Andreas Hasenack
2018-Jun-25 17:50 UTC
[Samba] works with 4.7.6, fails with 4.8.2: echo > $(mktemp /mnt/XXXXXX)
Hi, I have a regression test suite that creates this simple share: [tmp] comment = Temp Directory guest ok = Yes path = /tmp read only = No This is mounted via SMB1: mount //localhost/tmp -o guest,vers=1.0 /mnt The client (ubuntu 18.10 dev) is using cifs-utils 2:6.8-2 from debian (it's a sync). Client and server are the same machine (localhost). When the server is 2:4.8.2+dfsg-2ubuntu1 (a package I'm preparing, based on debian's 4.8.2+dfsg-2), this fails: root at ubuntu:~# mktemp /mnt/test.XXXXXX /mnt/test.iev5IU root at ubuntu:~# echo hello > /mnt/test.iev5IU -su: /mnt/test.iev5IU: Permission denied root at ubuntu:~# l /mnt/test.iev5IU -rw-------+ 1 nobody nogroup 0 Jun 25 17:40 /mnt/test.iev5IU root at ubuntu:~# When the server is running 2:4.7.6+dfsg~ubuntu-0ubuntu2, it works: root at ubuntu:~# mktemp /mnt/test.XXXXXX /mnt/test.yGv3JP root at ubuntu:~# echo hello > /mnt/test.yGv3JP root at ubuntu:~# l /mnt/test.yGv3JP -rw-------+ 1 nobody nogroup 6 Jun 25 17:41 /mnt/test.yGv3JP The output of getcifsacl is quite different in both cases: # 4.7.6 server: root at ubuntu:~# getcifsacl /mnt/test.yGv3JP REVISION:0x1 CONTROL:0x9004 OWNER:S-1-5-21-3096988004-4058363749-2517819802-501 GROUP:S-1-22-2-65534 ACL:S-1-5-21-3096988004-4058363749-2517819802-501:ALLOWED/0x0/RW ACL:S-1-22-2-65534:ALLOWED/0x0/ ACL:S-1-1-0:ALLOWED/0x0/ # 4.8.2 server: root at ubuntu:~# getcifsacl /mnt/test.iev5IU getxattr error: 13 REVISION:0x0 CONTROL:0x0 The cifs mount in both cases is shown as: root at ubuntu:~# mount -t cifs //localhost/tmp on /mnt type cifs (rw,relatime,vers=1.0,sec=none,cache=strict,domain=,uid=0,noforceuid,gid=0,noforcegid,addr=127.0.0.1,soft,unix,posixpaths,serverino,mapposix,acl,rsize=1048576,wsize=65536,echo_interval=60,actimeo=1) Is this a bug that was fixed, a bug that was introduced, or neither and I'm holding it wrong? Thanks!
Andreas Hasenack
2018-Jun-25 21:38 UTC
[Samba] works with 4.7.6, fails with 4.8.2: echo > $(mktemp /mnt/XXXXXX)
I narrowed it a bit further and can see the change happening between 4.8.0 and 4.8.1. It works with 4.8.0, and I get permission denied in 4.8.1. This time I tested with plain upstream tarballs, no distribution patches. On Mon, Jun 25, 2018 at 2:50 PM, Andreas Hasenack <andreas at canonical.com> wrote:> Hi, > > I have a regression test suite that creates this simple share: > > [tmp] > comment = Temp Directory > guest ok = Yes > path = /tmp > read only = No > > This is mounted via SMB1: > mount //localhost/tmp -o guest,vers=1.0 /mnt > > The client (ubuntu 18.10 dev) is using cifs-utils 2:6.8-2 from debian > (it's a sync). Client and server are the same machine (localhost). > > When the server is 2:4.8.2+dfsg-2ubuntu1 (a package I'm preparing, > based on debian's 4.8.2+dfsg-2), this fails: > > root at ubuntu:~# mktemp /mnt/test.XXXXXX > /mnt/test.iev5IU > root at ubuntu:~# echo hello > /mnt/test.iev5IU > -su: /mnt/test.iev5IU: Permission denied > root at ubuntu:~# l /mnt/test.iev5IU > -rw-------+ 1 nobody nogroup 0 Jun 25 17:40 /mnt/test.iev5IU > root at ubuntu:~# > > > When the server is running 2:4.7.6+dfsg~ubuntu-0ubuntu2, it works: > root at ubuntu:~# mktemp /mnt/test.XXXXXX > /mnt/test.yGv3JP > root at ubuntu:~# echo hello > /mnt/test.yGv3JP > root at ubuntu:~# l /mnt/test.yGv3JP > -rw-------+ 1 nobody nogroup 6 Jun 25 17:41 /mnt/test.yGv3JP > > The output of getcifsacl is quite different in both cases: > > # 4.7.6 server: > root at ubuntu:~# getcifsacl /mnt/test.yGv3JP > REVISION:0x1 > CONTROL:0x9004 > OWNER:S-1-5-21-3096988004-4058363749-2517819802-501 > GROUP:S-1-22-2-65534 > ACL:S-1-5-21-3096988004-4058363749-2517819802-501:ALLOWED/0x0/RW > ACL:S-1-22-2-65534:ALLOWED/0x0/ > ACL:S-1-1-0:ALLOWED/0x0/ > > > # 4.8.2 server: > root at ubuntu:~# getcifsacl /mnt/test.iev5IU > getxattr error: 13 > REVISION:0x0 > CONTROL:0x0 > > > The cifs mount in both cases is shown as: > root at ubuntu:~# mount -t cifs > //localhost/tmp on /mnt type cifs > (rw,relatime,vers=1.0,sec=none,cache=strict,domain=,uid=0,noforceuid,gid=0,noforcegid,addr=127.0.0.1,soft,unix,posixpaths,serverino,mapposix,acl,rsize=1048576,wsize=65536,echo_interval=60,actimeo=1) > > > Is this a bug that was fixed, a bug that was introduced, or neither > and I'm holding it wrong? > > Thanks!
Possibly Parallel Threads
- Using Access Control Lists with SMB2/SMB3 Mounts on Linux Clients
- getcifsacl does not work with CIFS mount versions 2 or 3
- getcifsacl does not work with CIFS mount versions 2 or 3
- winbind sometimes does not resolve sid to a name
- Using Access Control Lists with SMB2/SMB3 Mounts on Linux Clients