01ff (2032127)*
>
>
> Rest other fields are same in both scenarios.
> Please suggest how could i debug further in the same direction.
>
> Arjit Kumar
>
> On Thu, Nov 24, 2016 at 1:11 AM, Uri Simchoni <uri at samba.org> wrote:
>
>> On 11/23/2016 01:15 PM, Arjit Gupta wrote:
>>> Hello Uri,
>>>
>>> After using --without-acl-support in configure we are able to access
>> share
>>> with normal user.
>>> Please help us understand the impact of disabling acl feature in samba.
>>>
>>> Arjit Kumar
>>>
>>
>> For a file server, you need ACL support if either of the following is true:
>> - You use POSIX acls on your system - users define ACLs on individual
>> files and folders to control access to them and allow sharing (e.g.
>> using getfacl/setfacl tool). The files are also being accessed by other
>> means than Samba, and Samba needs to play along.
>> - Your users use the security tab to manage file/folder permissions -
>> POXIS ACLs are one way to support this partially (but in a way that let
>> the kernel enforce the ACLs and hence affect any use of the files, not
>> just via SMB)
>>
>> I really don't know what went wrong with the ACL support. While the
>> configure process doesn't include tests for HPUX ACLs, I would imagine
>> that the build would fail if headers or libraries were missing. With no
>> access to an HP-UX system and documentation I can't see how I can be of
>> help.
>>
>> Uri.
>>
-------------- next part --------------
From 5cd4a19c773a4068f20077e23c4feeb875db5606 Mon Sep 17 00:00:00 2001
From: Uri Simchoni <uri at samba.org>
Date: Wed, 7 Dec 2016 08:13:31 +0200
Subject: [PATCH] debug print to sort out HPUX ACLs
---
source3/modules/vfs_hpuxacl.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/source3/modules/vfs_hpuxacl.c b/source3/modules/vfs_hpuxacl.c
index df27c89..5c55cf2 100644
--- a/source3/modules/vfs_hpuxacl.c
+++ b/source3/modules/vfs_hpuxacl.c
@@ -527,6 +527,7 @@ static SMB_ACL_T hpux_acl_to_smb_acl(HPUX_ACL_T hpux_acl, int count,
/* intentionally not checking return code here: */
sys_acl_set_qualifier(smb_entry, (void *)&hpux_acl[i].a_id);
smb_perm = hpux_perm_to_smb_perm(hpux_acl[i].a_perm);
+ DBG_DEBUG("converted perms for %d 0x%x->0x%x\n", hpux_acl[i].a_id, hpux_acl[i].a_perm, smb_perm);
if (sys_acl_set_permset(smb_entry, &smb_perm) != 0) {
DEBUG(10, ("invalid permset given: %d\n",
hpux_acl[i].a_perm));
--
2.9.3
More information about the samba-technical
mailing list