Adam Thorn
2021-Nov-04 12:14 UTC
[Samba] Unable to delete dangling symbolic link with "map readonly=permissions"
I am running a samba server on Ubuntu 20.04 version
4.11.6+dfsg-0ubuntu1.10 . If I create a symlink to an non-existing
target with "ln -s doesnotexist brokenlink" and then try to delete the
symlink, it fails:
$ rm brokenlink
rm: cannot remove 'brokenlink': No such file or directory
My full smb.conf is below, but the key setting appears to be "store dos
attributes = No, map readonly = permissions".
If I instead set "map readonly = yes" I am able to delete the broken
symlink successfully.
I have also tried the same steps on a server running Ubuntu 16.04,
4.3.11+dfsg-0ubuntu0.16.04.34 . There, I am able to successfully delete
the symlink regardless of the "map readonly" value.
This is the samba conversation as dissected by wireshark with "map
readonly = permissions":
Trans2 Request, QUERY_PATH_INFO, Query File Unix Basic, Path: /brokenlink
Trans2 Response, QUERY_PATH_INFO
Trans2 Request, SET_PATH_INFO, Path: /brokenlink
Trans2 Response, SET_PATH_INFO, Error: STATUS_CANNOT_DELETE
Delete Request, Path: /brokenlink
Delete Response, Error: STATUS_CANNOT_DELETE
Trans2 Request, SET_PATH_INFO, Path: /brokenlink
Trans2 Response, SET_PATH_INFO, Error: STATUS_OBJECT_NAME_NOT_FOUND
When I set "map readonly = yes", I instead see:
Trans2 Request, QUERY_PATH_INFO, Query File Unix Basic, Path:
Trans2 Response, QUERY_PATH_INFO
Trans2 Request, QUERY_PATH_INFO, Query File Unix Basic, Path: /brokenlink
Trans2 Response, QUERY_PATH_INFO
Trans2 Request, SET_PATH_INFO, Path: /brokenlink
Trans2 Response, SET_PATH_INFO
I can provide the full tcpdump from both of those conversations if useful.
Client info: Ubuntu 18.04, samba 4.7.6+dfsg~ubuntu-0ubuntu2.23
client mount options:
rw,relatime,vers=1.0,cache=strict,username=alt36,domain=AD,uid=$UID,forceuid,gid=$GID,forcegid,addr=$IP,soft,unix,posixpaths,serverino,mapchars,nobrl,acl,rsize=1048576,wsize=65536,echo_interval=60,actimeo=1
My samba config as displayed by testparm is below, with minor redactions
[global]
allow insecure wide links = Yes
disable spoolss = Yes
dns proxy = No
idmap gid = 1000 - 300000000
idmap uid = 1000 - 300000000
interfaces = $CIDR
load printers = No
local master = No
log file = /var/run/samba/smb-logs/%i/%U_%M.log
max log size = 500000
obey pam restrictions = Yes
pam password change = Yes
preferred master = No
printcap name = /dev/null
raw NTLMv2 auth = Yes
realm = $REALM
security = ADS
server min protocol = NT1
syslog = 0
template homedir = /home/%U
template shell = /bin/bash
unix password sync = Yes
winbind enum groups = Yes
winbind enum users = Yes
winbind separator = +
winbind use default domain = Yes
workgroup = AD
idmap config ad:range = 1000 - 300000000
idmap config ad:schema_mode = rfc2307
idmap config ad:default = yes
idmap config ad:backend = ad
idmap config * : range = 1000 - 300000000
idmap alloc config:range = 500 - 999
idmap config * : backend = tdb
printing = bsd
wide links = Yes
[testhome]
acl group control = Yes
create mask = 0644
force unknown acl user = Yes
inherit acls = Yes
inherit owner = windows and unix
inherit permissions = Yes
map acl inherit = Yes
map archive = No
map readonly = permissions
path = /data/group/alt36/general/people/%U/home
read only = No
store dos attributes = No
valid users = alt36
vfs objects = shadow_copy2
shadow:localtime = yes
shadow:format = %s
shadow:snapdir = .zfs/snapshot
shadow:sort = desc
Rowland Penny
2021-Nov-04 12:53 UTC
[Samba] Unable to delete dangling symbolic link with "map readonly=permissions"
On Thu, 2021-11-04 at 12:14 +0000, Adam Thorn via samba wrote:> I am running a samba server on Ubuntu 20.04 version > 4.11.6+dfsg-0ubuntu1.10 . If I create a symlink to an non-existing > target with "ln -s doesnotexist brokenlink" and then try to delete > the > symlink, it fails: > > $ rm brokenlink > rm: cannot remove 'brokenlink': No such file or directory > > My full smb.conf is below, but the key setting appears to be "store > dos > attributes = No, map readonly = permissions". > > If I instead set "map readonly = yes" I am able to delete the broken > symlink successfully. > > I have also tried the same steps on a server running Ubuntu 16.04, > 4.3.11+dfsg-0ubuntu0.16.04.34 . There, I am able to successfully > delete > the symlink regardless of the "map readonly" value. > > This is the samba conversation as dissected by wireshark with "map > readonly = permissions": > > Trans2 Request, QUERY_PATH_INFO, Query File Unix Basic, Path: > /brokenlink > Trans2 Response, QUERY_PATH_INFO > Trans2 Request, SET_PATH_INFO, Path: /brokenlink > Trans2 Response, SET_PATH_INFO, Error: STATUS_CANNOT_DELETE > Delete Request, Path: /brokenlink > Delete Response, Error: STATUS_CANNOT_DELETE > Trans2 Request, SET_PATH_INFO, Path: /brokenlink > Trans2 Response, SET_PATH_INFO, Error: STATUS_OBJECT_NAME_NOT_FOUND > > When I set "map readonly = yes", I instead see: > > Trans2 Request, QUERY_PATH_INFO, Query File Unix Basic, Path: > Trans2 Response, QUERY_PATH_INFO > Trans2 Request, QUERY_PATH_INFO, Query File Unix Basic, Path: > /brokenlink > Trans2 Response, QUERY_PATH_INFO > Trans2 Request, SET_PATH_INFO, Path: /brokenlink > Trans2 Response, SET_PATH_INFO > > I can provide the full tcpdump from both of those conversations if > useful. > > Client info: Ubuntu 18.04, samba 4.7.6+dfsg~ubuntu-0ubuntu2.23 > > client mount options: > rw,relatime,vers=1.0,cache=strict,username=alt36,domain=AD,uid=$UID,f > orceuid,gid=$GID,forcegid,addr=$IP,soft,unix,posixpaths,serverino,map > chars,nobrl,acl,rsize=1048576,wsize=65536,echo_interval=60,actimeo=1 > > My samba config as displayed by testparm is below, with minor > redactions > > [global] > allow insecure wide links = Yes > disable spoolss = Yes > dns proxy = No > idmap gid = 1000 - 300000000 > idmap uid = 1000 - 300000000 > interfaces = $CIDR > load printers = No > local master = No > log file = /var/run/samba/smb-logs/%i/%U_%M.log > max log size = 500000 > obey pam restrictions = Yes > pam password change = Yes > preferred master = No > printcap name = /dev/null > raw NTLMv2 auth = Yes > realm = $REALM > security = ADS > server min protocol = NT1 > syslog = 0 > template homedir = /home/%U > template shell = /bin/bash > unix password sync = Yes > winbind enum groups = Yes > winbind enum users = Yes > winbind separator = + > winbind use default domain = Yes > workgroup = AD > idmap config ad:range = 1000 - 300000000 > idmap config ad:schema_mode = rfc2307 > idmap config ad:default = yes > idmap config ad:backend = ad > idmap config * : range = 1000 - 300000000 > idmap alloc config:range = 500 - 999 > idmap config * : backend = tdb > printing = bsd > wide links = Yes > > [testhome] > acl group control = Yes > create mask = 0644 > force unknown acl user = Yes > inherit acls = Yes > inherit owner = windows and unix > inherit permissions = Yes > map acl inherit = Yes > map archive = No > map readonly = permissions > path = /data/group/alt36/general/people/%U/home > read only = No > store dos attributes = No > valid users = alt36 > vfs objects = shadow_copy2 > shadow:localtime = yes > shadow:format = %s > shadow:snapdir = .zfs/snapshot > shadow:sort = descI am sorry, but that smb.conf is terminally borked, there is so much wrong with it, I do not know where to start. Please read 'man idmap_ad' , 'man smb.conf' and this wikipage: https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member Rowland