From: Seb James on
On Fri, 2010-07-16 at 17:02 +0100, Seb James wrote:
> Hi List,
>
> I have an appliance ("the client") which mounts a CIFS share from a
> Samba server - the Samba server usually runs on an Ubuntu system.
>
> Within the client, the root user executes a mount command like this:
>
> mount.cifs \\UBUNTUSERVER\archive /tmp/Default \
> -o noserverino,user='someuser',pass='somepassword',uid='50',gid='7'
>
> That uid/gid pair belongs to the "lp" user on the client.
>
> Once the share is mounted, a process belonging to another user (lp in
> this case) writes data into the share.
>
> When I use Ubuntu 8.04 for the samba server, which ships with Samba
> 3.0.28, this works.
>
> On Ubuntu 10.04 which contains Samba 3.4.7, I am unable to write to the
> share as the "lp" user (though root - the original share-mounter - is
> able to).
>
> I'm struggling to find what might have changed (a security improvement?,
> an alteration of a default option?), and whether I can work around this
> change?

As a follow up to my first message, here is the samba log (level 3)
output from the Ubuntu 10.04 server when the "lp" owned process tries to
write data to the share:

[2010/07/16 17:07:45, 3] smbd/process.c:1273(switch_message)
switch message SMBtrans2 (pid 4037) conn 0x7ffed1cb3730
[2010/07/16 17:07:45, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (1000, 1000) - sec_ctx_stack_ndx = 0
[2010/07/16 17:07:45, 3] smbd/trans2.c:3956(call_trans2qfilepathinfo)
call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 263
[2010/07/16 17:07:45, 3] smbd/vfs.c:865(check_reduced_name)
reduce_name [statusprintout_Jul1610_170745.prn] [/var/spool/ShareArchive]
[2010/07/16 17:07:45, 3] smbd/vfs.c:974(check_reduced_name)
reduce_name: statusprintout_Jul1610_170745.prn reduced to /var/spool/ShareArchive/statusprintout_Jul1610_170745.prn
[2010/07/16 17:07:45, 3] smbd/trans2.c:4050(call_trans2qfilepathinfo)
call_trans2qfilepathinfo: SMB_VFS_STAT of statusprintout_Jul1610_170745.prn failed (No such file or directory)
[2010/07/16 17:07:45, 3] smbd/error.c:153(reply_unix_error)
unix_error_packet: error string = No such file or directory
[2010/07/16 17:07:45, 3] smbd/error.c:60(error_packet_set)
error packet at smbd/trans2.c(4051) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND
[2010/07/16 17:07:45, 3] smbd/process.c:1459(process_smb)
Transaction 328 of length 78 (0 toread)
[2010/07/16 17:07:45, 3] smbd/process.c:1273(switch_message)
switch message SMBtrans2 (pid 4037) conn 0x7ffed1cb25f0
[2010/07/16 17:07:45, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (1000, 1000) - sec_ctx_stack_ndx = 0
[2010/07/16 17:07:45, 3] smbd/trans2.c:3956(call_trans2qfilepathinfo)
call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 263
[2010/07/16 17:07:45, 3] smbd/vfs.c:865(check_reduced_name)
reduce_name [.] [/var/spool/ShareInput2]
[2010/07/16 17:07:45, 3] smbd/vfs.c:974(check_reduced_name)
reduce_name: . reduced to /var/spool/ShareInput2
[2010/07/16 17:07:45, 3] smbd/trans2.c:4070(call_trans2qfilepathinfo)
call_trans2qfilepathinfo . (fnum = -1) level=263 call=5 total_data=0
[2010/07/16 17:07:45, 3] smbd/process.c:1459(process_smb)

regards,

Seb James


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
From: Seb James on
On Fri, 2010-07-16 at 20:21 +0100, Seb James wrote:
> On Fri, 2010-07-16 at 17:02 +0100, Seb James wrote:
> > Hi List,
> >
> > I have an appliance ("the client") which mounts a CIFS share from a
> > Samba server - the Samba server usually runs on an Ubuntu system.
> >
> > Within the client, the root user executes a mount command like this:
> >
> > mount.cifs \\UBUNTUSERVER\archive /tmp/Default \
> > -o noserverino,user='someuser',pass='somepassword',uid='50',gid='7'
> >
> > That uid/gid pair belongs to the "lp" user on the client.
> >
> > Once the share is mounted, a process belonging to another user (lp in
> > this case) writes data into the share.
> >
> > When I use Ubuntu 8.04 for the samba server, which ships with Samba
> > 3.0.28, this works.
> >
> > On Ubuntu 10.04 which contains Samba 3.4.7, I am unable to write to the
> > share as the "lp" user (though root - the original share-mounter - is
> > able to).
> >
> > I'm struggling to find what might have changed (a security improvement?,
> > an alteration of a default option?), and whether I can work around this
> > change?
>
> As a follow up to my first message, here is the samba log (level 3)
> output from the Ubuntu 10.04 server when the "lp" owned process tries to
> write data to the share:
>
> [2010/07/16 17:07:45, 3] smbd/process.c:1273(switch_message)
> switch message SMBtrans2 (pid 4037) conn 0x7ffed1cb3730
> [2010/07/16 17:07:45, 3] smbd/sec_ctx.c:310(set_sec_ctx)
> setting sec ctx (1000, 1000) - sec_ctx_stack_ndx = 0
> [2010/07/16 17:07:45, 3] smbd/trans2.c:3956(call_trans2qfilepathinfo)
> call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 263
> [2010/07/16 17:07:45, 3] smbd/vfs.c:865(check_reduced_name)
> reduce_name [statusprintout_Jul1610_170745.prn] [/var/spool/ShareArchive]
> [2010/07/16 17:07:45, 3] smbd/vfs.c:974(check_reduced_name)
> reduce_name: statusprintout_Jul1610_170745.prn reduced to /var/spool/ShareArchive/statusprintout_Jul1610_170745.prn
> [2010/07/16 17:07:45, 3] smbd/trans2.c:4050(call_trans2qfilepathinfo)
> call_trans2qfilepathinfo: SMB_VFS_STAT of statusprintout_Jul1610_170745.prn failed (No such file or directory)
> [2010/07/16 17:07:45, 3] smbd/error.c:153(reply_unix_error)
> unix_error_packet: error string = No such file or directory
> [2010/07/16 17:07:45, 3] smbd/error.c:60(error_packet_set)
> error packet at smbd/trans2.c(4051) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND
> [2010/07/16 17:07:45, 3] smbd/process.c:1459(process_smb)
> Transaction 328 of length 78 (0 toread)
> [2010/07/16 17:07:45, 3] smbd/process.c:1273(switch_message)
> switch message SMBtrans2 (pid 4037) conn 0x7ffed1cb25f0
> [2010/07/16 17:07:45, 3] smbd/sec_ctx.c:310(set_sec_ctx)
> setting sec ctx (1000, 1000) - sec_ctx_stack_ndx = 0
> [2010/07/16 17:07:45, 3] smbd/trans2.c:3956(call_trans2qfilepathinfo)
> call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 263
> [2010/07/16 17:07:45, 3] smbd/vfs.c:865(check_reduced_name)
> reduce_name [.] [/var/spool/ShareInput2]
> [2010/07/16 17:07:45, 3] smbd/vfs.c:974(check_reduced_name)
> reduce_name: . reduced to /var/spool/ShareInput2
> [2010/07/16 17:07:45, 3] smbd/trans2.c:4070(call_trans2qfilepathinfo)
> call_trans2qfilepathinfo . (fnum = -1) level=263 call=5 total_data=0
> [2010/07/16 17:07:45, 3] smbd/process.c:1459(process_smb)

A further update. I just created a new Ubuntu8.04 virtual machine
install, set it up, and found that in fact, it too fails to allow the
"lp" user to write to the share which was created by the root user. I am
therefore now considering how my original Ubuntu 8.04 install/samba
setup is different from a default install.

Sorry if I wasted anyone's time.

Seb James


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba