Oliver Freyd
2010-May-28 14:45 UTC
[Samba] samba 3.5.3: loads of errors copying some simple ACLs with robocopy
Maybe I'm doing somthing really stupid, but while copying some windows share onto a samba server, on some random subdirectory robocopy says ERROR 87 (0x00000057) Copying NTFS Security to Destination Directory... The samba logfile has lots of these lines. modules/vfs_posixacl.c:349(smb_acl_to_posix) smb_acl_to_posix: ACL is invalid for set (Das Argument ist ung?ltig) The strange thing is that the same configuration worked with samba-3.4.8 (from lenny-backports, on lenny, with the lenny kernel). The samba3.5.3 is the sernet-samba, on lenny, with lenny kernel (2.6.26). The ACL on the files to be copied are really simple, just Everyone/Full Control, and "netzadmin"/Full Control. That user is admin user on the samba machine, and is the user doing the robocopy on a windows XP machine. The filesystem is ext3, mounted with acl,user_xattr. testparm says: workgroup = XXXXX netbios name = SERVER2 passdb backend = ldapsam:ldap://127.0.0.1 passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* . username map = /etc/samba/smbusers syslog = 0 log file = /var/log/samba/machines/log.%m max log size = 1000 name resolve order = wins bcast host socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add user script = /usr/sbin/smbldap-useradd -m '%u' add group script = /usr/sbin/smbldap-groupadd '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -w "%u" logon script = scripts\logon.cmd logon path domain logons = Yes os level = 60 domain master = No dns proxy = No wins server = 192.168.0.38 ldap admin dn = cn=admin,dc=xxxxx,dc=com ldap group suffix = ou=groups ldap idmap suffix = ou=idmap ldap machine suffix = ou=machines ldap passwd sync = yes ldap suffix = dc=xxxxx,dc=com ldap ssl = no ldap timeout = 20 ldap user suffix = ou=users add share command = /usr/bin/touch /tmp/test panic action = /usr/share/samba/panic-action %d idmap backend = ldap:ldap://127.0.0.1 idmap uid = 15000-20000 idmap gid = 15000-20000 admin users = netzadmin ea support = Yes map acl inherit = Yes [netlogon] comment = Network Logon Share path = /data/netlogon browseable = No locking = No [Installations] comment = Installations path = /data/h/Installations read only = No create mask = 0770 directory mask = 0770 force unknown acl user = Yes inherit permissions = Yes inherit acls = Yes ... BTW, using the vfs objects = acl_xattr gives less of these ERROR 87 lines. Don't know if this is helpful, I'll go back to samba-3.4.8 for now...
Oliver Freyd
2010-Jun-04 14:09 UTC
[Samba] samba 3.5.3: loads of errors copying some simple ACLs with robocopy
I've run the same test again with loglevel 10 (shudder), and sifted through the logfile. below is a part of it. To me it seems that samba, and the vfs_acl_xattr module mangles the ACL and in the end acl_valid() finds the acl is invalid. In the logfile I see 2 entries ACL_USER_OBJ for uid netzadmin, and one more as ACL_USER, for the same user. The duplicate entry seems to be invalid, also, the man page of acl_valid says that an ACL_MASK entry is required if an ACL_USER or ACL_GROUP is present... Anyway, hopefully is log dump is helpful... -------------------------------------------------------------------- [2010/06/04 16:12:09.917488, 5] auth/token_util.c:531(debug_nt_user_token) NT user token of user S-1-5-21-2043234088-984444579-347745105-1165 contains 15 SIDs SID[ 0]: S-1-5-21-2043234088-984444579-347745105-1165 SID[ 1]: S-1-5-21-2043234088-984444579-347745105-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-2043234088-984444579-347745105-512 SID[ 6]: S-1-5-32-544 SID[ 7]: S-1-5-21-2043234088-984444579-347745105-1029 SID[ 8]: S-1-5-21-2043234088-984444579-347745105-1203 SID[ 9]: S-1-22-1-1044 SID[ 10]: S-1-22-2-513 SID[ 11]: S-1-22-2-512 SID[ 12]: S-1-22-2-544 SID[ 13]: S-1-22-2-1005 SID[ 14]: S-1-22-2-1010 SE_PRIV 0xff0 0x0 0x0 0x0 [2010/06/04 16:12:09.917577, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 513 and contains 5 supplementary groups Group[ 0]: 513 Group[ 1]: 512 Group[ 2]: 544 Group[ 3]: 1005 Group[ 4]: 1010 [2010/06/04 16:12:09.917614, 5] smbd/uid.c:354(change_to_user) change_to_user uid=(0,0) gid=(0,513) [2010/06/04 16:12:09.917628, 10] smbd/nttrans.c:2821(reply_nttrans) num_setup=0, param_total=8, this_param=8, max_param=0, data_total=216, this_data=216, max_data=0, param_offset=76, data_offset=84 [2010/06/04 16:12:09.917642, 3] smbd/nttrans.c:1899(call_nt_transact_set_security_desc) call_nt_transact_set_security_desc: file = Installations/IMRE Singapore/IMRE on-site/settings, sent 0x20000007 [2010/06/04 16:12:09.917660, 10] smbd/nttrans.c:858(set_sd) set_sd for file Installations/IMRE Singapore/IMRE on-site/settings [2010/06/04 16:12:09.917672, 1] ../librpc/ndr/ndr.c:214(ndr_print_debug) psd: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8d04 (36100) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY Unable to open new log file /var/log/samba/machines/log.rnb: No such file or directory 1: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 1: SEC_DESC_DACL_AUTO_INHERITED 1: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-21-2043234088-984444579-347745105-1165 group_sid : * group_sid : S-1-5-21-2043234088-984444579-347745105-513 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x008c (140) num_aces : 0x00000005 (5) aces: ARRAY(5) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x10 (16) 0: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 1: SEC_ACE_FLAG_INHERITED_ACE 0x00: SEC_ACE_FLAG_VALID_INHERIT (0) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x001f01ff (2032127) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-2043234088-984444579-347745105-513 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x1b (27) 1: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 1: SEC_ACE_FLAG_INHERITED_ACE 0x0b: SEC_ACE_FLAG_VALID_INHERIT (11) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x001f01ff (2032127) object : union security_ace_object_ctr(case 0) trustee : S-1-3-1 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x13 (19) 1: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 1: SEC_ACE_FLAG_INHERITED_ACE 0x03: SEC_ACE_FLAG_VALID_INHERIT (3) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x001f01ff (2032127) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-2043234088-984444579-347745105-1165 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x1b (27) 1: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 1: SEC_ACE_FLAG_INHERITED_ACE 0x0b: SEC_ACE_FLAG_VALID_INHERIT (11) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x001f01ff (2032127) object : union security_ace_object_ctr(case 0) trustee : S-1-3-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x13 (19) 1: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 1: SEC_ACE_FLAG_INHERITED_ACE 0x03: SEC_ACE_FLAG_VALID_INHERIT (3) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x001f01ff (2032127) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 [2010/06/04 16:12:09.918318, 10] ./modules/vfs_acl_common.c:670(fset_nt_acl_common) fset_nt_acl_xattr: incoming sd for file Installations/IMRE Singapore/IMRE on-site/settings [2010/06/04 16:12:09.918331, 1] ../librpc/ndr/ndr.c:214(ndr_print_debug) CONST_DISCARD(struct security_descriptor *,psd): struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8d04 (36100) Unable to open new log file /var/log/samba/machines/log.rnb: No such file or directory 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 1: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 1: SEC_DESC_DACL_AUTO_INHERITED 1: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-21-2043234088-984444579-347745105-1165 group_sid : * group_sid : S-1-5-21-2043234088-984444579-347745105-513 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x008c (140) num_aces : 0x00000005 (5) aces: ARRAY(5) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x10 (16) 0: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 1: SEC_ACE_FLAG_INHERITED_ACE 0x00: SEC_ACE_FLAG_VALID_INHERIT (0) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x001f01ff (2032127) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-2043234088-984444579-347745105-513 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x1b (27) 1: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 1: SEC_ACE_FLAG_INHERITED_ACE 0x0b: SEC_ACE_FLAG_VALID_INHERIT (11) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x001f01ff (2032127) object : union security_ace_object_ctr(case 0) trustee : S-1-3-1 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x13 (19) 1: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 1: SEC_ACE_FLAG_INHERITED_ACE 0x03: SEC_ACE_FLAG_VALID_INHERIT (3) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x001f01ff (2032127) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-2043234088-984444579-347745105-1165 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x1b (27) 1: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 1: SEC_ACE_FLAG_INHERITED_ACE 0x0b: SEC_ACE_FLAG_VALID_INHERIT (11) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x001f01ff (2032127) object : union security_ace_object_ctr(case 0) trustee : S-1-3-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x13 (19) 1: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 1: SEC_ACE_FLAG_INHERITED_ACE 0x03: SEC_ACE_FLAG_VALID_INHERIT (3) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x001f01ff (2032127) Unable to open new log file /var/log/samba/machines/log.rnb: No such file or directory object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 [2010/06/04 16:12:09.919349, 10] smbd/posix_acls.c:3842(set_nt_acl) set_nt_acl: called for file Installations/IMRE Singapore/IMRE on-site/settings [2010/06/04 16:12:09.919382, 5] smbd/posix_acls.c:1191(unpack_nt_owners) unpack_nt_owners: validating owner_sids. [2010/06/04 16:12:09.919417, 3] smbd/posix_acls.c:1213(unpack_nt_owners) unpack_nt_owners: owner sid mapped to uid 1044 [2010/06/04 16:12:09.919445, 3] smbd/posix_acls.c:1235(unpack_nt_owners) unpack_nt_owners: group sid mapped to gid 513 [2010/06/04 16:12:09.919471, 5] smbd/posix_acls.c:1238(unpack_nt_owners) unpack_nt_owners: owner_sids validated. [2010/06/04 16:12:09.919499, 10] smbd/posix_acls.c:1904(create_canon_ace_lists) create_canon_ace_lists: adding file ACL: canon_ace index 0. Type = allow SID = S-1-5-21-2043234088-984444579-347745105-513 gid 513 (Domain Users) SMB_ACL_GROUP_OBJ ace_flags = 0x10 perms rwx [2010/06/04 16:12:09.919537, 10] smbd/posix_acls.c:1809(create_canon_ace_lists) create_canon_ace_lists: adding dir ACL: canon_ace index 0. Type = allow SID = S-1-3-1 gid 513 (Domain Users) SMB_ACL_GROUP_OBJ ace_flags = 0x1b perms rwx [2010/06/04 16:12:09.919574, 10] smbd/posix_acls.c:1809(create_canon_ace_lists) create_canon_ace_lists: adding dir ACL: canon_ace index 0. Type = allow SID = S-1-5-21-2043234088-984444579-347745105-1165 uid 1044 (netzadmin) SMB_ACL_USER_OBJ ace_flags = 0x13 perms rwx [2010/06/04 16:12:09.919612, 10] smbd/posix_acls.c:1904(create_canon_ace_lists) create_canon_ace_lists: adding file ACL: canon_ace index 0. Type = allow SID = S-1-5-21-2043234088-984444579-347745105-1165 uid 1044 (netzadmin) SMB_ACL_USER_OBJ ace_flags = 0x10 perms rwx [2010/06/04 16:12:09.919648, 10] smbd/posix_acls.c:1809(create_canon_ace_lists) create_canon_ace_lists: adding dir ACL: canon_ace index 0. Type = allow SID = S-1-3-0 uid 1044 (netzadmin) SMB_ACL_USER_OBJ ace_flags = 0x1b perms rwx [2010/06/04 16:12:09.919683, 10] smbd/posix_acls.c:1809(create_canon_ace_lists) create_canon_ace_lists: adding dir ACL: canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x13 perms rwx [2010/06/04 16:12:09.919715, 10] smbd/posix_acls.c:1904(create_canon_ace_lists) create_canon_ace_lists: adding file ACL: canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x10 perms rwx [2010/06/04 16:12:09.919745, 10] smbd/posix_acls.c:1506(check_owning_objs) check_owning_objs: ACL had owning user/group entries. [2010/06/04 16:12:09.919768, 10] smbd/posix_acls.c:1506(check_owning_objs) check_owning_objs: ACL had owning user/group entries. [2010/06/04 16:12:09.919790, 10] smbd/posix_acls.c:841(print_canon_ace_list) print_canon_ace_list: file ace - before merge canon_ace index 0. Type = allow SID = S-1-5-21-2043234088-984444579-347745105-513 gid 513 (Domain Users) SMB_ACL_GROUP_OBJ ace_flags = 0x10 perms rwx canon_ace index 1. Type = allow SID = S-1-5-21-2043234088-984444579-347745105-1165 uid 1044 (netzadmin) SMB_ACL_USER_OBJ ace_flags = 0x10 perms rwx canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x10 perms rwx [2010/06/04 16:12:09.919869, 10] smbd/posix_acls.c:841(print_canon_ace_list) print_canon_ace_list: dir ace - before merge canon_ace index 0. Type = allow SID = S-1-3-1 gid 513 (Domain Users) SMB_ACL_GROUP_OBJ ace_flags = 0x1b perms rwx canon_ace index 1. Type = allow SID = S-1-5-21-2043234088-984444579-347745105-1165 uid 1044 (netzadmin) SMB_ACL_USER_OBJ ace_flags = 0x13 perms rwx canon_ace index 2. Type = allow SID = S-1-5-21-2043234088-984444579-347745105-1165 uid 1044 (netzadmin) SMB_ACL_USER ace_flags = 0x13 perms rwx canon_ace index 3. Type = allow SID = S-1-3-0 uid 1044 (netzadmin) SMB_ACL_USER_OBJ ace_flags = 0x1b perms rwx canon_ace index 4. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x13 perms rwx [2010/06/04 16:12:09.919946, 10] smbd/posix_acls.c:841(print_canon_ace_list) print_canon_ace_list: file ace - before deny canon_ace index 0. Type = allow SID = S-1-5-21-2043234088-984444579-347745105-513 gid 513 (Domain Users) SMB_ACL_GROUP_OBJ ace_flags = 0x10 perms rwx canon_ace index 1. Type = allow SID = S-1-5-21-2043234088-984444579-347745105-1165 uid 1044 (netzadmin) SMB_ACL_USER_OBJ ace_flags = 0x10 perms rwx canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x10 perms rwx [2010/06/04 16:12:09.920007, 10] smbd/posix_acls.c:841(print_canon_ace_list) print_canon_ace_list: dir ace - before deny canon_ace index 0. Type = allow SID = S-1-3-1 gid 513 (Domain Users) SMB_ACL_GROUP_OBJ ace_flags = 0x1b perms rwx canon_ace index 1. Type = allow SID = S-1-5-21-2043234088-984444579-347745105-1165 uid 1044 (netzadmin) SMB_ACL_USER_OBJ ace_flags = 0x13 perms rwx canon_ace index 2. Type = allow SID = S-1-5-21-2043234088-984444579-347745105-1165 uid 1044 (netzadmin) SMB_ACL_USER ace_flags = 0x13 perms rwx canon_ace index 3. Type = allow SID = S-1-3-0 uid 1044 (netzadmin) SMB_ACL_USER_OBJ ace_flags = 0x1b perms rwx canon_ace index 4. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x13 perms rwx [2010/06/04 16:12:09.920082, 10] smbd/posix_acls.c:841(print_canon_ace_list) print_canon_ace_list: file ace - before valid canon_ace index 0. Type = allow SID = S-1-5-21-2043234088-984444579-347745105-513 gid 513 (Domain Users) SMB_ACL_GROUP_OBJ ace_flags = 0x10 perms rwx canon_ace index 1. Type = allow SID = S-1-5-21-2043234088-984444579-347745105-1165 uid 1044 (netzadmin) SMB_ACL_USER_OBJ ace_flags = 0x10 perms rwx canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x10 perms rwx [2010/06/04 16:12:09.920135, 10] smbd/posix_acls.c:841(print_canon_ace_list) print_canon_ace_list: dir ace - before valid canon_ace index 0. Type = allow SID = S-1-3-1 gid 513 (Domain Users) SMB_ACL_GROUP_OBJ ace_flags = 0x1b perms rwx canon_ace index 1. Type = allow SID = S-1-5-21-2043234088-984444579-347745105-1165 uid 1044 (netzadmin) SMB_ACL_USER_OBJ ace_flags = 0x13 perms rwx canon_ace index 2. Type = allow SID = S-1-5-21-2043234088-984444579-347745105-1165 uid 1044 (netzadmin) SMB_ACL_USER ace_flags = 0x13 perms rwx canon_ace index 3. Type = allow SID = S-1-3-0 uid 1044 (netzadmin) SMB_ACL_USER_OBJ ace_flags = 0x1b perms rwx canon_ace index 4. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x13 perms rwx [2010/06/04 16:12:09.920209, 3] smbd/dosmode.c:166(unix_mode) unix_mode(Installations/IMRE Singapore/IMRE on-site/settings) returning 0760 [2010/06/04 16:12:09.920230, 10] smbd/posix_acls.c:841(print_canon_ace_list) print_canon_ace_list: file ace - return canon_ace index 0. Type = allow SID = S-1-5-21-2043234088-984444579-347745105-513 gid 513 (Domain Users) SMB_ACL_GROUP_OBJ ace_flags = 0x10 perms rwx canon_ace index 1. Type = allow SID = S-1-5-21-2043234088-984444579-347745105-1165 uid 1044 (netzadmin) SMB_ACL_USER_OBJ ace_flags = 0x10 perms rwx canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x10 perms rwx [2010/06/04 16:12:09.920282, 10] smbd/posix_acls.c:841(print_canon_ace_list) print_canon_ace_list: dir ace - return canon_ace index 0. Type = allow SID = S-1-3-1 gid 513 (Domain Users) SMB_ACL_GROUP_OBJ ace_flags = 0x1b perms rwx canon_ace index 1. Type = allow SID = S-1-5-21-2043234088-984444579-347745105-1165 uid 1044 (netzadmin) SMB_ACL_USER_OBJ ace_flags = 0x13 perms rwx canon_ace index 2. Type = allow SID = S-1-5-21-2043234088-984444579-347745105-1165 uid 1044 (netzadmin) SMB_ACL_USER ace_flags = 0x13 perms rwx canon_ace index 3. Type = allow SID = S-1-3-0 uid 1044 (netzadmin) SMB_ACL_USER_OBJ ace_flags = 0x1b perms rwx canon_ace index 4. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x13 perms rwx [2010/06/04 16:12:09.920355, 10] smbd/posix_acls.c:2724(set_canon_ace_list) set_canon_ace_list: setting ACL: canon_ace index 0. Type = allow SID = S-1-5-21-2043234088-984444579-347745105-513 gid 513 (Domain Users) SMB_ACL_GROUP_OBJ ace_flags = 0x10 perms rwx canon_ace index 1. Type = allow SID = S-1-5-21-2043234088-984444579-347745105-1165 uid 1044 (netzadmin) SMB_ACL_USER_OBJ ace_flags = 0x10 perms rwx canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x10 perms rwx [2010/06/04 16:12:09.920407, 10] smbd/posix_acls.c:2824(set_canon_ace_list) canon_ace index 0. Type = allow SID = S-1-5-21-2043234088-984444579-347745105-513 gid 513 (Domain Users) SMB_ACL_GROUP_OBJ ace_flags = 0x10 perms rwx [2010/06/04 16:12:09.920443, 10] smbd/posix_acls.c:2824(set_canon_ace_list) canon_ace index 1. Type = allow SID = S-1-5-21-2043234088-984444579-347745105-1165 uid 1044 (netzadmin) SMB_ACL_USER_OBJ ace_flags = 0x10 perms rwx [2010/06/04 16:12:09.920472, 10] smbd/posix_acls.c:2824(set_canon_ace_list) canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x10 perms rwx [2010/06/04 16:12:09.920496, 10] modules/vfs_posixacl.c:89(posixacl_sys_acl_set_file) Calling acl_set_file: Installations/IMRE Singapore/IMRE on-site/settings, 0 Unable to open new log file /var/log/samba/machines/log.rnb: No such file or directory [2010/06/04 16:12:09.920541, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 513) : sec_ctx_stack_ndx = 1 [2010/06/04 16:12:09.920575, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2010/06/04 16:12:09.920594, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/06/04 16:12:09.920613, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/06/04 16:12:09.920630, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/06/04 16:12:09.920663, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 513) - sec_ctx_stack_ndx = 0 [2010/06/04 16:12:09.920684, 10] smbd/posix_acls.c:2724(set_canon_ace_list) set_canon_ace_list: setting ACL: canon_ace index 0. Type = allow SID = S-1-3-1 gid 513 (Domain Users) SMB_ACL_GROUP_OBJ ace_flags = 0x1b perms rwx canon_ace index 1. Type = allow SID = S-1-5-21-2043234088-984444579-347745105-1165 uid 1044 (netzadmin) SMB_ACL_USER_OBJ ace_flags = 0x13 perms rwx canon_ace index 2. Type = allow SID = S-1-5-21-2043234088-984444579-347745105-1165 uid 1044 (netzadmin) SMB_ACL_USER ace_flags = 0x13 perms rwx canon_ace index 3. Type = allow SID = S-1-3-0 uid 1044 (netzadmin) SMB_ACL_USER_OBJ ace_flags = 0x1b perms rwx canon_ace index 4. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x13 perms rwx [2010/06/04 16:12:09.920755, 10] smbd/posix_acls.c:2824(set_canon_ace_list) canon_ace index 0. Type = allow SID = S-1-3-1 gid 513 (Domain Users) SMB_ACL_GROUP_OBJ ace_flags = 0x1b perms rwx [2010/06/04 16:12:09.920781, 10] smbd/posix_acls.c:2824(set_canon_ace_list) canon_ace index 1. Type = allow SID = S-1-5-21-2043234088-984444579-347745105-1165 uid 1044 (netzadmin) SMB_ACL_USER_OBJ ace_flags = 0x13 perms rwx [2010/06/04 16:12:09.920807, 10] smbd/posix_acls.c:2824(set_canon_ace_list) canon_ace index 2. Type = allow SID = S-1-5-21-2043234088-984444579-347745105-1165 uid 1044 (netzadmin) SMB_ACL_USER ace_flags = 0x13 perms rwx [2010/06/04 16:12:09.920832, 10] smbd/posix_acls.c:2824(set_canon_ace_list) canon_ace index 3. Type = allow SID = S-1-3-0 uid 1044 (netzadmin) SMB_ACL_USER_OBJ ace_flags = 0x1b perms rwx [2010/06/04 16:12:09.920850, 10] smbd/posix_acls.c:2824(set_canon_ace_list) canon_ace index 4. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x13 perms rwx [2010/06/04 16:12:09.920866, 10] modules/vfs_posixacl.c:89(posixacl_sys_acl_set_file) Calling acl_set_file: Installations/IMRE Singapore/IMRE on-site/settings, 1 [2010/06/04 16:12:09.920879, 0] modules/vfs_posixacl.c:349(smb_acl_to_posix) smb_acl_to_posix: ACL is invalid for set (Invalid argument) [2010/06/04 16:12:09.920894, 2] smbd/posix_acls.c:2895(set_canon_ace_list) set_canon_ace_list: sys_acl_set_file type directory default failed for file Installations/IMRE Singapore/IMRE on-site/settings (Invalid argument). [2010/06/04 16:12:09.920909, 3] smbd/posix_acls.c:3979(set_nt_acl) set_nt_acl: failed to set default acl on directory Installations/IMRE Singapore/IMRE on-site/settings (Invalid argument). [2010/06/04 16:12:09.920926, 3] smbd/error.c:80(error_packet_set) error packet at smbd/nttrans.c(1909) cmd=160 (SMBnttrans) NT_STATUS_INVALID_PARAMETER
Reasonably Related Threads
- Samba serving sshfs shares: can't delete files
- Clients can't write to group-writable files
- W2k client using "synchronize" on a samba configured RH Linux 9 file server ...
- Clients can't write to group-writable files - plea for help
- Clients can't write to group-writable files - plea for help