become_root() Necessary for Group Quota in quotas.c?

Orion orion at et.byu.edu
Fri Aug 9 21:00:48 UTC 2024


Here is my proposed patch of the file source3/smbd/quotas.c to fix the 
issue I outlined previously:

@@ -458,10 +458,8 @@ try_group_quota:
             S_ISDIR(fname->st.st_ex_mode) &&
             fname->st.st_ex_mode & S_ISGID) {
                 id.gid = fname->st.st_ex_gid;
-               become_root();
                 r = SMB_VFS_GET_QUOTA(conn, fname, SMB_GROUP_QUOTA_TYPE, id,
                                       &D);
-               unbecome_root();
         } else {
                 id.gid = getegid();
                 r = SMB_VFS_GET_QUOTA(conn, fname, SMB_GROUP_QUOTA_TYPE, id,

Any comments would be appreciated.

On 8/1/24 17:06, Orion wrote:
> We have a situation in which the root user does not have access to the 
> files contained in a directory with SGID set. When a user navigates to 
> this directory and Samba attempts to request the quota for the 
> directory, it fails when the code later attempts to do a stat on the 
> file because of lack of permissions.
>
> In the file samba/source3/smbd/quotas.c if the SGID bit is set, the 
> code changes the effective GID to the GID of the folder, uses 
> become_root() to change to root, and then requests the quota. However, 
> if the SGID bit is not set, quotas.c requests the quota without using 
> the become_root() function. The question I have is, why when the SGID 
> bit is set does it change to root before requesting the quota?
>
> Can we remove the become_root() function call for this instance and 
> request the quota as the GID of the folder?
>
> I tested removing the become_root() and unbecome_root() function 
> calls, and for our particular setup, it works perfectly. However, I am 
> curious if there is some other setup that may have issues if this bit 
> is removed.
>


More information about the samba-technical mailing list