Bug 12872 - NT_STATUS_ACCESS_DENIED if directory not give access to all
Summary: NT_STATUS_ACCESS_DENIED if directory not give access to all
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services (show other bugs)
Version: 4.3.11
Hardware: x64 Linux
: P5 major (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-07-03 12:03 UTC by alberto fiaschi
Modified: 2019-01-08 19:07 UTC (History)
3 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description alberto fiaschi 2017-07-03 12:03:17 UTC
directory with  wxr to owner and group   not give access to user 
workaround : chmod a+rwx to directory 

samba ver 4.3.11 on ubuntu with zfs filesystem
passdb backend = ldapsam

service config =

[ImgBnk_SOD_Endo_Toracica]
comment = ImagesBank SOD Endoscopia toracica
path = /samba/shares/DCTV/groups/ImgBnk_SOD_Endo_Toracica
shadow:format = %Y-%m-%d_%H.%M.%S--5d
shadow:sort = desc
shadow:snapdir = /samba/shares/DCTV/.zfs/snapshot
shadow:basedir = /samba/shares/DCTV
shadow:localtime = yes
valid users = dctv_ImgBnk_SOD_Endo_Toracica_ro,@dctv_ImgBnk_SOD_Endo_Toracica_rw
write list  = @dctv_ImgBnk_SOD_Endo_Toracica_rw
force user = nobody
force group = dctv_quota



LOG =

[2017/07/03 13:16:39.456241,  2, effective(0, 0), real(0, 0)] ../source3/auth/auth.c:305(auth_check_ntlm_password)
  check_ntlm_password:  authentication for user [d.guerra] -> [d.guerra] -> [d.guerra] succeeded
[2017/07/03 13:16:39.487231,  2, effective(0, 0), real(0, 0)] ../source3/passdb/pdb_ldap.c:2310(init_group_from_ldap)
  init_group_from_ldap: Entry found for group: 5867
[2017/07/03 13:16:39.492479,  2, effective(0, 0), real(0, 0)] ../source3/passdb/pdb_ldap.c:2310(init_group_from_ldap)
  init_group_from_ldap: Entry found for group: 5866
[2017/07/03 13:16:39.496033,  2, effective(0, 0), real(0, 0)] ../source3/passdb/pdb_ldap.c:524(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: nobody
[2017/07/03 13:16:39.514465,  2, effective(0, 0), real(0, 0)] ../source3/passdb/pdb_ldap.c:524(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: nobody
[2017/07/03 13:16:39.517461,  1, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:2389(lp_idmap_range)
  idmap range not specified for domain '*'
[2017/07/03 13:16:39.542069,  2, effective(0, 0), real(0, 0)] ../source3/passdb/pdb_ldap.c:2310(init_group_from_ldap)
  init_group_from_ldap: Entry found for group: 1433
[2017/07/03 13:16:39.546876,  2, effective(0, 0), real(0, 0)] ../source3/passdb/pdb_ldap.c:2310(init_group_from_ldap)
  init_group_from_ldap: Entry found for group: 5867
[2017/07/03 13:16:39.551212,  2, effective(0, 0), real(0, 0)] ../source3/passdb/pdb_ldap.c:2310(init_group_from_ldap)
  init_group_from_ldap: Entry found for group: 5866
[2017/07/03 13:16:39.555669,  2, effective(0, 0), real(0, 0)] ../source3/passdb/pdb_ldap.c:2310(init_group_from_ldap)
  init_group_from_ldap: Entry found for group: 5866
[2017/07/03 13:16:39.564262,  2, effective(0, 0), real(0, 0)] ../source3/passdb/pdb_ldap.c:2310(init_group_from_ldap)
  init_group_from_ldap: Entry found for group: 5867
[2017/07/03 13:16:39.568720,  2, effective(0, 0), real(0, 0)] ../source3/passdb/pdb_ldap.c:2310(init_group_from_ldap)
  init_group_from_ldap: Entry found for group: 5866
[2017/07/03 13:16:39.573615,  2, effective(0, 0), real(0, 0)] ../source3/passdb/pdb_ldap.c:2310(init_group_from_ldap)
  init_group_from_ldap: Entry found for group: 5866
[2017/07/03 13:16:39.580597,  1, effective(0, 0), real(0, 0)] ../source3/smbd/service.c:462(make_connection_snum)
  create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
Comment 1 alberto fiaschi 2017-07-03 13:03:06 UTC
There are some errors like this in syslog

PANIC

Jul  3 11:56:13 zfs-cis smbd[13664]: [2017/07/03 11:56:13.674541,  0, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:317(change_to_user_internal)
Jul  3 11:56:13 zfs-cis smbd[13664]:   PANIC: assert failed at ../source3/smbd/uid.c(317): conn->force_group_gid != (gid_t)-1
Jul  3 11:56:13 zfs-cis smbd[13664]: [2017/07/03 11:56:13.674587,  0, effective(0, 0), real(0, 0)] ../source3/lib/util.c:789(smb_panic_s3)
Jul  3 11:56:13 zfs-cis smbd[13664]:   PANIC (pid 13664): assert failed: conn->force_group_gid != (gid_t)-1
Jul  3 11:56:13 zfs-cis smbd[13664]: [2017/07/03 11:56:13.675506,  0, effective(0, 0), real(0, 0)] ../source3/lib/util.c:900(log_stack_trace)
Jul  3 11:56:13 zfs-cis smbd[13664]:   BACKTRACE: 24 stack frames:
Jul  3 11:56:13 zfs-cis smbd[13664]:    #0 /usr/lib/x86_64-linux-gnu/samba/libsmbregistry.so.0(log_stack_trace+0x1a) [0x7fa0145387aa]
Jul  3 11:56:13 zfs-cis smbd[13664]:    #1 /usr/lib/x86_64-linux-gnu/samba/libsmbregistry.so.0(smb_panic_s3+0x20) [0x7fa014538880]
Jul  3 11:56:13 zfs-cis smbd[13664]:    #2 /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(smb_panic+0x2f) [0x7fa0152abf1f]
Jul  3 11:56:13 zfs-cis smbd[13664]:    #3 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0xec9b9) [0x7fa014e539b9]
Jul  3 11:56:13 zfs-cis smbd[13664]:    #4 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0x118801) [0x7fa014e7f801]
Jul  3 11:56:13 zfs-cis smbd[13664]:    #5 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0x119231) [0x7fa014e80231]
Jul  3 11:56:13 zfs-cis smbd[13664]:    #6 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(make_connection+0x220) [0x7fa014e80730]
Jul  3 11:56:13 zfs-cis smbd[13664]:    #7 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(reply_tcon_and_X+0x212) [0x7fa014e2e452]
Jul  3 11:56:13 zfs-cis smbd[13664]:    #8 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0x112c97) [0x7fa014e79c97]
Jul  3 11:56:13 zfs-cis smbd[13664]:    #9 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0x1149e3) [0x7fa014e7b9e3]
Jul  3 11:56:13 zfs-cis smbd[13664]:    #10 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0x11604c) [0x7fa014e7d04c]
Jul  3 11:56:13 zfs-cis smbd[13664]:    #11 /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(run_events_poll+0x167) [0x7fa0131cb917]
Jul  3 11:56:13 zfs-cis smbd[13664]:    #12 /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(+0x2cb77) [0x7fa0131cbb77]
Jul  3 11:56:13 zfs-cis smbd[13664]:    #13 /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0x8d) [0x7fa011e15d3d]
Jul  3 11:56:13 zfs-cis smbd[13664]:    #14 /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_loop_wait+0x1b) [0x7fa011e15edb]
Jul  3 11:56:13 zfs-cis smbd[13664]:    #15 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(smbd_process+0x718) [0x7fa014e7e3a8]
Jul  3 11:56:13 zfs-cis smbd[13664]:    #16 /usr/sbin/smbd(+0x8e12) [0x55d31baffe12]
Jul  3 11:56:13 zfs-cis smbd[13664]:    #17 /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(run_events_poll+0x167) [0x7fa0131cb917]
Jul  3 11:56:13 zfs-cis smbd[13664]:    #18 /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(+0x2cb77) [0x7fa0131cbb77]
Jul  3 11:56:13 zfs-cis smbd[13664]:    #19 /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0x8d) [0x7fa011e15d3d]
Jul  3 11:56:13 zfs-cis smbd[13664]:    #20 /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_loop_wait+0x1b) [0x7fa011e15edb]
Jul  3 11:56:13 zfs-cis smbd[13664]:    #21 /usr/sbin/smbd(main+0x1899) [0x55d31bafe099]
Jul  3 11:56:13 zfs-cis smbd[13664]:    #22 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0) [0x7fa011a69830]
Jul  3 11:56:13 zfs-cis smbd[13664]:    #23 /usr/sbin/smbd(_start+0x29) [0x55d31bafe199]
Jul  3 11:56:13 zfs-cis smbd[13664]: [2017/07/03 11:56:13.675750,  0, effective(0, 0), real(0, 0)] ../source3/lib/dumpcore.c:303(dump_core)
Jul  3 11:56:13 zfs-cis smbd[13664]:   dumping core in /var/log/samba/cores/smbd
Comment 2 SATOH Fumiyasu 2018-12-11 17:37:28 UTC
I have the same issue with Samba 4.8.5 + vfs_fruit on Linux (CentOS 7).
"force group" (and "force user"?) parameter is broken?

[2018/10/30 09:44:24,  1, pid=3162, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:554(receive_smb_talloc)
  receive_smb_raw_talloc failed for client ipv4:192.168.1.68:49275 read error = NT_STATUS_HOST_UNREACHABLE.
[2018/10/31 09:31:13,  1, pid=1937, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:554(receive_smb_talloc)
  receive_smb_raw_talloc failed for client ipv4:192.168.1.57:49326 read error = NT_STATUS_CONNECTION_RESET.
[2018/10/31 19:20:31,  0, pid=22474, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:319(change_to_user_internal)
  PANIC: assert failed at ../source3/smbd/uid.c(319): conn->force_group_gid != (gid_t)-1
[2018/10/31 19:20:31,  0, pid=22474, effective(0, 0), real(0, 0)] ../source3/lib/util.c:815(smb_panic_s3)
  PANIC (pid 22474): assert failed: conn->force_group_gid != (gid_t)-1
[2018/10/31 19:20:31,  0, pid=22474, effective(0, 0), real(0, 0)] ../lib/util/fault.c:261(log_stack_trace)
  BACKTRACE: 22 stack frames:
...