Support for Solaris ACL?

Steen Jensen sj at kom.auc.dk
Thu Feb 5 17:33:47 GMT 1998


On Thu, 5 Feb 1998, David Collier-Brown wrote:

davecb> You wrote:
davecb> | The problem is, that I need to share these files with Samba, to Win95
davecb> | clients. When doing this people don't get the rights the need, because
davecb> | Samba don't support/respect the additionally rights given in the ACLs.
davecb> | So my question is, will Samba get support for Solaris ACL system?
davecb> 
davecb>   It sorta does and sorta doesn't...
davecb>   If I set up a file with specific ACLs on Solaris and share it
davecb> via Samba, the samba server process will honour the ACLs because it has
davecb> to: Solaris enforces them on it.
davecb>    Therefor the file will be acessable/inacessable to a user accessing
davecb> them via Samba just as if she was accessing them on Solaris.
davecb> 
davecb>    The file will retain the ACLs **UNLESS** the user happens to access
davecb> it with a program that goes...
davecb> 	rename file X to X.BAK
davecb> 	open file X.BAK for read
davecb> 	open file X for update
davecb> 	copy from X.BAK to X
davecb> 	change contents
davecb> 	flush changes to X
davecb> 	close both
davecb> 	exit
davecb>   This scenario will cause the client machine to have Samba open
davecb> a new file.  As Samba doesn't grok ACLs. it can't provide the
davecb> acls or permissions of X to the application, and the application can't
davecb> reproduce them when opening the ``new'' X.
davecb>   Poof! the ACLs appear to disappear!
davecb> 
davecb>   Programs which copy to X.BAK and then directly edit X will leave
davecb> X ``correct'' in this scenario, but X.BAK will me be missing ACLs...
davecb> which may turn out to be A Bad Thing.
davecb> 
davecb>   Try a trivial test to see if this is what is happening...  Feel free
davecb> to send me logs and questions. 

I just made a few tests, I get read access via Samba, but I don't get
write access.

Here is an example: (Server: Sun Ultra, Solaris 2.6, Samba-1.9.18p2)
                    (Client: Win95)

on Solaris:

generic creates a file, that only generic gets access to:

generic at capricorn:> touch testfile
generic at capricorn:> chmod 600 testfile 
generic at capricorn:> ls -l
total 0
-rw-------   1 generic  other          0 Feb  5 17:44 testfile

Now generic adds read/write access for sj, by using acl:

generic at capricorn:> setfacl -r -m u:sj:rw- testfile

And checks that it's ok:

generic at capricorn:> getfacl testfile 

# file: testfile
# owner: generic
# group: other
user::rw-
user:sj:rw-             #effective:rw-
group::---              #effective:---
mask:rw-
other:---

Now user sj can read and write to the file, on unix:

sj at capricorn:> echo testing >> testfile
sj at capricorn:> cat testfile 
testing

This is all OK, but when I try the same thing on my win95, as user sj:

t:\acl-test>type testfile
testing

So read access is fine.

t:\acl-test>echo testing2 >> testfile
Access denied "T:\acl-test\testfile"

I don't get write access, and I'm just trying to append to the file.

But the read access is ok, and that might be enough to solve my current
problem.

Below is a samba log (level 9) form just before I typed 'echo testing2 >>
testfile', on the PC the file gets opened with read access, but without
write access:

02/05/1998 18:20:28 sj opened file acl-test/testfile read=Yes write=No (numopen= 1 fnum=20)

Let me know, if you need further information, or debug logs.


Best,

Steen Jensen                                 System & net administrator
-- 
Aalborg University			     e-mail: sj at kom.auc.dk
Institute of Electronic Systems
Department of Communication Technology


[Samba log - level 9]

lp_file_list_changed()
file /dist/local/samba/lib/smb.conf -> /dist/local/samba/lib/smb.conf  last mod_time: Thu Feb  5 18:12:03 1998

got message type 0x0 of len 0x54
02/05/1998 18:20:28 Transaction 10 of length 88
size=84
smb_com=0x2d
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=0
smb_flg2=1
smb_tid=84
smb_pid=3362
smb_uid=100
smb_mid=34689
smt_wct=15
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=0 (0x0)
smb_vwv[2]=7 (0x7)
smb_vwv[3]=64 (0x40)
smb_vwv[4]=22 (0x16)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=776 (0x308)
smb_vwv[7]=13530 (0x34DA)
smb_vwv[8]=1 (0x1)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=0 (0x0)
smb_vwv[11]=0 (0x0)
smb_vwv[12]=0 (0x0)
smb_vwv[13]=0 (0x0)
smb_vwv[14]=0 (0x0)
smb_bcc=19
switch message SMBopenX (pid 8740)
become_user uid=(0,2060) gid=(2060,2060)
chdir to /r1p7/sj-tmp
unix_clean_name [./ACL-TEST/testfile]
checking testfile for 8.3
is_in_path: acl-test/testfile
is_in_path: no name list.
unix_clean_name [acl-test/testfile]
get_share_modes hash bucket 17 empty
calling open_file with flags=0x0 flags2=0x0 mode=0664
Allocated new file_fd_struct 0, dev = ffffffff, inode = ffffffff
02/05/1998 18:20:28 sj opened file acl-test/testfile read=Yes write=No (numopen=1 fnum=20)
is_in_path: acl-test/testfile
is_in_path: no name list.
open_file_shared: granted oplock (3) on file acl-test/testfile, dev = 80007f, inode = 7e013
shm_alloc : allocated 46 bytes at offset 152
set_share_mode: Created share record for acl-test/testfile (dev 8388735 inode 516115)
shm_alloc : allocated 24 bytes at offset 208
set_share_mode: Created share entry for acl-test/testfile with mode 0x40 pid=8740
dos_mode: 84 acl-test/testfile
is_in_path: acl-test/testfile
is_in_path: no name list.
dos_mode returning r
size=65
smb_com=0x2d
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=128
smb_flg2=1
smb_tid=84
smb_pid=3362
smb_uid=100
smb_mid=34689
smt_wct=15
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=0 (0x0)
smb_vwv[2]=20 (0x14)
smb_vwv[3]=1 (0x1)
smb_vwv[4]=64805 (0xFD25)
smb_vwv[5]=13529 (0x34D9)
smb_vwv[6]=8 (0x8)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=0 (0x0)
smb_vwv[11]=32769 (0x8001)
smb_vwv[12]=0 (0x0)
smb_vwv[13]=0 (0x0)
smb_vwv[14]=0 (0x0)
smb_bcc=0
write_socket(6,69)
write_socket(6,69) wrote 69
got message type 0x0 of len 0x37
02/05/1998 18:20:28 Transaction 11 of length 59
size=55
smb_com=0x8
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=0
smb_flg2=1
smb_tid=84
smb_pid=3362
smb_uid=100
smb_mid=34817
smt_wct=0
smb_bcc=20
switch message SMBgetatr (pid 8740)
Skipping become_user - already user
unix_clean_name [./ACL-TEST/TESTFILE]
checking TESTFILE for 8.3
is_in_path: acl-test/testfile
is_in_path: no name list.
unix_clean_name [acl-test/testfile]
dos_mode: 84 acl-test/testfile
is_in_path: acl-test/testfile
is_in_path: no name list.
dos_mode returning r
checking testfile for 8.3
02/05/1998 18:20:28 getatr name=acl-test/testfile mode=1 size=8
size=55
smb_com=0x8
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=128
smb_flg2=1
smb_tid=84
smb_pid=3362
smb_uid=100
smb_mid=34817
smt_wct=10
smb_vwv[0]=1 (0x1)
smb_vwv[1]=64805 (0xFD25)
smb_vwv[2]=13529 (0x34D9)
smb_vwv[3]=8 (0x8)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=0 (0x0)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=0
write_socket(6,59)
write_socket(6,59) wrote 59
got message type 0x0 of len 0x29
02/05/1998 18:20:28 Transaction 12 of length 45
size=41
smb_com=0x4
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=0
smb_flg2=1
smb_tid=84
smb_pid=3362
smb_uid=100
smb_mid=34945
smt_wct=3
smb_vwv[0]=20 (0x14)
smb_vwv[1]=65535 (0xFFFF)
smb_vwv[2]=65535 (0xFFFF)
smb_bcc=0
switch message SMBclose (pid 8740)
Skipping become_user - already user
del_share_modes Deleting share mode entry dev=8388735 ino=516115
shm_free : freeing 24 bytes at offset 208
del_share_modes num entries = 0, deleting share_mode dev=8388735 ino=516115
shm_free : freeing 48 bytes at offset 152
fd_attempt_close on file_fd_struct 0, fd = 7, dev = 80007f, inode = 7e013, open_flags = 2, ref_count = 1.
02/05/1998 18:20:28 sj closed file acl-test/testfile (numopen=0)
02/05/1998 18:20:28 close fd=-1 fnum=20 cnum=84 (numopen=0)
size=35
smb_com=0x4
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=128
smb_flg2=1
smb_tid=84
smb_pid=3362
smb_uid=100
smb_mid=34945
smt_wct=0
smb_bcc=0
write_socket(6,39)
write_socket(6,39) wrote 39
got message type 0x0 of len 0x54
02/05/1998 18:20:28 Transaction 13 of length 88
size=84
smb_com=0x2d
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=0
smb_flg2=1
smb_tid=84
smb_pid=3362
smb_uid=100
smb_mid=35073
smt_wct=15
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=0 (0x0)
smb_vwv[2]=7 (0x7)
smb_vwv[3]=2 (0x2)
smb_vwv[4]=22 (0x16)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=776 (0x308)
smb_vwv[7]=13530 (0x34DA)
smb_vwv[8]=17 (0x11)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=0 (0x0)
smb_vwv[11]=0 (0x0)
smb_vwv[12]=0 (0x0)
smb_vwv[13]=0 (0x0)
smb_vwv[14]=0 (0x0)
smb_bcc=19
switch message SMBopenX (pid 8740)
Skipping become_user - already user
unix_clean_name [./ACL-TEST/testfile]
checking testfile for 8.3
is_in_path: acl-test/testfile
is_in_path: no name list.
unix_clean_name [acl-test/testfile]
dos_mode: 84 acl-test/testfile
is_in_path: acl-test/testfile
is_in_path: no name list.
dos_mode returning r
02/05/1998 18:20:28 error packet at line 1315 cmd=45 (SMBopenX) eclass=1 ecode=5
error string = Permission denied
size=35
smb_com=0x2d
smb_rcls=1
smb_reh=0
smb_err=5
smb_flg=128
smb_flg2=1
smb_tid=84
smb_pid=3362
smb_uid=100
smb_mid=35073
smt_wct=0
smb_bcc=0
write_socket(6,39)
write_socket(6,39) wrote 39
chdir to /dist/local/samba/var
unbecome_user now uid=(0,0) gid=(0,0)
Closing connections
02/05/1998 18:20:38 sj (192.38.55.125) closed connection to service sj-tmp
Yielding connection to 84 sj-tmp
Yielding connection to 84 STATUS.
Yield successful



More information about the samba mailing list