[Samba] Samba vs Linux file permissions

John Maher john at chem.umass.edu
Fri Jun 3 12:11:48 MDT 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On 06/03/2011 01:18 PM, Robert W. Smith wrote:

...

> John,
> 
> To get back to your issue at hand...Can we see the output of your
> logs--the entire delete/rename transactions? 

Bob, thanks for your continued interest and help.

Here is log level = 3 output when trying to change a file within the
/labs/chemgroup/jmaher directory from the name "orig_name" to "new_name":

- -----BEGIN-----
[2011/06/03 13:29:55,  3] smbd/process.c:1459(process_smb)
  Transaction 243 of length 114 (0 toread)
[2011/06/03 13:29:55,  3] smbd/process.c:1273(switch_message)
  switch message SMBmv (pid 8361) conn 0x7fdd852635e0
[2011/06/03 13:29:55,  3] smbd/reply.c:6263(reply_mv)
  reply_mv : jmaher/orig_name -> jmaher/new_name
[2011/06/03 13:29:55,  3] smbd/reply.c:5981(rename_internals)
  rename_internals: case_sensitive = 1, case_preserve = 1, short case
preserve = 1, directory = jmaher/orig_name, newname = jmaher/new_name,
last_component_dest = new_name
[2011/06/03 13:29:55,  3] smbd/vfs.c:865(check_reduced_name)
  reduce_name [jmaher/orig_name] [/labs/chemgroup]
[2011/06/03 13:29:55,  3] smbd/vfs.c:974(check_reduced_name)
  reduce_name: jmaher/orig_name reduced to /labs/chemgroup/jmaher/orig_name
[2011/06/03 13:29:55,  3] smbd/dosmode.c:149(unix_mode)
  unix_mode(jmaher/orig_name) returning 0660
[2011/06/03 13:29:55,  3] smbd/vfs.c:865(check_reduced_name)
  reduce_name [jmaher/orig_name] [/labs/chemgroup]
[2011/06/03 13:29:55,  3] smbd/vfs.c:974(check_reduced_name)
  reduce_name: jmaher/orig_name reduced to /labs/chemgroup/jmaher/orig_name
[2011/06/03 13:29:55,  3] smbd/reply.c:6030(rename_internals)
  Could not open rename source jmaher/orig_name: NT_STATUS_ACCESS_DENIED
[2011/06/03 13:29:55,  3] smbd/error.c:60(error_packet_set)
  error packet at smbd/reply.c(6273) cmd=7 (SMBmv) NT_STATUS_ACCESS_DENIED
- -----END-----

And this is output when I change the file system permissions to drwxrwx---:

- -----BEGIN-----
[2011/06/03 13:37:19,  3] smbd/process.c:1459(process_smb)
  Transaction 244 of length 114 (0 toread)
[2011/06/03 13:37:19,  3] smbd/process.c:1273(switch_message)
  switch message SMBmv (pid 8361) conn 0x7fdd852635e0
[2011/06/03 13:37:19,  3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (10448, 10001) - sec_ctx_stack_ndx = 0
[2011/06/03 13:37:19,  3] smbd/reply.c:6263(reply_mv)
  reply_mv : jmaher/orig_name -> jmaher/new_name
[2011/06/03 13:37:19,  3] smbd/reply.c:5981(rename_internals)
  rename_internals: case_sensitive = 1, case_preserve = 1, short case
preserve = 1, directory = jmaher/orig_name, newname = jmaher/new_name,
last_component_dest = new_name
[2011/06/03 13:37:19,  3] smbd/vfs.c:865(check_reduced_name)
  reduce_name [jmaher/orig_name] [/labs/chemgroup]
[2011/06/03 13:37:19,  3] smbd/vfs.c:974(check_reduced_name)
  reduce_name: jmaher/orig_name reduced to /labs/chemgroup/jmaher/orig_name
[2011/06/03 13:37:19,  3] smbd/dosmode.c:149(unix_mode)
  unix_mode(jmaher/orig_name) returning 0660
[2011/06/03 13:37:19,  3] smbd/vfs.c:865(check_reduced_name)
  reduce_name [jmaher/orig_name] [/labs/chemgroup]
[2011/06/03 13:37:19,  3] smbd/vfs.c:974(check_reduced_name)
  reduce_name: jmaher/orig_name reduced to /labs/chemgroup/jmaher/orig_name
[2011/06/03 13:37:19,  2] smbd/open.c:580(open_file)
  jmaher opened file jmaher/orig_name read=No write=No (numopen=1)
[2011/06/03 13:37:19,  3] smbd/vfs.c:865(check_reduced_name)
  reduce_name [jmaher/new_name] [/labs/chemgroup]
[2011/06/03 13:37:19,  3] smbd/vfs.c:974(check_reduced_name)
  reduce_name: jmaher/new_name reduced to /labs/chemgroup/jmaher/new_name
[2011/06/03 13:37:19,  3] smbd/reply.c:5816(rename_internals_fsp)
  rename_internals_fsp: succeeded doing rename on jmaher/orig_name ->
jmaher/new_name
[2011/06/03 13:37:19,  2] smbd/close.c:612(close_normal_file)
  jmaher closed file jmaher/new_name (numopen=0) NT_STATUS_OK
[2011/06/03 13:37:19,  3] smbd/reply.c:6041(rename_internals)
  rename_internals: Error NT_STATUS_OK rename jmaher/orig_name ->
jmaher/new_name
[2011/06/03 13:37:19,  3] smbd/process.c:1459(process_smb)
  Transaction 245 of length 112 (0 toread)
[2011/06/03 13:37:19,  3] smbd/process.c:1273(switch_message)
  switch message SMBtrans2 (pid 8361) conn 0x7fdd852635e0
[2011/06/03 13:37:19,  3] smbd/trans2.c:3956(call_trans2qfilepathinfo)
  call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 263
[2011/06/03 13:37:19,  3] smbd/vfs.c:865(check_reduced_name)
  reduce_name [jmaher/new_name] [/labs/chemgroup]
[2011/06/03 13:37:19,  3] smbd/vfs.c:974(check_reduced_name)
  reduce_name: jmaher/new_name reduced to /labs/chemgroup/jmaher/new_name
[2011/06/03 13:37:19,  3] smbd/trans2.c:4070(call_trans2qfilepathinfo)
  call_trans2qfilepathinfo jmaher/new_name (fnum = -1) level=263 call=5
total_data=0
- -----END-----

> 
> Is this server a PDC, BDC or other? Are there any Windows server part of
> this domain? Are you using winbind? What is the output of wbinfo -i
> username?

No domain is in use, so no controllers and no Windows servers.

I just realized the winbind was running, but if I understand it's
purpose correctly, we don't need it if we aren't using a domain. So I
just stopped it.  (Didn't change anything in terms of ability to change
file names and delete files.)

$ wbinfo -i jmaher
Could not get info for user jmaher

This output was the same before and after stopping winbind.

Question: With the simplest of share configurations, should a user be
able to write to a share's folder for which they have file system
permissions (rwx and owner of the directory) and they are a valid user
in the share config (like valid user = jmaher), or is extensive mapping
and permission massaging always required?  What if the folder they
connect to has permissions drwx------ with them as the owner?  It seems
as if the group is taken into account regardless of whether the user
owns the directory.

I'm still trying to absorb comments from Jeremy regarding mapping.

Thanks.
John


> 
> Bob
> --bs
> 
> 

- -- 
* - - - - * - - - - * - - - - * - - - - * - - - - * - - - - * - - - - *
John Maher
Senior Systems and Network Administrator
Department of Biochemistry & Molecular Biology and
Department of Chemistry
University of Massachusetts - Amherst
voice: 413-577-3120  fax: 413-545-4490
OpenPGP Key ID: 0x2970A144
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk3pI+QACgkQG+X1pClwoUTV2QCgku84v73gFI38E9Dm2/OiYESf
fi4An15K8A8X9bXd2lOjXP51ZIQtKm/h
=HlS8
-----END PGP SIGNATURE-----


More information about the samba mailing list