[Samba] Unexpected "Access Denied"
David John Robinson
drobin at au1.ibm.com
Wed Sep 14 19:12:31 MDT 2011
Background:
This situation is using Rational ClearCase in a situation with server on
Solaris 10
and clients on a mixture of Windows XP and Windows 7, with access to the
VOB (repository) enabled via Samba version: 3.4.9
Users are getting a consistent error with a specific ClearCase operation
(Add to Source Control), which we have traced to a Samba interaction.
The issue:
For the interaction described, I need to know is it
a) Working as Designed (would then like to understand why it is designed
that way)
b) defective
c) dependent on Samba config/compile options (would then want to know
which options control the behaviour)
The file:
-r--r----- 1 cc_admin cc_users 5 Aug 1 16:29
/data01/vobstore/vobs_test_special.vbs/c/cdft/1c/19/1045e69c222a4a92bc1d733ec7cb1d6a
The Samba connection made (log message):
141.11.249.110 (141.11.249.110) connect to service data01 initially as
user rivacl (uid=20213, gid=9007) (pid 14214)
GID 9007 is "cc_users"
Microsoft Process Monitor / Network Trace shows that file access succeeds
for "Generic Read" on the UNC path
--- snip from process monitor event properties ----
Result: SUCCESS
Desired Access: Generic Read
Disposition: Open
Options: Synchronous IO Alert
----------------------------------
The failing operation is
--- process monitor event properties ----
Date & Time: 27/07/2011 5:18:03 PM
Event Class: File System
Operation: CreateFile
Result: ACCESS DENIED
Path: \\MYSERVER
.MYORG.com\data01\vobstore\vobs_test_special.vbs\c\cdft\20\3a\2fd3179605c4436d83180c065bc59c67
TID: 4112
Duration: 0.0008641
Desired Access: Read EA, Read Attributes, Read Control, Synchronize
Disposition: Open
Options: Synchronous IO Non-Alert
Attributes: n/a
ShareMode: Read, Write, Delete
AllocationSize: n/a
----------------------------------
This gets passed to the network as (flags same on request as response)
1622 00:55:07.589682 192.11.249.139
192.11.248.155 SMB NT Create AndX Request, Path:
\vobstore\vobs_test_special.vbs\c\cdft\1c\19\1045e69c222a4a92bc1d733ec7cb1d6a
Create Flags: 0x00000010
....... .... .... .... .... .... ...1 .... = Extended Response: Extended
responses required
....... .... .... .... .... .... .... 0... = Create Directory: Target of
open can be a file
....... .... .... .... .... .... .... .0.. = Batch Oplock: Does NOT
request batch oplock
....... .... .... .... .... .... .... ..0. = Exclusive Oplock: Does NOT
request oplock
Access Mask: 0x00120088
....... .... ...1 .... .... .... .... .... = Synchronize: Can wait on
handle to SYNCHRONIZE on completion of I/O
....... .... .... ..1. .... .... .... .... = Read Control: READ ACCESS to
owner, group and ACL of the SID
....... .... .... .... .... .... 1... .... = Read Attributes: READ
ATTRIBUTES access
....... .... .... .... .... .... .... 1... = Read EA: READ EXTENDED
ATTRIBUTES access
Share Access: 0x00000007 SHARE_DELETE SHARE_WRITE SHARE_READ
1623 00:55:07.590514 192.11.248.155
192.11.249.139 SMB NT Create AndX Response, FID:
0x0000, Error: STATUS_ACCESS_DENIED
----------------------------
The request succeeds when the file permissions are 444 but fails when they
are 440
The connection resolves to being in the same group as the file, so it
seems to me the world readable bit should be irrelevant.
FYI attaching the output of "testparm -v -s"
Thanks you for any help you can give.
David
Every act is an act of self-definition.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: testparam_res.txt
URL: <http://lists.samba.org/pipermail/samba/attachments/20110915/34c0f93e/attachment.txt>
More information about the samba
mailing list