Question on streams dir structure creation.

Hemanth Thummala hemanth.thummala at
Wed Oct 19 00:22:47 UTC 2016

In vfs_mkdir(), I see that mode will be overwritten with (0777 & lp_directory_mask(SNUM(handle->conn)) when the inherit acls set to true and the parent dirname has DACL. In our case,  “.streams”  never inherit NTACLs on creation. And the default or dummy security descriptor doesn’t have DACL. Not sure if this check is expected to passed for the stream directories.

Another issue that I have observed is that when a file with alternate data stream gets deleted, the corresponding stream file in (.streams/XX/XX/(16-byte-hash-fid)/:stream-X) is getting deleted(only the last component) without  deleting the 16 byte hash fid directory. This is causing issue in the delete work flow. When the create with DELETE access is requested, we walk through the streams to see if there are any open streams. While walking through the streams, in stream_dir() we construct the stream dir path components (.streams/XX/XX/(16-byte-hash-fid)) and stat the path. Since the last component is not deleted, we assume the case that it is the case file getting recreated with the same inode and take an action to restore this folder by renaming to lost-xxxxx folder.

But clearly its not the case of file creation using same inode. Shouldn’t we have this stat check only if argument “create_it” is set?
Ideally all_streams should take care of deleting the 16-byte-id stream component after successful unlink of all alternate streams. Is there any specific reason for not deleting it ?

From: Hemanth Thummala <hemanth.thummala at<mailto:hemanth.thummala at>>
Date: Tuesday, October 18, 2016 at 11:46 AM
To: "samba-technical at<mailto:samba-technical at>" <samba-technical at<mailto:samba-technical at>>
Subject: Question on streams dir structure creation.

Hello All,

I see that in stream_dir(),  mode “0755” is explicitly used to create the streams two level directory structure(ex: .streams/AB/CF/<16-byte-fileid>.

"SMB_VFS_NEXT_MKDIR(handle, tmp_fname, 0755)"

This works fine when the first use coming in creating a stream file. Internal stream directory structure is getting created by this user id. And he becomes the owner of the entire stream dir path.

But we are seeing the permissions issue when second user is trying to create the final streams directory(16-byte string). Mkdir is failing with permission denied error. This is due the fact that second user falls into group or others unix group for which there is no write access. I would like to know if using this 755 mode is intentional for streams directory structure for some reason.

Please let me know.


More information about the samba-technical mailing list