FW: Sporadic permission denied error in Samba 4.3 and 4.4, 4.2 OK
jra at samba.org
Tue Nov 15 18:44:50 UTC 2016
On Tue, Nov 15, 2016 at 06:37:23PM +0000, Youzhong Yang wrote:
> Thanks Jeremy and Volker.
> I tested messaging using unix_msg_test_drain and unix_msg_test_source, there's nothing out of ordinary.
> I dtraced sendmsg() and here are 3 error codes that it returns during the testing:
> 13: EACCES
> 2: ENOENT
> 11: EAGAIN
> What concerns me is the error code EACCES, its stack looks like the following:
> And indeed its euid is not 0(root) when EACCES was returned.
> I tried to set euid and egid to 0 inside unix_dgram_send_job() at the beginning and the restore them at the end, then some of the smbd processes crashed with the following stack trace:
You can't use become_root()/unbecome_root() inside a
pthread_pool function - they're not thread safe.
It looks like on Solaris the permission check is
being done on every sendmsg, rather than only on
the connect() - that's a strange decision to make
and would make things slower - for a connected
socket you really only need to check permissions
on the connect() call.
Solaris doesn't have per-thread credentials, which
means changing to root in a thread for sendmsg()
will cause the entire process to change creds, again,
not what you want.
Given this sendmsg() seems very broken on Solaris :-(.
More information about the samba-technical