[Samba] Samba serving sshfs shares: can't delete files

TLoD,Snake snake at tsn.spb.ru
Thu Jun 2 04:33:21 MDT 2011 

On 06/02/2011 02:23 PM, TLoD,Snake wrote:
> On 06/02/2011 03:58 AM, Jeremy Allison wrote:
>> On Wed, Jun 01, 2011 at 02:02:03PM +0400, TLoD,Snake wrote:
>>> On 05/31/2011 10:26 PM, Jeremy Allison wrote:
>>>> On Tue, May 31, 2011 at 07:43:16PM +0400, TLoD,Snake wrote:
>>>>> Hello!
>>>>>
>>>>> I have samba share on my sshfs-mounted folder. All works just 
>>>>> fine except I can't delete files from sshfs unless they are in 
>>>>> 0777 chmodded directory. Even if that files were putted trough 
>>>>> smbclient. I can read files, write files (regardless their 
>>>>> directory permissions) but not delete them.
>>>>>
>>>>> Here is my share config:
>>>>>
>>>>> [myshare] comment = shre over sshfs path = 
>>>>> /home/kli/work/remotes/dev valid users = kli public = no 
>>>>> writable = yes printable = no delete readonly = yes read only
>>>>> = no force group = kli force user = kli
>>>>
>>>> Post a debug level 10 log snippet of smbclient attempting to 
>>>> delete files.
>>>
>>> [2011/06/01 13:57:16,  3] param/loadparm.c:9039(lp_load_ex) 
>>> lp_load_ex: refreshing parameters
>>
>> Sorry, this is the client log - I meant a debug level 10 log snipped 
>> from smbd when you're trying to delete files using smbclient.
>>
>> Jeremy.
> 
> I hope this is right part of logfile cause it's quite large.
> 
> [2011/06/02 14:08:00, 10] smbd/posix_acls.c:838(print_canon_ace_list)
> 
>   print_canon_ace_list: canonicalise_acl: ace entries after arrange
> 
>   canon_ace index 0. Type = allow SID = S-1-22-1-65534 uid 65534
> (nobody) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx
>   canon_ace index 1. Type = allow SID = S-1-22-2-65534 gid 65534
> (nobody) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms r--
>   canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER
> ace_flags = 0x0 perms r--
> [2011/06/02 14:08:00, 10] smbd/posix_acls.c:1116(map_canon_ace_perms)
> 
>   map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1e01ff
> 
> [2011/06/02 14:08:00, 10] smbd/posix_acls.c:1116(map_canon_ace_perms)
> 
>   map_canon_ace_perms: Mapped (UNIX) 100 to (NT) 120089
> 
> [2011/06/02 14:08:00, 10] smbd/posix_acls.c:1116(map_canon_ace_perms)
> 
>   map_canon_ace_perms: Mapped (UNIX) 100 to (NT) 120089
> 
> [2011/06/02 14:08:00, 10] smbd/open.c:113(check_open_rights)
> 
>   check_open_rights: file examplelk.ru/aaa requesting 0x10000 returning
> 0x10000 (NT_STATUS_ACCESS_DENIED)
> [2011/06/02 14:08:00, 10] smbd/posix_acls.c:3372(posix_get_nt_acl)
> 
>   posix_get_nt_acl: called for file examplelk.ru
> 
> [2011/06/02 14:08:00, 10] smbd/posix_acls.c:2522(canonicalise_acl)
> 
>   canonicalise_acl: Access ace entries before arrange :
> 
> [2011/06/02 14:08:00, 10] smbd/posix_acls.c:2535(canonicalise_acl)
> 
>   canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER
> ace_flags = 0x0 perms r-x
> [2011/06/02 14:08:00, 10] smbd/posix_acls.c:2535(canonicalise_acl)
> 
>   canon_ace index 1. Type = allow SID = S-1-22-2-65534 gid 65534
> (nobody) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms r-x
> [2011/06/02 14:08:00, 10] smbd/posix_acls.c:2535(canonicalise_acl)
> 
>   canon_ace index 2. Type = allow SID = S-1-22-1-65534 uid 65534
> (nobody) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx
> [2011/06/02 14:08:00, 10] smbd/posix_acls.c:838(print_canon_ace_list)
> 
>   print_canon_ace_list: canonicalise_acl: ace entries after arrange
> 
>   canon_ace index 0. Type = allow SID = S-1-22-1-65534 uid 65534
> (nobody) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx
>   canon_ace index 1. Type = allow SID = S-1-22-2-65534 gid 65534
> (nobody) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms r-x
>   canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER
> ace_flags = 0x0 perms r-x
> [2011/06/02 14:08:00, 10] smbd/posix_acls.c:1116(map_canon_ace_perms)
> 
>   map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff
> 
> [2011/06/02 14:08:00, 10] smbd/posix_acls.c:1116(map_canon_ace_perms)
> 
>   map_canon_ace_perms: Mapped (UNIX) 140 to (NT) 1200a9
> 
> [2011/06/02 14:08:00, 10] smbd/posix_acls.c:1116(map_canon_ace_perms)
> 
>   map_canon_ace_perms: Mapped (UNIX) 140 to (NT) 1200a9
> 
> [2011/06/02 14:08:00, 10] smbd/open.c:496(open_file)
> 
>   open_file: Access denied on file examplelk.ru/aaa
> 
> [2011/06/02 14:08:00, 10] lib/dbwrap_tdb.c:42(db_tdb_record_destr)
> 
>   Unlocking key 0E000000000000005C70
> 
> [2011/06/02 14:08:00,  5] smbd/files.c:474(file_free)
> 
>   freed files structure 4932 (0 used)
> 
> [2011/06/02 14:08:00, 10] smbd/open.c:3186(create_file_unixpath)
> 
>   create_file_unixpath: NT_STATUS_ACCESS_DENIED
> 
> [2011/06/02 14:08:00, 10] smbd/open.c:3465(create_file_default)
> 
>   create_file: NT_STATUS_ACCESS_DENIED
> 
> [2011/06/02 14:08:00, 10] smbd/reply.c:2402(do_unlink)
> 
>   SMB_VFS_CREATEFILE failed: NT_STATUS_ACCESS_DENIED
> 
> [2011/06/02 14:08:00,  3] smbd/error.c:60(error_packet_set)
> 
>   error packet at smbd/reply.c(2637) cmd=6 (SMBunlink)
> NT_STATUS_ACCESS_DENIED

Also I think I have to say that all files on remote server are owned by
remote server's 'nobody'. As I saw in logfile samba tries to locate such
a nobody locally which is wrong cause sshfs will handle translation
local user (any local user due to 'allow_other' option) to remote nobody
(as it's mounted with remote nobody rights) itself.

More information about the samba mailing list