[Samba] Virus checker leaving "chmod of" files in samba log
Sullivan, James (NIH/CIT)
sullivan at mail.nih.gov
Tue Jul 20 18:54:59 GMT 2004
I have some more information and a possible clue to
what is going on here.
1) The "chmod" was only happening to files that I did not own.
2) These files were on Samba shares that I had write access to.
Readonly shares did not give me this behavior on any file.
Writable shares only gave me this behavior on files I did not own.
This behavior was noted in the archives:
http://lists.samba.org/archive/samba/2003-March/063621.html
and
http://lists.samba.org/archive/samba-technical/2003-November/032624.html
with the first reference stating the following:
-----
When the laptop user connects to the network, and starts to synchronize,
the synchronization fails with "NT_STATUS_ACCESS_DENIED". A bit of tracing
through debugging output show that:
* Synchronization fails only on files not owned by the laptop owner
* The laptop user is in the correct unix group to read and write these
files, and smbd knows this.
* Some packet dumping shows that the actual point of failure comes when
the laptop issues a SET_FILE_INFORMATION request.
It looks like XP is trying to set the mode of the files (even though it
doesn't need to). Samba is "doing the right thing" and translates this into
a chmod call, which fails correctly due to the file owner not being the
laptop user.
-----
Now I was running a Virus Scanner and not synchronizing my
files (knowingly), but the behavior is the same and repeatable.
I'm guessing that the virus scanner is performing a syncronization
during its scanning. Anyway, it seems harmless but really clogs
the logs at debug level 2!
Any other pointers appreciated. It appears harmless but will be
keeping my eye on it.
-Jim
-----Original Message-----
From: Sullivan, James (NIH/CIT)
Sent: Tuesday, July 20, 2004 1:09 PM
To: 'samba at lists.samba.org'
Subject: [Samba] Virus checker leaving "chmod of" files in samba log
Hi all,
I am running a Samba 3.0.0-14.3E server on a RedHat Enterprise WS3.
Here's the problem:
When I am connected from my PC (Windows 2000) and run the
MacAffee v4.5.1 virus scanner on the connected share, I see the following
in the Samba log file (debug level=2) for what appears to be each file in
the share:
[2004/07/20 13:02:51, 2] smbd/open.c:open_file(250)
sullivan opened file media/._media1.pov read=Yes write=No (numopen=1)
[2004/07/20 13:02:51, 2] smbd/close.c:close_normal_file(228)
sullivan closed file media/._media1.pov (numopen=0)
[2004/07/20 13:02:51, 2] smbd/open.c:open_file(250)
sullivan opened file media/._media1.pov read=Yes write=No (numopen=1)
[2004/07/20 13:02:51, 2] smbd/close.c:close_normal_file(228)
sullivan closed file media/._media1.pov (numopen=0)
[2004/07/20 13:02:51, 2] smbd/open.c:open_file(250)
sullivan opened file media/._media1.pov read=Yes write=No (numopen=1)
[2004/07/20 13:02:51, 2] smbd/trans2.c:call_trans2setfilepathinfo(3091)
chmod of media/._media1.pov failed (Operation not permitted)
[2004/07/20 13:02:51, 2] smbd/close.c:close_normal_file(228)
sullivan closed file media/._media1.pov (numopen=0)
[2004/07/20 13:02:51, 2] smbd/open.c:open_file(250)
sullivan opened file media/._media1.pov read=No write=Yes (numopen=1)
[2004/07/20 13:02:51, 2] smbd/close.c:close_normal_file(228)
sullivan closed file media/._media1.pov (numopen=0)
[2004/07/20 13:02:51, 2] smbd/open.c:open_file(250)
Note the
"chmod of media/._media1.pov failed (Operation not permitted)"
line.
Does anyone know what the virus scanner is trying to do?
-Jim
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list