Jorgen Lundman
2021-May-04 04:34 UTC
[Samba] /proc/self open fails with proc_owner Was: Time-machine replies with 17: File Exists
Digging deeper, I?ve found that basic SMB access does not work well, in that I
can copy a file to smb, which writes OK, then it renames it into place, but
eventually fail with ACCESS_DENIED.
fruit_close: Path [Pictures/iphonejorgen/2021/05/IMG_6011.MOV] fd [11]
streams_xattr_close: streams_xattr_close called
[Pictures/iphonejorgen/2021/05/IMG_6011.MOV] fd [11]
delete_lock_ref_count for file Pictures/iphonejorgen/2021/05/IMG_6011.MOV
Error opening file Pictures/iphonejorgen/2021/05/IMG_6011.MOV
(NT_STATUS_ACCESS_DENIED) (local_flags=129) (flags=129)
create_file_unixpath: NT_STATUS_ACCESS_DENIED
dbwrap_lock_order_lock: check lock order 1 for
/usr/local/samba/var/lock/smbXsrv_open_global.tdb
lock order: 1:/usr/local/samba/var/lock/smbXsrv_open_global.tdb 2:<none>
3:<none> 4:<none>
db_tdb_log_key: Locking key BBF82F32
db_tdb_fetch_locked_internal: Allocated locked data 57d210
db_tdb_log_key: Unlocking key BBF82F32
dbwrap_lock_order_unlock: release lock order 1 for
/usr/local/samba/var/lock/smbXsrv_open_global.tdb
freed files structure 1684966950 (0 used)
create_file: NT_STATUS_ACCESS_DENIED
Running truss on smb to find out what actually goes wrong, it appears to be:
streams_xattr_open called for /proc/self/fd/11 with flags 0x81
6036/1: write(1, " s t r e a m s _ x a t t".., 63) = 63
6036/1: open("/proc/self/fd/11", O_WRONLY|O_NONBLOCK) Err#13
EACCES [proc_owner]
catia_fetch_fsp_post_next: Called from [catia_openat]
6036/1: write(1, " c a t i a _ f e t c h _".., 54) = 54
Which is presumably OmniOS related, in that it is trying to open the /proc/self/
as a different uid to the process. Can I tell
Smb to not use /proc/self, and instead use regular paths?
If I comment out catia, then the next module (streams_xattr) has the same
problem.
Lund
Ralph Boehme
2021-May-04 12:44 UTC
[Samba] /proc/self open fails with proc_owner Was: Time-machine replies with 17: File Exists
Am 5/4/21 um 6:34 AM schrieb Jorgen Lundman via samba:> ... > > create_file: NT_STATUS_ACCESS_DENIED > > Running truss on smb to find out what actually goes wrong, it appears > to be: > > streams_xattr_open called for /proc/self/fd/11 with flags 0x81 > 6036/1: write(1, " s t r e a m s _ x a t t".., 63) = 63 > 6036/1: open("/proc/self/fd/11", O_WRONLY|O_NONBLOCK) > Err#13 EACCES [proc_owner] catia_fetch_fsp_post_next: Called from > [catia_openat] 6036/1: write(1, " c a t i a _ f e t c h _".., > 54) = 54 > > Which is presumably OmniOS related, in that it is trying to open the > /proc/self/ as a different uid to the process.Can you elaborate on that please so I can better understand why the open() fails with EACCES? Particularly I don't understand what you mean with "... trying to open the /proc/self/ as a different uid to the process." Typically Samba would to this open() syscall impersonating the authenticated user (ie set effective uid, gid and auxiliary groups set to the values of the underlying OS account).> Can I tell Smb to not use /proc/self, and instead use regular paths?No currently there's no way to disable this other by configuration. There's a general runtime check that verifies /proc/self/fd is usable by calling stat() on /proc/self/fd/0 (iirc), looks like this is not fine grained enough to cover stupid OSes. Cheers! -slow -- Ralph Boehme, Samba Team https://samba.org/ Samba Developer, SerNet GmbH https://sernet.de/en/samba/ GPG-Fingerprint FAE2C6088A24252051C559E4AA1E9B7126399E46 -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 840 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20210504/5a8ea759/OpenPGP_signature.sig>