samba 4.5.0 on hpux ia64:- permission denied error for the share.
Arjit Gupta
arjitk.gupta at gmail.com
Fri Dec 9 05:54:57 UTC 2016
Hi Uri,
The added debug is in the client log instead of log.smbd
I have attached both smbd and client machine logs.
*g**rep "converted perms for " log.clientmachine*
* hpux_acl_to_smb_acl: converted perms for 0 0x7->0x7*
* hpux_acl_to_smb_acl: converted perms for 0 0x7->0x7*
* hpux_acl_to_smb_acl: converted perms for 0 0x7->0x7*
* hpux_acl_to_smb_acl: converted perms for 0 0x7->0x7*
Arjit Kumar
On Fri, Dec 9, 2016 at 10:16 AM, Uri Simchoni <uri at samba.org> wrote:
> Arjit,
>
> Please try the attached patch - it adds a debug print in the spot where
> the HP-UX ACL system call return values are translated to Samba common
> ACL permissions. Since the result of this translation appears to be
> zero, I'd like to see what are the values before translation.
>
> Please apply the patch, rebuild, set log level to 10, try to access the
> share, and bring back the full log.smbd.
>
> Thanks,
> Uri.
>
> On 12/08/2016 04:05 PM, Arjit Gupta wrote:
> > Hello Uri,
> >
> > On debugging further i observer the below difference when run with and
> > without acl
> >
> > *with-acl:*
> >
> > sd: struct security_descriptor
> >
> > dacl : *
> >
> > dacl: struct security_acl
> >
> > ..
> >
> > aces: struct security_ace
> >
> > ..
> >
> > *access_mask : 0x00000000 (0)*
> >
> >
> >
> > *without-acl:*
> >
> > sd: struct security_descriptor
> >
> > dacl : *
> >
> > dacl: struct security_acl
> >
> > ..
> >
> > aces: struct security_ace
> >
> > ..
> >
> > *access_mask : 0x001f01ff (2032127)*
> >
> >
> > Rest other fields are same in both scenarios.
> > Please suggest how could i debug further in the same direction.
> >
> > Arjit Kumar
> >
> > On Thu, Nov 24, 2016 at 1:11 AM, Uri Simchoni <uri at samba.org> wrote:
> >
> >> On 11/23/2016 01:15 PM, Arjit Gupta wrote:
> >>> Hello Uri,
> >>>
> >>> After using --without-acl-support in configure we are able to access
> >> share
> >>> with normal user.
> >>> Please help us understand the impact of disabling acl feature in samba.
> >>>
> >>> Arjit Kumar
> >>>
> >>
> >> For a file server, you need ACL support if either of the following is
> true:
> >> - You use POSIX acls on your system - users define ACLs on individual
> >> files and folders to control access to them and allow sharing (e.g.
> >> using getfacl/setfacl tool). The files are also being accessed by other
> >> means than Samba, and Samba needs to play along.
> >> - Your users use the security tab to manage file/folder permissions -
> >> POXIS ACLs are one way to support this partially (but in a way that let
> >> the kernel enforce the ACLs and hence affect any use of the files, not
> >> just via SMB)
> >>
> >> I really don't know what went wrong with the ACL support. While the
> >> configure process doesn't include tests for HPUX ACLs, I would imagine
> >> that the build would fail if headers or libraries were missing. With no
> >> access to an HP-UX system and documentation I can't see how I can be of
> >> help.
> >>
> >> Uri.
> >>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: log.clientmachine
Type: application/octet-stream
Size: 119669 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20161209/3937d934/log-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: log.smbd
Type: application/octet-stream
Size: 10063 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20161209/3937d934/log-0003.obj>
More information about the samba-technical
mailing list