group permissions broken after upgrade 3.2.5 -> 3.4.8: deleting of files denied
in [Samba]
|
Prev: Thanks for the Tunes
Next: [Samba] Winbind not starting in AD member(samba joining domain) configuration.
From: Christian PERRIER on 14 Jun 2010 03:00 Quoting Marc Schiffbauer (marc(a)schiffbauer.net): > Now after the upgrade delete operations on files do not work anymore > until a user owns the parent directory or has world write access to > it (windows client (XP SP2) gets a permission denied error). > > This is strange because a user can still create files within a dir > that he does not own, so this can only be permitted by group permission, > but deleting the same file gives a permission denied. > > What might cause this? Is this a known bug in samba 3.4.8? How about looking in log files, preferrably after raising the log level to 3? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Marc Schiffbauer on 14 Jun 2010 05:20 * Christian PERRIER schrieb am 14.06.10 um 07:15 Uhr: > Quoting Marc Schiffbauer: > > > Now after the upgrade delete operations on files do not work anymore > > until a user owns the parent directory or has world write access to > > it (windows client (XP SP2) gets a permission denied error). > > > > This is strange because a user can still create files within a dir > > that he does not own, so this can only be permitted by group permission, > > but deleting the same file gives a permission denied. > > > > What might cause this? Is this a known bug in samba 3.4.8? > > > How about looking in log files, preferrably after raising the log > level to 3? > Hi Christian, sorry, I did not mention this: I already had a look at the log, which shows nothing special ate log level 2 and this on log level 3. Do you see anything special here? [2010/06/14 11:08:18, 3] smbd/process.c:1459(process_smb) Transaction 40241 of length 142 (0 toread) [2010/06/14 11:08:18, 3] smbd/process.c:1273(switch_message) switch message SMBntcreateX (pid 24750) conn 0xb8628478 [2010/06/14 11:08:18, 3] smbd/vfs.c:865(check_reduced_name) reduce_name [Temp/Neu Textdokument.txt] [/home/userdata] [2010/06/14 11:08:18, 3] smbd/vfs.c:974(check_reduced_name) reduce_name: Temp/Neu Textdokument.txt reduced to /home/userdata/Temp/Neu Textdokument.txt [2010/06/14 11:08:18, 3] smbd/error.c:60(error_packet_set) error packet at smbd/nttrans.c(563) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED [2010/06/14 11:08:18, 3] smbd/process.c:1459(process_smb) Transaction 40242 of length 142 (0 toread) [2010/06/14 11:08:18, 3] smbd/process.c:1273(switch_message) switch message SMBntcreateX (pid 24750) conn 0xb8628478 [2010/06/14 11:08:18, 3] smbd/vfs.c:865(check_reduced_name) reduce_name [Temp/Neu Textdokument.txt] [/home/userdata] [2010/06/14 11:08:18, 3] smbd/vfs.c:974(check_reduced_name) reduce_name: Temp/Neu Textdokument.txt reduced to /home/userdata/Temp/Neu Textdokument.txt [2010/06/14 11:08:18, 3] smbd/error.c:60(error_packet_set) error packet at smbd/nttrans.c(563) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED [2010/06/14 11:08:18, 3] smbd/process.c:1459(process_smb) Transaction 40243 of length 132 (0 toread) [2010/06/14 11:08:18, 3] smbd/process.c:1273(switch_message) switch message SMBtrans2 (pid 24750) conn 0xb8628478 [2010/06/14 11:08:18, 3] smbd/trans2.c:3956(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2010/06/14 11:08:18, 3] smbd/vfs.c:865(check_reduced_name) reduce_name [Temp/Neu Textdokument.txt] [/home/userdata] [2010/06/14 11:08:18, 3] smbd/vfs.c:974(check_reduced_name) reduce_name: Temp/Neu Textdokument.txt reduced to /home/userdata/Temp/Neu Textdokument.txt [2010/06/14 11:08:18, 3] smbd/trans2.c:4070(call_trans2qfilepathinfo) call_trans2qfilepathinfo Temp/Neu Textdokument.txt (fnum = -1) level=1004 call=5 total_data=0 [2010/06/14 11:08:18, 3] smbd/process.c:1459(process_smb) Transaction 40244 of length 132 (0 toread) [2010/06/14 11:08:18, 3] smbd/process.c:1273(switch_message) switch message SMBtrans2 (pid 24750) conn 0xb8628478 [2010/06/14 11:08:18, 3] smbd/trans2.c:3956(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2010/06/14 11:08:18, 3] smbd/vfs.c:865(check_reduced_name) reduce_name [Temp/Neu Textdokument.txt] [/home/userdata] [2010/06/14 11:08:18, 3] smbd/vfs.c:974(check_reduced_name) reduce_name: Temp/Neu Textdokument.txt reduced to /home/userdata/Temp/Neu Textdokument.txt [2010/06/14 11:08:18, 3] smbd/trans2.c:4070(call_trans2qfilepathinfo) call_trans2qfilepathinfo Temp/Neu Textdokument.txt (fnum = -1) level=1004 call=5 total_data=0 [2010/06/14 11:08:18, 3] smbd/process.c:1459(process_smb) Transaction 40245 of length 80 (0 toread) [2010/06/14 11:08:18, 3] smbd/process.c:1273(switch_message) switch message SMBtrans2 (pid 24750) conn 0xb8628478 [2010/06/14 11:08:18, 3] smbd/trans2.c:3956(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2010/06/14 11:08:18, 3] smbd/vfs.c:865(check_reduced_name) reduce_name [.] [/home/userdata] [2010/06/14 11:08:18, 3] smbd/vfs.c:974(check_reduced_name) reduce_name: . reduced to /home/userdata [2010/06/14 11:08:18, 3] smbd/trans2.c:4070(call_trans2qfilepathinfo) call_trans2qfilepathinfo . (fnum = -1) level=1004 call=5 total_data=0 [2010/06/14 11:08:18, 3] smbd/process.c:1459(process_smb) Transaction 40246 of length 74 (0 toread) [2010/06/14 11:08:18, 3] smbd/process.c:1273(switch_message) switch message SMBtrans2 (pid 24750) conn 0xb8628478 [2010/06/14 11:08:18, 3] smbd/trans2.c:2600(call_trans2qfsinfo) call_trans2qfsinfo: level = 258 [2010/06/14 11:08:18, 3] smbd/process.c:1459(process_smb) Transaction 40247 of length 74 (0 toread) [2010/06/14 11:08:18, 3] smbd/process.c:1273(switch_message) switch message SMBtrans2 (pid 24750) conn 0xb8628478 [2010/06/14 11:08:18, 3] smbd/trans2.c:2600(call_trans2qfsinfo) call_trans2qfsinfo: level = 261 [2010/06/14 11:08:18, 3] smbd/process.c:1459(process_smb) Transaction 40248 of length 74 (0 toread) [2010/06/14 11:08:18, 3] smbd/process.c:1273(switch_message) switch message SMBtrans2 (pid 24750) conn 0xb8628478 [2010/06/14 11:08:18, 3] smbd/trans2.c:2600(call_trans2qfsinfo) call_trans2qfsinfo: level = 261 [2010/06/14 11:08:19, 3] smbd/process.c:1459(process_smb) Transaction 40249 of length 80 (0 toread) [2010/06/14 11:08:19, 3] smbd/process.c:1273(switch_message) switch message SMBtrans2 (pid 24750) conn 0xb85cc6e8 [2010/06/14 11:08:19, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (1010, 1006) - sec_ctx_stack_ndx = 0 [2010/06/14 11:08:19, 3] smbd/trans2.c:3956(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2010/06/14 11:08:19, 3] smbd/vfs.c:865(check_reduced_name) reduce_name [.] [/home/user2] [2010/06/14 11:08:19, 3] smbd/vfs.c:974(check_reduced_name) reduce_name: . reduced to /home/user2 [2010/06/14 11:08:19, 3] smbd/trans2.c:4070(call_trans2qfilepathinfo) call_trans2qfilepathinfo . (fnum = -1) level=1004 call=5 total_data=0 [2010/06/14 11:08:19, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/06/14 11:08:36, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 -- 8AAC 5F46 83B4 DB70 8317 3723 296C 6CCA 35A6 4134 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Marc Schiffbauer on 14 Jun 2010 06:00
This is part of the log with log level = 10: Here you can see that the "open for delete" is being denied, but why? (If I do "chmod o+w ." in the dir, deletion of files is permitted...) Group "domusr" (1006) has rwx permission on the directory which is the primary group of the users and which is mapped to the "Domain Users" group as well. user1 (1001) is the owner of the parent dir (".") user2 (1010) is the owner of the file "Neu Textdokument.txt" domusr (1006) is the group of both, "." and the file user2 wants to delete the file perms of "." is 0770 perms of the file is 0660 --------------------------------------------------------------------------------------- [2010/06/14 11:43:21, 4] smbd/uid.c:256(change_to_user) change_to_user: Skipping user change - already user [2010/06/14 11:43:21, 10] smbd/nttrans.c:484(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x10, access_mask = 0x10080 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x200040 root_dir_fid = 0x0, fname = Temp/Neu Textdokument.txt [2010/06/14 11:43:21, 10] smbd/open.c:3365(create_file_default) create_file: access_mask = 0x10080 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x200040 oplock_request = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), create_file_flags = 0x1, fname = Temp/Neu Textdokument.txt [2010/06/14 11:43:21, 5] smbd/filename.c:148(unix_convert) unix_convert called on file "Temp/Neu Textdokument.txt" [2010/06/14 11:43:21, 10] smbd/statcache.c:274(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [TEMP/NEU TEXTDOKUMENT.TXT] -> [Temp/Neu Textdokument.txt] [2010/06/14 11:43:21, 3] smbd/vfs.c:865(check_reduced_name) reduce_name [Temp/Neu Textdokument.txt] [/home/userdata] [2010/06/14 11:43:21, 10] smbd/vfs.c:937(check_reduced_name) reduce_name realpath [Temp/Neu Textdokument.txt] -> [/home/userdata/Temp/Neu Textdokument.txt] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ This is the file I want to delete. [2010/06/14 11:43:21, 3] smbd/vfs.c:974(check_reduced_name) reduce_name: Temp/Neu Textdokument.txt reduced to /home/userdata/Temp/Neu Textdokument.txt [2010/06/14 11:43:21, 10] smbd/open.c:2896(create_file_unixpath) create_file_unixpath: access_mask = 0x10080 file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x200040 oplock_request = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = Temp/Neu Textdokument.txt [2010/06/14 11:43:21, 10] smbd/posix_acls.c:3372(posix_get_nt_acl) posix_get_nt_acl: called for file Temp [2010/06/14 11:43:21, 10] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = IDMAP/UID2SID/1001, value = S-1-5-21-623575250-3528882096-2388268162-3002, timeout = Sat Jun 19 02:37:36 2010 [2010/06/14 11:43:21, 10] passdb/lookup_sid.c:1333(uid_to_sid) uid 1001 -> sid S-1-5-21-623575250-3528882096-2388268162-3002 [2010/06/14 11:43:21, 10] smbd/posix_acls.c:2522(canonicalise_acl) canonicalise_acl: Access ace entries before arrange : [2010/06/14 11:43:21, 10] smbd/posix_acls.c:2535(canonicalise_acl) canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- [2010/06/14 11:43:21, 10] smbd/posix_acls.c:2535(canonicalise_acl) canon_ace index 1. Type = allow SID = S-1-5-32-545 gid 1006 (domusr) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx [2010/06/14 11:43:21, 10] smbd/posix_acls.c:2535(canonicalise_acl) canon_ace index 2. Type = allow SID = S-1-5-32-544 uid 1001 (user1) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx [2010/06/14 11:43:21, 10] smbd/posix_acls.c:838(print_canon_ace_list) print_canon_ace_list: canonicalise_acl: ace entries after arrange canon_ace index 0. Type = allow SID = S-1-5-32-544 uid 1001 (user1) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx canon_ace index 1. Type = allow SID = S-1-5-32-545 gid 1006 (domusr) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rwx canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- [2010/06/14 11:43:21, 10] smbd/posix_acls.c:1116(map_canon_ace_perms) map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff [2010/06/14 11:43:21, 10] smbd/posix_acls.c:1116(map_canon_ace_perms) map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff [2010/06/14 11:43:21, 10] smbd/posix_acls.c:1116(map_canon_ace_perms) map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 [2010/06/14 11:43:21, 10] smbd/posix_acls.c:3045(add_or_replace_ace) Replacing ACE 1 with SID S-1-5-32-545 and flags 00 [2010/06/14 11:43:21, 10] smbd/posix_acls.c:3007(merge_default_aces) merge_default_aces: Merging ACE 3 onto ACE 1. [2010/06/14 11:43:21, 10] smbd/posix_acls.c:3372(posix_get_nt_acl) posix_get_nt_acl: called for file Temp/Neu Textdokument.txt [2010/06/14 11:43:21, 10] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = IDMAP/UID2SID/1010, value = S-1-5-21-623575250-3528882096-2388268162-3020, timeout = Sat Jun 19 02:39:58 2010 [2010/06/14 11:43:21, 10] passdb/lookup_sid.c:1333(uid_to_sid) uid 1010 -> sid S-1-5-21-623575250-3528882096-2388268162-3020 [2010/06/14 11:43:21, 10] smbd/posix_acls.c:2522(canonicalise_acl) canonicalise_acl: Access ace entries before arrange : [2010/06/14 11:43:21, 10] smbd/posix_acls.c:2535(canonicalise_acl) canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- [2010/06/14 11:43:21, 10] smbd/posix_acls.c:2535(canonicalise_acl) canon_ace index 1. Type = allow SID = S-1-5-32-545 gid 1006 (domusr) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rw- [2010/06/14 11:43:21, 10] smbd/posix_acls.c:2535(canonicalise_acl) canon_ace index 2. Type = allow SID = S-1-5-32-544 uid 1010 (user2) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rw- [2010/06/14 11:43:21, 10] smbd/posix_acls.c:838(print_canon_ace_list) print_canon_ace_list: canonicalise_acl: ace entries after arrange canon_ace index 0. Type = allow SID = S-1-5-32-544 uid 1010 (user2) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rw- canon_ace index 1. Type = allow SID = S-1-5-32-545 gid 1006 (domusr) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms rw- canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- [2010/06/14 11:43:21, 10] smbd/posix_acls.c:1116(map_canon_ace_perms) map_canon_ace_perms: Mapped (UNIX) 180 to (NT) 12019f [2010/06/14 11:43:21, 10] smbd/posix_acls.c:1116(map_canon_ace_perms) map_canon_ace_perms: Mapped (UNIX) 180 to (NT) 12019f [2010/06/14 11:43:21, 10] smbd/posix_acls.c:1116(map_canon_ace_perms) map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 [2010/06/14 11:43:21, 10] smbd/posix_acls.c:3045(add_or_replace_ace) Replacing ACE 1 with SID S-1-5-32-545 and flags 00 [2010/06/14 11:43:21, 10] smbd/posix_acls.c:3007(merge_default_aces) merge_default_aces: Merging ACE 3 onto ACE 1. [2010/06/14 11:43:21, 10] smbd/open.c:2952(create_file_unixpath) create_file_unixpath: open file Temp/Neu Textdokument.txt for delete ACCESS_DENIED ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Why is this being denied? [2010/06/14 11:43:21, 10] smbd/open.c:3218(create_file_unixpath) create_file_unixpath: NT_STATUS_ACCESS_DENIED [2010/06/14 11:43:21, 10] smbd/open.c:3497(create_file_default) create_file: NT_STATUS_ACCESS_DENIED [2010/06/14 11:43:21, 3] smbd/error.c:60(error_packet_set) error packet at smbd/nttrans.c(563) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED --------------------------------------------------------------------------------------- -- 8AAC 5F46 83B4 DB70 8317 3723 296C 6CCA 35A6 4134 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba |