Thomas Werschlein
2015-Aug-07 15:58 UTC
[Samba] vfs_streams_xattr and create mask = 0640 don't play well together
Hi everyone, We are working on the deployment of samba 4.2.3 on Solaris 11.1 with ZFS backed storage. We plan to use the new vfs_fruit in order to better support our OSX clients out there. Everything seems to be working fine so far, but one operation: If the user on an OSX client sets (or modifies) a tag (the colour flags or a custom tag) on a directory *AND* the share is configured with "create mask = 0640", the directory loses the execute bit for the owner of the directory and renders the directory inaccessible. We were able to isolate the problem down to the VFS module "streams_xattr" (which is needed when using fruit) and the (non-default) setting of "create mask = 0640". With the default create mask of 0740 you won't encounter the problem. The problem is not related to Solaris, ZFS or OSX, though. We could reproduce it on Ubuntu 14.04 LTS and with a Windows 10 SMB client. Our test smb.conf for a self-compiled samba 4.2.3 on Ubuntu 14.04 looks like this: # Global parameters [global] workgroup = MYGROUP server string = Samba Server server role = standalone server log file = /usr/local/samba/var/log.%m dns proxy = No idmap config * : backend = tdb [xattr] path = /data/xattr read only = No create mask = 0640 ea support = Yes vfs objects = streams_xattr The root directory on the linux host is mounted with xattr support: root at ubuntu:~# mount | grep xattr /dev/sda1 on / type ext4 (rw,errors=remount-ro,user_xattr) From an OSX 10.10.4 SMB client the problem manifests as follows: 1. mounting the share from the Finder with address 'smb://10.211.55.3/xattr' 2. create a new directory (from the Finder or from cmd line), the permissions are correct (x flag set for owner) root at ubuntu:/data/xattr# ls -ld untitled\ folder/ drwxr-xr-x 2 parallels parallels 4096 Aug 7 17:34 untitled folder/ 3. add the tag "red" to the newly created folder. Now the x flag is missing for the owner: root at ubuntu:/data/xattr# ls -ld untitled\ folder/ drw-r-xr-x 2 parallels parallels 4096 Aug 7 17:39 untitled folder/ 4. there is no problem with the xattr though as seen from the Mac ... me at mymac:/Volumes/xattr ls -ld@ untitled\ folder/ drwx------@ 1 thomi staff 16384 Aug 7 17:34 untitled folder// com.apple.FinderInfo 32 com.apple.metadata:_kMDItemUserTags 50 ... or directly on the samba server: root at ubuntu:/data/xattr# xattr -pl 'user.DosStream.com.apple.metadata_kMDItemUserTags:$DATA' untitled\ folder/ user.DosStream.com.apple.metadata_kMDItemUserTags:$DATA: 0000 62 70 6C 69 73 74 30 30 A1 01 55 52 65 64 0A 36 bplist00..URed.6 0010 08 0A 00 00 00 00 00 00 01 01 00 00 00 00 00 00 ................ 0020 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0030 00 10 00 ... It appears that streams_xattr is considering the "create mask" when modifiying Alternate Data Streams on directories, while "create mask" is only intended for files (and we don't expect permission changes when modifiying metadata anyway, do we?). Is this a bug or a misconfiguration on our side? I am happy to file a bug report, if it turns out to be one. Any thoughts? Thanks in advance, Thomas -- Thomas Werschlein, IT Services Department of Geography, University of Zurich Office: Y25-L12, Tel: +41 (0)44 63-56536 PGP-Key-ID: C76C851B
Ralph Böhme
2015-Aug-10 17:03 UTC
[Samba] vfs_streams_xattr and create mask = 0640 don't play well together
Hi, On Fri, Aug 07, 2015 at 05:58:45PM +0200, Thomas Werschlein wrote:> Is this a bug or a misconfiguration on our side? I am happy to file > a bug report, if it turns out to be one. Any thoughts?sounds like a bug to me. Can you please file a bugreport so we can track this? -Ralph -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-370000-0, fax: +49-551-370000-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de,mailto:kontakt at sernet.de
Thomas Werschlein
2015-Aug-11 15:50 UTC
[Samba] vfs_streams_xattr and create mask = 0640 don't play well together
Hi Ralph,> Am 10.08.2015 um 19:03 schrieb Ralph Böhme <rb at sernet.de>: > > sounds like a bug to me. Can you please file a bugreport so we can > track this? >Thanks for your reply. I'll file a bug report in the next few days. Best, Thomas -- Thomas Werschlein, IT Services Department of Geography, University of Zurich Office: Y25-L12, Tel: +41 (0)44 63-56536 PGP-Key-ID: C76C851B
Apparently Analagous Threads
- vfs_streams_xattr and create mask = 0640 don't play well together
- vfs fruit unable to create xattr and ACL from OS X 10.10.4
- winbind causing huge timeouts/delays since 4.8
- winbind causing huge timeouts/delays since 4.8
- CIFS Null Session Vulnerability Fix in Samba 3.5.10