samba - Oct 2020 - "unable to move extended attributes and ACL" when using mv from macOS with fruit

Hello,

Using samba 4.11.6+dfsg-0ubuntu1.5 (shipped with Ubuntu 20.04) I'm 
having trouble with a macOS (10.15.7) client moving files to a share. 
The server is using zfs for storage, but I can replicate with ext4 too.

I spun up a test container with the following minimal config:

[global]
    log level = 7
    workgroup = WORKGROUP
    server string = %h server (Samba, Ubuntu)
    log file = /var/log/samba/log.%m
    max log size = 1000
    logging = file
    panic action = /usr/share/samba/panic-action %d
    server role = standalone server
    obey pam restrictions = yes
    unix password sync = yes
    passwd program = /usr/bin/passwd %u
    passwd chat = *Enter\snew\s*\spassword:* %n\n 
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
    pam password change = yes
    map to guest = bad user
    usershare allow guests = yes

    vfs objects = catia fruit streams_xattr

[ubuntu]
   browseable = yes
   writable = yes
   path = /home/ubuntu
   guest ok = yes
   guest only = yes
   force user = ubuntu
   force group = ubuntu

Then, I created a basic plain text file with TextEdit. It has several 
extended attributes and no ACL:

- com.apple.FinderInfo
- com.apple.TextEncoding: utf-8;134217984
- com.apple.lastuseddate#PS
- com.apple.macl
- com.apple.metadata:_kMDItemUserTags
- com.apple.metadata:kMDLabel_qjzstwnekapwazdd4yujgr6wqa

I can copy and move the file to the share with the Finder. From the 
command line, cp works fine as well. However, mv throws an error:

mv -v test.txt /Volumes/ubuntu
mv: /Volumes/ubuntu/test.txt: unable to move extended attributes and ACL 
from test.txt: Permission denied
mv: /Volumes/ubuntu/test.txt: set mode (was: 0644): Permission denied
mv: /Volumes/ubuntu/test.txt: set times: Permission denied
test.txt -> /Volumes/ubuntu/test.txt

As setting the mode fails, the file is no longer readable by the client. 
In the server logs, I see:

[2020/10/18 20:21:10.882387,  5] 
../../source3/smbd/uid.c:295(print_impersonation_info)
   print_impersonation_info: Impersonated user: uid=(1000,1000), 
gid=(0,1000), cwd=[/home/ubuntu]
[2020/10/18 20:21:10.882435,  5] 
../../source3/smbd/filename.c:481(unix_convert)
   unix_convert called on file "test.txt"
[2020/10/18 20:21:10.882466,  5] 
../../source3/smbd/filename.c:681(unix_convert)
   unix_convert begin: name = test.txt, dirpath = ., start = test.txt
[2020/10/18 20:21:10.882517,  2] 
../../source3/modules/vfs_fruit.c:1506(ad_read_meta)
   error reading meta xattr: Permission denied
[2020/10/18 20:21:10.882557,  5] 
../../source3/smbd/filename.c:704(unix_convert)
   conversion of base_name finished test.txt -> test.txt
[2020/10/18 20:21:10.882609,  5] 
../../source3/smbd/vfs.c:1368(check_reduced_name)
   check_reduced_name: test.txt reduced to /home/ubuntu/test.txt
[2020/10/18 20:21:10.882637,  5] 
../../source3/smbd/dir.c:480(dptr_create)
   dptr_create dir=.
[2020/10/18 20:21:10.882685,  3] 
../../source3/smbd/dir.c:659(dptr_create)
   creating new dirptr 0 for path ., expect_close = 0
[2020/10/18 20:21:10.882728,  2] 
../../source3/modules/vfs_fruit.c:1506(ad_read_meta)
   error reading meta xattr: Permission denied

Removing fruit fixes the problem, but I don't want to do that :)

Any ideas? I imagine my next step would be to validate against master, 
but I'd rather not do that if this is a known macOS issue.

Thanks,
--Andrew

On 18/10/2020 21:41, Andrew Berry via samba wrote:
> Hello,
>
> Using samba 4.11.6+dfsg-0ubuntu1.5 (shipped with Ubuntu 20.04) I'm 
> having trouble with a macOS (10.15.7) client moving files to a share. 
> The server is using zfs for storage, but I can replicate with ext4 too.
>
> [ubuntu]
> ? browseable = yes
> ? writable = yes
> ? path = /home/ubuntu
> ? guest ok = yes
> ? guest only = yes
> ? force user = ubuntu
> ? force group = ubuntu
So, you have a share that only the guest user (nobody) can access and 
any files created belong to ubuntu:ubuntu and you wonder why you cannot 
change anything ?

Rowland

On 18 Oct 2020, at 17:02, Rowland penny via samba wrote:
> So, you have a share that only the guest user (nobody) can access and 
> any files created belong to ubuntu:ubuntu and you wonder why you 
> cannot change anything ?
I'm not having any trouble with user mapping, which was just set up to 
to simplify this test. Files are properly created as ubuntu:ubuntu, and 
those created by the Finder and cp work fine. It's just the mv command 
that's failing. I have the same problem on my normal shares with regular 
Unix users.

Thanks,
--Andrew