become_root() Necessary for Group Quota in quotas.c?
Christof Schmitt
cs at samba.org
Wed Aug 28 23:32:08 UTC 2024
On Mon, Aug 26, 2024 at 03:40:18PM -0600, Orion via samba-technical wrote:
> On 8/12/24 17:41, Christof Schmitt via samba-technical wrote:
> > This sounds confusing. Why would the root not have access to the
> > directory?
> The server is making the request over NFS and root squashing is enabled on
> the machine which causes the permission issue.
This is at least unusual. I am not sure if that might also expose other
problems.
> I do not believe that it is necessary for the quota to be requested as root
> because this will allow any user to get the quota of any group whether or
> not they have permission to do so. For example, Linux quota-tools does not
> allow users to request quota for groups that they do not have access to.
> Instead it returns a permission denied error. FreeBSD (and presumably the
> other BSDs) also follow this pattern:
>
> "Non-super-users can use the -g flag and optional group argument to view
> only the limits of groups of which they are members." -
> man.freebsd.org/cgi/man.cgi?query=quota
>
> Since the systems should not make a call for a quota outside of which they
> have permissions, I believe we can move forward with just removing the
> become_root() and unbecome_root() parts.
What exactly failed for you? Did you query quotas, or did that happen
while creating a new file underneath a sgid directory?
The interesting codepath is when attempting to create a new file
underneath a sgid directory where the directory group has a quota
assigned, and the current user is not a member of this group.
With "strict allocate = yes" in the Samba config, then in
samba/source3/smbd/vfs.c
int vfs_allocate_file_space(files_struct *fsp, uint64_t len)
is called that first tries to allocate space for the file through
ret = SMB_VFS_FALLOCATE(fsp, VFS_FALLOCATE_FL_KEEP_SIZE,
0, len);
If that system call is not available in the underlying file system
(here, the NFS client, and specifically FL_KEEP_SIZE flag might not be
supported), then there is a fallback codepath to query the quota
instead.
space_avail =
get_dfree_info(conn, fsp->fsp_name, &bsize, &dfree, &dsize);
and that ends up calling the quota queries you observed. In this
specific case, we need to override the quota query permissions, to at
least know about the quota. The way this check is done is not great
(first check for available space and create the actual file later;
somethign could happen in between), but without FL_KEEP_SIZE available,
there is not much else we could do.
If that is your scenario, you could try configuring Samba with "strict
allocate = no", to avoid this codepath. I don't think simply removing
the become_root is the correct approach here.
Christof
More information about the samba-technical
mailing list