[Samba] Unable to delete dangling symbolic link with "map readonly=permissions"

Rowland Penny rpenny at samba.org
Thu Nov 4 12:53:20 UTC 2021


On Thu, 2021-11-04 at 12:14 +0000, Adam Thorn via samba wrote:
> I am running a samba server on Ubuntu 20.04 version 
> 4.11.6+dfsg-0ubuntu1.10 . If I create a symlink to an non-existing 
> target with "ln -s doesnotexist brokenlink" and then try to delete
> the 
> symlink, it fails:
> 
> $ rm brokenlink
> rm: cannot remove 'brokenlink': No such file or directory
> 
> My full smb.conf is below, but the key setting appears to be "store
> dos 
> attributes = No, map readonly = permissions".
> 
> If I instead set "map readonly = yes" I am able to delete the broken 
> symlink successfully.
> 
> I have also tried the same steps on a server running Ubuntu 16.04, 
> 4.3.11+dfsg-0ubuntu0.16.04.34 . There, I am able to successfully
> delete 
> the symlink regardless of the "map readonly" value.
> 
> This is the samba conversation as dissected by wireshark with "map 
> readonly = permissions":
> 
> Trans2 Request, QUERY_PATH_INFO, Query File Unix Basic, Path:
> /brokenlink
> Trans2 Response, QUERY_PATH_INFO
> Trans2 Request, SET_PATH_INFO, Path: /brokenlink
> Trans2 Response, SET_PATH_INFO, Error: STATUS_CANNOT_DELETE
> Delete Request, Path: /brokenlink
> Delete Response, Error: STATUS_CANNOT_DELETE
> Trans2 Request, SET_PATH_INFO, Path: /brokenlink
> Trans2 Response, SET_PATH_INFO, Error: STATUS_OBJECT_NAME_NOT_FOUND
> 
> When I set "map readonly = yes", I instead see:
> 
> Trans2 Request, QUERY_PATH_INFO, Query File Unix Basic, Path:
> Trans2 Response, QUERY_PATH_INFO
> Trans2 Request, QUERY_PATH_INFO, Query File Unix Basic, Path:
> /brokenlink
> Trans2 Response, QUERY_PATH_INFO
> Trans2 Request, SET_PATH_INFO, Path: /brokenlink
> Trans2 Response, SET_PATH_INFO
> 
> I can provide the full tcpdump from both of those conversations if
> useful.
> 
> Client info: Ubuntu 18.04, samba 4.7.6+dfsg~ubuntu-0ubuntu2.23
> 
> client mount options: 
> rw,relatime,vers=1.0,cache=strict,username=alt36,domain=AD,uid=$UID,f
> orceuid,gid=$GID,forcegid,addr=$IP,soft,unix,posixpaths,serverino,map
> chars,nobrl,acl,rsize=1048576,wsize=65536,echo_interval=60,actimeo=1
> 
> My samba config as displayed by testparm is below, with minor
> redactions
> 
> [global]
>          allow insecure wide links = Yes
>          disable spoolss = Yes
>          dns proxy = No
>          idmap gid = 1000 - 300000000
>          idmap uid = 1000 - 300000000
>          interfaces = $CIDR
>          load printers = No
>          local master = No
>          log file = /var/run/samba/smb-logs/%i/%U_%M.log
>          max log size = 500000
>          obey pam restrictions = Yes
>          pam password change = Yes
>          preferred master = No
>          printcap name = /dev/null
>          raw NTLMv2 auth = Yes
>          realm = $REALM
>          security = ADS
>          server min protocol = NT1
>          syslog = 0
>          template homedir = /home/%U
>          template shell = /bin/bash
>          unix password sync = Yes
>          winbind enum groups = Yes
>          winbind enum users = Yes
>          winbind separator = +
>          winbind use default domain = Yes
>          workgroup = AD
>          idmap config ad:range = 1000 - 300000000
>          idmap config ad:schema_mode = rfc2307
>          idmap config ad:default = yes
>          idmap config ad:backend = ad
>          idmap config * : range = 1000 - 300000000
>          idmap alloc config:range = 500 - 999
>          idmap config * : backend = tdb
>          printing = bsd
>          wide links = Yes
> 
> [testhome]
>          acl group control = Yes
>          create mask = 0644
>          force unknown acl user = Yes
>          inherit acls = Yes
>          inherit owner = windows and unix
>          inherit permissions = Yes
>          map acl inherit = Yes
>          map archive = No
>          map readonly = permissions
>          path = /data/group/alt36/general/people/%U/home
>          read only = No
>          store dos attributes = No
>          valid users = alt36
>          vfs objects = shadow_copy2
>          shadow:localtime = yes
>          shadow:format = %s
>          shadow:snapdir = .zfs/snapshot
>          shadow:sort = desc

I am sorry, but that smb.conf is terminally borked, there is so much
wrong with it, I do not know where to start.

Please read 'man idmap_ad' , 'man smb.conf' and this wikipage:

https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member

Rowland





More information about the samba mailing list