[Samba] "unable to move extended attributes and ACL" when using mv from macOS with fruit

Andrew Berry andrew at furrypaws.ca
Sun Oct 18 20:41:01 UTC 2020


Using samba 4.11.6+dfsg-0ubuntu1.5 (shipped with Ubuntu 20.04) I'm 
having trouble with a macOS (10.15.7) client moving files to a share. 
The server is using zfs for storage, but I can replicate with ext4 too.

I spun up a test container with the following minimal config:

    log level = 7
    workgroup = WORKGROUP
    server string = %h server (Samba, Ubuntu)
    log file = /var/log/samba/log.%m
    max log size = 1000
    logging = file
    panic action = /usr/share/samba/panic-action %d
    server role = standalone server
    obey pam restrictions = yes
    unix password sync = yes
    passwd program = /usr/bin/passwd %u
    passwd chat = *Enter\snew\s*\spassword:* %n\n 
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
    pam password change = yes
    map to guest = bad user
    usershare allow guests = yes

    vfs objects = catia fruit streams_xattr

   browseable = yes
   writable = yes
   path = /home/ubuntu
   guest ok = yes
   guest only = yes
   force user = ubuntu
   force group = ubuntu

Then, I created a basic plain text file with TextEdit. It has several 
extended attributes and no ACL:

- com.apple.FinderInfo
- com.apple.TextEncoding: utf-8;134217984
- com.apple.lastuseddate#PS
- com.apple.macl
- com.apple.metadata:_kMDItemUserTags
- com.apple.metadata:kMDLabel_qjzstwnekapwazdd4yujgr6wqa

I can copy and move the file to the share with the Finder. From the 
command line, cp works fine as well. However, mv throws an error:

mv -v test.txt /Volumes/ubuntu
mv: /Volumes/ubuntu/test.txt: unable to move extended attributes and ACL 
from test.txt: Permission denied
mv: /Volumes/ubuntu/test.txt: set mode (was: 0644): Permission denied
mv: /Volumes/ubuntu/test.txt: set times: Permission denied
test.txt -> /Volumes/ubuntu/test.txt

As setting the mode fails, the file is no longer readable by the client. 
In the server logs, I see:

[2020/10/18 20:21:10.882387,  5] 
   print_impersonation_info: Impersonated user: uid=(1000,1000), 
gid=(0,1000), cwd=[/home/ubuntu]
[2020/10/18 20:21:10.882435,  5] 
   unix_convert called on file "test.txt"
[2020/10/18 20:21:10.882466,  5] 
   unix_convert begin: name = test.txt, dirpath = ., start = test.txt
[2020/10/18 20:21:10.882517,  2] 
   error reading meta xattr: Permission denied
[2020/10/18 20:21:10.882557,  5] 
   conversion of base_name finished test.txt -> test.txt
[2020/10/18 20:21:10.882609,  5] 
   check_reduced_name: test.txt reduced to /home/ubuntu/test.txt
[2020/10/18 20:21:10.882637,  5] 
   dptr_create dir=.
[2020/10/18 20:21:10.882685,  3] 
   creating new dirptr 0 for path ., expect_close = 0
[2020/10/18 20:21:10.882728,  2] 
   error reading meta xattr: Permission denied

Removing fruit fixes the problem, but I don't want to do that :)

Any ideas? I imagine my next step would be to validate against master, 
but I'd rather not do that if this is a known macOS issue.


More information about the samba mailing list