[Samba] urgent problem with samba 4.13 and chown/chgrp
Jason Keltz
jas at eecs.yorku.ca
Wed Feb 10 23:09:33 UTC 2021
On 2/10/2021 4:52 PM, Jeremy Allison wrote:
> On Wed, Feb 10, 2021 at 03:49:57PM -0500, Jason Keltz via samba wrote:
>> I'm trying to use chown/chgrp commands on files on NFS storage.
>>
>> Take a file "l" that I touched:
>>
>> -rw------- 1 jas tech 0 Feb 10 15:21 l
>>
>> (note that user and group mapping is working perfectly)
>>
>> % chgrp core l
>> chgrp: changing group of ‘l’: Invalid argument
>>
>> The problem is not the group:
>>
>> % getent group core
>> core:x:1001:
>>
>> % wbinfo -n 'core'
>> S-1-5-21-1981678738-1545235886-4256466701-6765 SID_DOM_GROUP (2)
>>
>> % wbinfo -Y 'S-1-5-21-1981678738-1545235886-4256466701-6765'
>> 1001
>>
>> The problem is not the user:
>>
>> % getent passwd jas
>>
>> jas:*:1004:1000::/cs/home/jas:/cs/local/bin/tcsh
>>
>> When looking at an strace of the chgrp above, I see this odd call:
>>
>> fchownat(AT_FDCWD, "l", -1, 1001, 0) = -1 EINVAL (Invalid argument)
>>
>> Where the third argument should be my uid 1004 and is instead -1.
>
> -1 means "no change".
>
> From man fchownat:
>
> "If the owner or group is specified as -1, then that ID is not changed."
>
So why would this call receive "invalid argument" then?
In fact, even crazier new discovery: Over an NFSv3 mount, it works:
fchownat(AT_FDCWD, "a", -1, 1001, 0) = 0
But over NFSv4.1 mount it fails as above. This seems like a bug
somewhere to me. IT works on NFSv3. It works on the local filesystem.
However, NFSv4.1 has a problem.
>> In smb.conf:
>>
>> idmap config * : backend = tdb
>> idmap config * : range = 1000000-1999999
>>
>> # idmap config for the EECSYORKUCA domain
>> # range should match UNIX ID in AD
>>
>> idmap config EECSYORKUCA : backend = ad
>> idmap config EECSYORKUCA : schema_mode = rfc2307
>> idmap config EECSYORKUCA : range = 1000-999999
>> idmap config EECSYORKUCA : unix_primary_group = yes
>> idmap config EECSYORKUCA : unix_nss_info = yes
>>
>> Yes, and in /etc/nsswitch.conf:
>>
>> passwd: files winbind
>> shadow: files
>> group: files winbind
>>
>> As a side note, if I try to change the ownership of the file, I get a
>> similar behaviour.
>>
>> This is a showstopper if I can't get this figured out. :( panic
>> setting in....
>>
>> (I'm positive I used chown/chgrp with 4.11 successfully.)
>
> You'll almost certainly need "root squash" on your NFS
> export.
>
> https://www.systutorials.com/how-to-allow-root-access-to-nfs/
>
> Remember, Samba does activities as root which are by
> default disallowed over NFS.
>
NFS root squash isn't needed for it to work on NFSv3.
I've tested, and NFS root squash does not solve this problem (and I know
it's active because if I touch a file as root it works as expected).
My temporary solution was incorrect. I was in the wrong directory. I
don't have a solution which is very unfortunate.
Jason.
More information about the samba
mailing list