[Samba] Samba 4 slow write

Ervin Hegedüs airween at gmail.com
Mon Apr 20 00:14:29 MDT 2015


Hi Jones,

many thanks for your reply.

Yepp, I'm using ACL's (Posix ACL's) on filesystem to regulate the
access of users for files and directories.

Do you mean that this is the "normal" way? These geteuid and
getegid system calls are so slow?

On the previous system (Debian Wheezy, Samba 3) I've also used
ACL's, but there were much faster than this...

What should be the solution? Do you have any idea?


Thanks,


Ervin


On Mon, Apr 20, 2015 at 10:48:37AM +0800, Jones Syue wrote:
> Hello Ervin,
>> 
> On Sat, Apr 18, 2015 at 5:01 PM, Ervin Hegedüs <airween at gmail.com> wrote:
> 
> >
> > Why faster the Samba for users, who listed in "admin users" in
> > smb.conf?
> 
> 
> 
> Hmm looks like earlier return for users with root permission,
> so admin users would not go through SMB_VFS_GET_NT_ACL(),
> which takes more time on permission checking.[1]
> 
> Non-admin users would go through SMB_VFS_GET_NT_ACL(),
> and finally would reach getegid() and geteuid().[2]
> 
> Hence strace said the top 2 records are getegid() and geteuid().
> 
> 
> [1] code snippet:
> NTSTATUS smbd_check_access_rights(struct connection_struct *conn,
> ...
>         if (!use_privs && get_current_uid(conn) == (uid_t)0) {
>                 /* I'm sorry sir, I didn't know you were root... */
>                 DEBUG(10,("smbd_check_access_rights: root override "
>                         "on %s. Granting 0x%x\n",
>                         smb_fname_str_dbg(smb_fname),
>                         (unsigned int)access_mask ));
>                 return NT_STATUS_OK;
>         }
> ...
> status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
> (SECINFO_OWNER |
> SECINFO_GROUP |
>  SECINFO_DACL), talloc_tos(), &sd);
> 
> ​[2]​ perf top call graph:
> 
> ​1.49% libc-2.6.1.so    [.] __geteuid
>       |
>       --- __geteuid
>           uwrap_geteuid
>           assert_uid
>           set_unix_security_ctx
>           set_sec_ctx
>           set_root_sec_ctx
>           smbd_become_root
>           legacy_gid_to_sid
>           gid_to_sid
>           create_file_sids
>           posix_get_nt_acl_common
>           posix_get_nt_acl
>           vfswrap_get_nt_acl
>           smb_vfs_call_get_nt_acl
>           smbd_check_access_rights
> 
> 1.22% libc-2.6.1.so    [.] __getegid
>       |
>       --- __getegid
>           uwrap_getegid
>           assert_gid
>           set_unix_security_ctx
>           set_sec_ctx
>           set_root_sec_ctx
>           smbd_become_root
>           become_root
>           pdb_default_uid_to_sid
>           pdb_uid_to_sid
>           legacy_uid_to_sid
>           uid_to_sid
>           create_file_sids
>           posix_get_nt_acl_common
>           posix_get_nt_acl
>           vfswrap_get_nt_acl
>           smb_vfs_call_get_nt_acl
>           smbd_check_access_rights​
> 
> --
> Regards,
> Jones Syue | 薛懷宗
> *QNAP* Systems,Inc. <http://www.qnap.com/>
>


More information about the samba mailing list