become_root() Necessary for Group Quota in quotas.c?
Orion
orion at et.byu.edu
Fri Aug 9 21:00:48 UTC 2024
Here is my proposed patch of the file source3/smbd/quotas.c to fix the
issue I outlined previously:
@@ -458,10 +458,8 @@ try_group_quota:
S_ISDIR(fname->st.st_ex_mode) &&
fname->st.st_ex_mode & S_ISGID) {
id.gid = fname->st.st_ex_gid;
- become_root();
r = SMB_VFS_GET_QUOTA(conn, fname, SMB_GROUP_QUOTA_TYPE, id,
&D);
- unbecome_root();
} else {
id.gid = getegid();
r = SMB_VFS_GET_QUOTA(conn, fname, SMB_GROUP_QUOTA_TYPE, id,
Any comments would be appreciated.
On 8/1/24 17:06, Orion wrote:
> We have a situation in which the root user does not have access to the
> files contained in a directory with SGID set. When a user navigates to
> this directory and Samba attempts to request the quota for the
> directory, it fails when the code later attempts to do a stat on the
> file because of lack of permissions.
>
> In the file samba/source3/smbd/quotas.c if the SGID bit is set, the
> code changes the effective GID to the GID of the folder, uses
> become_root() to change to root, and then requests the quota. However,
> if the SGID bit is not set, quotas.c requests the quota without using
> the become_root() function. The question I have is, why when the SGID
> bit is set does it change to root before requesting the quota?
>
> Can we remove the become_root() function call for this instance and
> request the quota as the GID of the folder?
>
> I tested removing the become_root() and unbecome_root() function
> calls, and for our particular setup, it works perfectly. However, I am
> curious if there is some other setup that may have issues if this bit
> is removed.
>
More information about the samba-technical
mailing list