Viktor Trojanovic
2020-Jun-09 09:10 UTC
[Samba] Changes in share permissions lead to disruption of service
I just had something very strange happening, I'm curious if someone can understand what it was in spite of the limited available information. I'm running Samba 4.11.6 as an AD file server. Rowland checked my config recently and could not find any issue with it, it's really very standard, using the idmap backend. Only 2 users in the AD. Linux access is not a topic, the shares are only accessed by Windows users, and all security permissions are set from Windows. This all worked perfectly until when I decided today to disable security permissions inheritance on two of three shares and converted inherited permissions into explicit permissions. I then changed the permissions for user2 on the share to read only, giving him write access to the underlying folder. Somehow, this broke everything. User2 suddenly could not even browse the server anymore, let alone the share in question. The smbd log filled up with: [2020/06/09 09:48:19.746725, 0] ../../source3/smbd/uid.c:448(change_to_user_internal) change_to_user_internal: chdir_current_service() failed! Since I needed this solved quickly, I logged out user2 from all devices, restarted the member server. This didn't change anything yet. Then, I removed the permissions and set them again. The exact same permissions as they were before removing them. Now user2 could access the shares again. Any idea what happened here? Viktor
Jeremy Allison
2020-Jun-10 00:47 UTC
[Samba] Changes in share permissions lead to disruption of service
On Tue, Jun 09, 2020 at 11:10:43AM +0200, Viktor Trojanovic via samba wrote:> I just had something very strange happening, I'm curious if someone can > understand what it was in spite of the limited available information. > > I'm running Samba 4.11.6 as an AD file server. Rowland checked my config > recently and could not find any issue with it, it's really very standard, > using the idmap backend. Only 2 users in the AD. Linux access is not a > topic, the shares are only accessed by Windows users, and all security > permissions are set from Windows. > > This all worked perfectly until when I decided today to disable security > permissions inheritance on two of three shares and converted inherited > permissions into explicit permissions. I then changed the permissions for > user2 on the share to read only, giving him write access to the underlying > folder. > > Somehow, this broke everything. User2 suddenly could not even browse the > server anymore, let alone the share in question. The smbd log filled up > with: > > > [2020/06/09 09:48:19.746725, 0] > ../../source3/smbd/uid.c:448(change_to_user_internal) > change_to_user_internal: chdir_current_service() failed! > > Since I needed this solved quickly, I logged out user2 from all devices, > restarted the member server. This didn't change anything yet. Then, I > removed the permissions and set them again. The exact same permissions as > they were before removing them. Now user2 could access the shares again. > > Any idea what happened here?chdir_current_service() returned false, meaning the UNIX user you were mapped into didn't have 'x' permission rights on the root directory of that share. The line in the log before that would have given a debug level zero message if it were anything other than EACCESS (permission denied).