Displaying 20 results from an estimated 29 matches for "canon_ace".
2010 May 28
1
samba 3.5.3: loads of errors copying some simple ACLs with robocopy
Maybe I'm doing somthing really stupid, but while copying some windows
share onto a samba server, on some random subdirectory robocopy
says ERROR 87 (0x00000057) Copying NTFS Security to Destination Directory...
The samba logfile has lots of these lines.
modules/vfs_posixacl.c:349(smb_acl_to_posix)
smb_acl_to_posix: ACL is invalid for set (Das Argument ist ung?ltig)
The strange thing is
2005 Mar 11
1
reduce_name and ACL's
...ed to be the "basename" of
a non-directory object?
---
I'm researching a bug in the ACL's that causes the first entry of a POSIX
ACL in AIX to lose an entry. As you can see the entry for "fogarjoh" is
there then gone.
[2005/03/11 08:29:54, 10] smbd/posix_acls.c:print_canon_ace_list(590)
print_canon_ace_list: canonicalise_acl: ace entries after arrange
canon_ace index 0. Type = allow SID =
S-1-5-21-1908802895-3536710745-1580887524-7952 uid 3476 (billtest)
SMB_ACL_USER_OBJ perms rwx
canon_ace index 1. Type = allow SID =
S-1-5-21-1908802895-3536710745-1580887524-1001...
2003 Dec 16
1
W2k client using "synchronize" on a samba configured RH Linux 9 file server ...
... does not work.
I use the W2k functionality "synchronize" on my laptop to have up2date
synchronized copies of my files both at the laptop and the file server.
The file server is a P 200 MHz running RH Linux 9.
When on-line the synchronization of files works, except for my swedish
letters "???". However when off-line working with my files, then
reconnecting to the
2007 Oct 30
0
Problem with ACLs "Too many ACE entries for file to convert to posix perms."
...g to add an
entry to the ACL. This covers adding an element to the ACL, but not the
issue of seeing them, I'm guessing the issues may be related. To cut to
the chase, the fatal looking line appears to be the one 3 timestamps
from the bottom:
[2007/10/30 14:16:53, 3]
smbd/posix_acls.c:convert_canon_ace_to_posix_perms(2579)
convert_canon_ace_to_posix_perms: Too many ACE entries for file
foo.txt to convert to posix perms.
This looks suspiciously like it's not actually trying to set the
security as an ACL. If it were, I'd expect that it wouldn't be trying
to squeeze everything into p...
2012 Jul 05
0
acl_tdb failed to convert file acl to posix permisions
..._tdb module as a mechanism to support Windows ACLs. We have verified that samba has ACL support enabled, and ACL support works find if we export the share from the local EXT4 filesystem.
When trying to add a user ACL from Windows, we get ACCESS_DENIED error, with the following log entries:
(set_canon_ace_list)
canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms rwx
[2012/07/03 17:19:29.724227, 10] smbd/posix_acls.c:2757(set_canon_ace_list)
canon_ace index 1. Type = allow SID = S-1-5-18 gid 10021 (10021) SMB_ACL_GROUP ace_flags = 0x0 perms rwx
[2012/07/03 17:1...
2010 Oct 29
0
Modify permission not available unless group permissions are set to write.
...16:51:22, 10] smbd/posix_acls.c:3369(posix_get_nt_acl)
posix_get_nt_acl: called for file withoutgroupperm
[2010/10/29 16:51:22, 10] smbd/posix_acls.c:2519(canonicalise_acl)
canonicalise_acl: Access ace entries before arrange :
[2010/10/29 16:51:22, 10] smbd/posix_acls.c:2532(canonicalise_acl)
canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER
ace_flags = 0x0 perms r-x
[2010/10/29 16:51:22, 10] smbd/posix_acls.c:2532(canonicalise_acl)
canon_ace index 1. Type = allow SID = S-1-22-2-495 gid 495 (apache)
SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms r-x
[2010/10/29 16:51:22, 10] smbd/posix...
2016 Nov 17
2
Clients can't write to group-writable files - plea for help
...e.
> >
> >That is not a helpful response to a request for debug info.
> >
> >Just sayin' :-) :-).
> >
>
> No, it's not. Apologies.
>
> http://www.cv.nrao.edu/~jmalone/sambalog.txt
Looking at that log I see:
posix_get_nt_acl: called for file .
canon_ace index 0. Type = allow SID = S-1-22-1-0 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx
canon_ace index 1. Type = allow SID = S-1-22-2-0 gid 0 (root) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms r-x
canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms r-x
S...
2011 Jan 27
1
ACLs under windows 7 - you do not have permissions to access
...ave this problem with windows 7, with windows XP it works great instead.
acls log:
=====
[2011/01/27 16:16:53.079114, 10] smbd/posix_acls.c:2605(canonicalise_acl)
canonicalise_acl: Default ace entries before arrange :
[2011/01/27 16:16:53.079128, 10] smbd/posix_acls.c:2618(canonicalise_acl)
canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms ---
[2011/01/27 16:16:53.079144, 10] smbd/posix_acls.c:2618(canonicalise_acl)
canon_ace index 1. Type = allow SID = S-1-2-0 gid 1004 (COMPANY) SMB_ACL_GROUP ace_flags = 0x0 perms rwx <= HER...
2016 Nov 14
2
Clients can't write to group-writable files - plea for help
...class=acls] ../source3/smbd/posix_a
> cls.c:2724(canonicalise_acl)
> canonicalise_acl: Access ace entries before arrange :
> [2016/11/14 11:32:30.009831, 10, pid=9336, effective(2310, 2049),
> real(2310, 0), class=acls] ../source3/smbd/posix_a
> cls.c:2737(canonicalise_acl)
> canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER
> ace_flags = 0x0 perms r--
> [2016/11/14 11:32:30.009858, 10, pid=9336, effective(2310, 2049),
> real(2310, 0), class=acls] ../source3/smbd/posix_a
> cls.c:2737(canonicalise_acl)
> canon_ace index 1. Type = allow SID = S-1-22...
2011 May 31
2
Samba serving sshfs shares: can't delete files
Hello!
I have samba share on my sshfs-mounted folder. All works just fine
except I can't delete files from sshfs unless they are in 0777 chmodded
directory. Even if that files were putted trough smbclient. I can read
files, write files (regardless their directory permissions) but not
delete them.
Here is my share config:
[myshare]
comment = shre over sshfs
path = /home/kli/work/remotes/dev
2016 Nov 16
3
Clients can't write to group-writable files - plea for help
...n - sorry for my lack of
> familiarity with the internals here. I've *never* had issues like
> these with Samba before.
The token is the list of uids/gids (or SIDs in Windows terms)
that this smbd is using to represent the user right now.
> However, I see this bit:
>
>
> canon_ace index 0. Type = allow SID = S-1-22-1-0 uid 0 (root)
> SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx
> canon_ace index 1. Type = allow SID = S-1-22-2-0 gid 0 (root)
> SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms r-x
> canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER
> ace...
2012 May 10
1
NT_STATUS_ACCESS_DENIED on previously created files
...711345, 10] smbd/posix_acls.c:3412(posix_get_nt_acl)
posix_get_nt_acl: called for file test
[2012/05/10 14:24:33.711404, 10] smbd/posix_acls.c:2537(canonicalise_acl)
canonicalise_acl: Access ace entries before arrange :
[2012/05/10 14:24:33.711447, 10] smbd/posix_acls.c:2550(canonicalise_acl)
canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER
ace_flags = 0x0 perms r-x
[2012/05/10 14:24:33.711496, 10] smbd/posix_acls.c:2550(canonicalise_acl)
canon_ace index 1. Type = allow SID = S-1-22-2-512 gid 512 (Domain
Admins) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms r-x
[2012/05/10 14:24:33.7...
2007 Dec 06
0
[POSIX ACLs] Only ACE rules from Samba Primary Group are applied.
...gs are OK. Also if I use the
"write list = @users" I'm able to create files when I'm connected to the
share.
In the samba logs I can see that the ACL -> UNIX convertion seems fine:
gid_to_sid: local 100 -> S-1-22-2-100
canonicalise_acl: Access ace entries before arrange :
canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER perms
---
canon_ace index 1. Type = allow SID = S-1-22-2-100 gid 100 (users)
SMB_ACL_GROUP perms rw-
canon_ace index 2. Type = allow SID = S-1-22-2-1001 gid 1001 (grupo2)
SMB_ACL_GROUP_OBJ perms r-x
canon_ace index 3. Type = allow SID =
S-1-5-...
2016 Nov 10
4
Clients can't write to group-writable files
Hello,
Really stumped on this issue. I have samba 4.4.7 running on a new
server. Users cannot write to files to which they have write permissions
via group.
Example:
Here's the local filesystem on the samba server. I'm logged in as jmalone
: jmalone at canis; cd /home/www.nrao.edu/content/logs/
: jmalone at canis; ls -l
total 4
-rw-rw-r-- 1 jmalone nraoweb 0 Nov 10 10:02
2016 Nov 14
0
Clients can't write to group-writable files - plea for help
...310, 2049),
real(2310, 0), class=acls] ../source3/smbd/posix_a
cls.c:2724(canonicalise_acl)
canonicalise_acl: Access ace entries before arrange :
[2016/11/14 11:32:30.009831, 10, pid=9336, effective(2310, 2049),
real(2310, 0), class=acls] ../source3/smbd/posix_a
cls.c:2737(canonicalise_acl)
canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER
ace_flags = 0x0 perms r--
[2016/11/14 11:32:30.009858, 10, pid=9336, effective(2310, 2049),
real(2310, 0), class=acls] ../source3/smbd/posix_a
cls.c:2737(canonicalise_acl)
canon_ace index 1. Type = allow SID = S-1-22-2-9006 gid 9006 (cvwe...
2015 Feb 02
0
NT_STATUS_ACCESS_DENIED (I can write and read, but not replace)
.../02/02 18:34:15, 5] smbd/posix_acls.c:get_nt_acl(2805)
get_nt_acl : file ACL absent, directory ACL absent
[2015/02/02 18:34:15, 10] smbd/posix_acls.c:canonicalise_acl(2244)
canonicalise_acl: Access ace entries before arrange :
[2015/02/02 18:34:15, 10] smbd/posix_acls.c:canonicalise_acl(2257)
canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER perms r-x
[2015/02/02 18:34:15, 10] smbd/posix_acls.c:canonicalise_acl(2257)
canon_ace index 1. Type = allow SID = S-1-5-32-545 gid 512 (quickbooksusers) SMB_ACL_GROUP_OBJ perms rwx
[2015/02/02 18:34:15, 10] smbd/posix_acls.c:canonicalise_ac...
2007 Apr 17
1
Log: lib/smbldap.c:smbldap_open(1009)
...sid_from_gid_cache(995)
fetch sid from gid cache 1012 ->
S-1-5-21-2852544288-689542784-3650984603-3025
[2007/04/02 17:31:10, 10] smbd/posix_acls.c:canonicalise_acl(2205)
canonicalise_acl: Access ace entries before arrange :
[2007/04/02 17:31:10, 10] smbd/posix_acls.c:canonicalise_acl(2218)
canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER perms
---
[2007/04/02 17:31:10, 10] smbd/posix_acls.c:canonicalise_acl(2218)
canon_ace index 1. Type = allow SID =
S-1-5-21-2852544288-689542784-3650984603-3025 gid 1012 (ensur)
SMB_ACL_GROUP perms rwx
[2007/04/02 17:31:10, 10] smbd/posix_ac...
2003 Mar 06
1
ACL bug FIXes for get_nt_acl()
Two attached patches for samba 2.2.7a and 3.0-alfa22,
that I've made today, fix 3 bugs mentioned in my previous e-mail.
1) For each file in addition to ALLOW ACE
proper DENY ACE is created.
2) "Take ownership" is shown DENIED for all except root ACEs
3) Read Permissions and read attributes are always shown as allowed,
as they are actually allowed.
--
Zhitomirsky
2016 Nov 15
0
Clients can't write to group-writable files - plea for help
...eck_access_rights)
I see that smbd #28398 is the offending process. I'm not sure what the
"token" is that I'm looking for. Again - sorry for my lack of
familiarity with the internals here. I've *never* had issues like these
with Samba before.
However, I see this bit:
canon_ace index 0. Type = allow SID = S-1-22-1-0 uid 0 (root)
SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx
canon_ace index 1. Type = allow SID = S-1-22-2-0 gid 0 (root)
SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms r-x
canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER
ace_flags = 0x0 perms r...
2016 Nov 16
0
Clients can't write to group-writable files - plea for help
On 11/15/16 7:25 PM, Jeremy Allison wrote:
>
> The token is the list of uids/gids (or SIDs in Windows terms)
> that this smbd is using to represent the user right now.
Okay - that makes sense. Thank you.
>>
>> canon_ace index 0. Type = allow SID = S-1-22-1-0 uid 0 (root)
>> SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx
>> canon_ace index 1. Type = allow SID = S-1-22-2-0 gid 0 (root)
>> SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms r-x
>> canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_AC...