[Samba] Samba ACL bug?

H.Kitagawa fj6521er at aa.jp.fujitsu.com
Tue Jan 30 06:50:57 GMT 2007


Hi Jerrry

----- Original Message ----- 
From: "Gerald (Jerry) Carter" <jerry at samba.org>
To: "H.Kitagawa" <fj6521er at aa.jp.fujitsu.com>
Cc: <samba at lists.samba.org>
Sent: Tuesday, January 30, 2007 2:05 PM
Subject: Re: [Samba] Samba ACL bug?


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hiro,
>
> > [root at sambaSV pub]# getfacl testfolder
> > # file: testfolder
> > # owner: KITA at fjsv002
> > # group: KITA at domain\040users
> > user::rwx
> > mask::rwx
> > mask::rwx
> > other::---
>
> Any idea why the mask listed twice here.

I do not understand the reason why the mask is listed two times.

> What file system is this?

We are using vxfs(VERITAS).

>
> > default:user::rwx
> > default:group::rwx
> > default:group:KITA at domain\040users:rwx
> > default:mask::rwx
> > default:other::---
> >
> > Then, the member of the Domain Users group became inaccessible
> > the folder.
> >
>
> The default aces are not used to determine access to a folder.
> Only for files and subfolders created within the directory.
> So that shouldn't make any difference.  I would suggest
> looking at a level 10 debug log from smbd and seeing
> the root cause of the ACCESS_DENIED error.
>

I gathered the log with leve10.


LOG1.
It is a log when accessing it from the this server.

[root at sambaSV pub]# smbclient '//sambaSV/SMBpublic' -U fjsv003
Password:
Domain=[KITA] OS=[Unix] Server=[Samba 3.0.21b-2]
smb: \> cd testfolder
smb: \testfolder\> ls
NT_STATUS_ACCESS_DENIED listing \testfolder\*


[2007/01/30 14:55:59, 5] smbd/uid.c:change_to_user(309)
  change_to_user uid=(10002,10002) gid=(0,10000)
[2007/01/30 14:55:59, 3] smbd/trans2.c:call_trans2findfirst(1632)
  call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=0, close_if_end = 2 requires_resume_key = 4 l
evel = 0x104, max_data_bytes = 16644
[2007/01/30 14:55:59, 5] smbd/filename.c:unix_convert(108)
  unix_convert called on file "testfolder/*"
[2007/01/30 14:55:59, 10] smbd/statcache.c:stat_cache_lookup(215)
  stat_cache_lookup: lookup failed for name [TESTFOLDER/*]
[2007/01/30 14:55:59, 10] smbd/statcache.c:stat_cache_lookup(248)
  stat_cache_lookup: lookup succeeded for name [TESTFOLDER] -> [testfolder]
[2007/01/30 14:55:59, 5] smbd/filename.c:unix_convert(185)
  unix_convert begin: name = testfolder/*, dirpath = testfolder, start = *
[2007/01/30 14:55:59, 10] smbd/mangle_hash2.c:is_mangled(276)
  is_mangled * ?
[2007/01/30 14:55:59, 10] smbd/mangle_hash2.c:is_mangled_component(215)
  is_mangled_component * (len 1) ?
[2007/01/30 14:55:59, 10] smbd/mangle_hash2.c:is_mangled(276)
  is_mangled * ?
[2007/01/30 14:55:59, 10] smbd/mangle_hash2.c:is_mangled_component(215)
  is_mangled_component * (len 1) ?
[2007/01/30 14:55:59, 5] smbd/filename.c:unix_convert(335)
  New file *
[2007/01/30 14:55:59, 5] smbd/trans2.c:call_trans2findfirst(1688)
  dir=testfolder, mask = *
[2007/01/30 14:55:59, 5] smbd/dir.c:dptr_create(391)
  dptr_create dir=testfolder
[2007/01/30 14:55:59, 5] smbd/dir.c:OpenDir(1033)
  OpenDir: Can't open testfolder. Permission denied
2007/01/30 14:55:59, 3] smbd/error.c:unix_error_packet(90)
  unix_error_packet: error string = Permission denied
[2007/01/30 14:55:59, 3] smbd/error.c:error_packet(146)
  error packet at smbd/trans2.c(1742) cmd=50 (SMBtrans2) NT_STATUS_ACCESS_DENIED



LOG2.
This is a log when accessing it from the Windows client.

[2007/01/30 15:03:33, 3] smbd/process.c:switch_message(993)
  switch message SMBntcreateX (pid 6872) conn 0xa06d258
[2007/01/30 15:03:33, 4] smbd/uid.c:change_to_user(222)
  change_to_user: Skipping user change - already user
[2007/01/30 15:03:33, 10] smbd/nttrans.c:reply_ntcreate_and_X(506)
  reply_ntcreateX: flags = 0x16, access_mask = 0x20089 file_attributes = 0x80, share_access = 0x7, create_disposition =
0x1 create_options = 0x0 root_dir_fid = 0x0
[2007/01/30 15:03:33, 5] smbd/filename.c:unix_convert(108)
  unix_convert called on file "testfolder"
[2007/01/30 15:03:33, 10] smbd/statcache.c:stat_cache_lookup(248)
  stat_cache_lookup: lookup succeeded for name [TESTFOLDER] -> [testfolder]
[2007/01/30 15:03:33, 2] smbd/dosmode.c:unix_mode(70)
  unix_mode(testfolder) inheriting from .
[2007/01/30 15:03:33, 2] smbd/dosmode.c:unix_mode(78)
  unix_mode(testfolder) inherit mode 40770
[2007/01/30 15:03:33, 3] smbd/dosmode.c:unix_mode(121)
  unix_mode(testfolder) returning 0760
[2007/01/30 15:03:33, 10] smbd/open.c:open_file_ntcreate(1110)
  open_file_ntcreate: fname=testfolder, dos_attrs=0x80 access_mask=0x20089 share_access=0x7 create_disposition = 0x1 cre
ate_options=0x0 unix mode=0760 oplock_request=3
[2007/01/30 15:03:33, 8] smbd/dosmode.c:dos_mode(300)
  dos_mode: testfolder
[2007/01/30 15:03:33, 8] smbd/dosmode.c:dos_mode_from_sbuf(167)
  dos_mode_from_sbuf returning d
[2007/01/30 15:03:33, 8] smbd/dosmode.c:dos_mode(334)
  dos_mode returning d
[2007/01/30 15:03:33, 10] smbd/open.c:open_file_ntcreate(1278)
  open_file_ntcreate: fname=testfolder, after mapping access_mask=0x20089
[2007/01/30 15:03:33, 5] smbd/files.c:file_new(128)
  allocated file structure 537, fnum = 4633 (2 used)
[2007/01/30 15:03:33, 4] smbd/open.c:open_file_ntcreate(1509)
  calling open_file with flags=0x0 flags2=0x0 mode=0760
[2007/01/30 15:03:33, 10] smbd/open.c:fd_open(55)
  fd_open: name testfolder, flags = 00 mode = 0760, fd = -1. Permission denied
[2007/01/30 15:03:33, 3] smbd/open.c:open_file(294)
  Error opening file testfolder (Permission denied) (local_flags=0) (flags=0)
[2007/01/30 15:03:33, 5] smbd/files.c:file_free(450)
  freed files structure 4633 (1 used)
[2007/01/30 15:03:33, 10] smbd/trans2.c:set_bad_path_error(2621)
  set_bad_path_error: err = 13 bad_path = 0
[2007/01/30 15:03:33, 3] smbd/error.c:unix_error_packet(90)
  unix_error_packet: error string = Permission denied
[2007/01/30 15:03:33, 3] smbd/error.c:error_packet(146)
  error packet at smbd/trans2.c(2630) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED

Are more a lot of logs necessary?

>
>
>
> cheers, jerry
> =====================================================================
> Samba                                    ------- http://www.samba.org
> Centeris                         -----------  http://www.centeris.com
> "What man is a man who does not make the world better?"      --Balian
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2.2 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFFvtIrIR7qMdg1EfYRAk1HAJ4wN/V2dOtksgEDGoVKZhdCNHMyegCgrxFF
> gWbdDPOh+8JwxrxRBtPt3oA=
> =MRuR
> -----END PGP SIGNATURE-----
>




More information about the samba mailing list