Bug 13486 - CIFS guest connection can't read back file it just created in mode 0600
Summary: CIFS guest connection can't read back file it just created in mode 0600
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services (show other bugs)
Version: 4.8.2
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-06-26 13:57 UTC by Andreas Hasenack
Modified: 2021-03-11 07:27 UTC (History)
4 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Hasenack 2018-06-26 13:57:14 UTC
Works with 4.8.0 and 4.7.6, does not work with 4.8.1 or 4.8.2.

Simple server share:
[tmp]
	guest ok = Yes
	path = /tmp
	read only = No

Client is cifs-utils 2:6.8-2.

When the server is 4.8.0 or 4.7.6, this works:
# mount //10.0.100.92/tmp -o guest,vers=1.0 /mnt
# echo hello > /mnt/hello.txt
# l /mnt/hello.txt 
-rw-r--r--+ 1 nobody nogroup 6 Jun 26 13:49 /mnt/hello.txt
# cat /mnt/hello.txt 
hello
# chmod 0600 /mnt/hello.txt 
# cat /mnt/hello.txt 
hello
# l /mnt/hello.txt 
-rw-------+ 1 nobody nogroup 6 Jun 26 13:49 /mnt/hello.txt


When the server is 4.8.1 or 4.8.2, this fails:

# mount //10.0.100.212/tmp -o guest,vers=1.0 /mnt
# echo hello > /mnt/hello
# l /mnt/hello
-rw-r--r--+ 1 nobody nogroup 6 Jun 26 13:47 /mnt/hello
# cat /mnt/hello
hello
# chmod 0600 /mnt/hello
# cat /mnt/hello
cat: /mnt/hello: Permission denied

cifs mountpoint options ended up being:
//10.0.100.212/tmp on /mnt type cifs (rw,relatime,vers=1.0,sec=none,cache=strict,domain=,uid=0,noforceuid,gid=0,noforcegid,addr=10.0.100.212,soft,unix,posixpaths,serverino,mapposix,acl,rsize=1048576,wsize=65536,echo_interval=60,actimeo=1)

They are the same in both cases.
Comment 1 Andreas Hasenack 2018-06-29 21:03:16 UTC
Also happens with 4.8.3
Comment 2 Mathieu Parent 2018-07-01 13:42:16 UTC
A regression from #13328?
Comment 3 Mathieu Parent 2018-07-01 19:02:58 UTC
Have you tried "sec=none" option instead of "guest"?

Why do you use "vers=1.0"?
Comment 4 Andreas Hasenack 2018-07-02 12:23:24 UTC
(In reply to Mathieu Parent from comment #2)
I briefly tried to revert that changeset, but got too many conflicts to sort out in the time I had then. I might try again.
Comment 5 Andreas Hasenack 2018-07-02 12:43:49 UTC
(In reply to Mathieu Parent from comment #3)
This is the comment from our regression testing about that:
        # Unix extensions don't work yet with SMB3, need to force SMB1
        if self.lsb_release['Release'] >= 17.10:
            mount_opts = "-oguest,vers=1.0"
        else:
            mount_opts = "-oguest"

That being said, the unix extensions aspect of the test isn't reached, because of the failure to create the file and subsequently read it back (or even write to it).

I also tested with vers=2.0 (which gave me 2.02 in smbstatus' output), 3.0 and 3.11, same behavior.
Comment 6 Mathieu Parent 2018-07-02 21:02:46 UTC
Does replacing "guest" by "sec=none" changes anything?
Comment 7 Andreas Hasenack 2018-07-02 21:35:54 UTC
Nope, sec=none instead of guest doesn't change the behaviour for vers=1.0:

root@cosmic-samba48:~# mount //localhost/pub -o sec=none,vers=1.0 /localhost

root@cosmic-samba48:~# echo hello > /localhost/hello.txt

root@cosmic-samba48:~# l /localhost/hello.txt 
-rw-r--r--+ 1 nobody nogroup 6 Jul  2 21:22 /localhost/hello.txt

root@cosmic-samba48:~# cat /localhost/hello.txt 
hello

root@cosmic-samba48:~# chmod 0600 /localhost/hello.txt 

root@cosmic-samba48:~# cat /localhost/hello.txt 
cat: /localhost/hello.txt: Permission denied

root@cosmic-samba48:~# smbstatus

Samba version 4.8.2-Ubuntu
PID     Username     Group        Machine                                   Protocol Version  Encryption           Signing              
----------------------------------------------------------------------------------------------------------------------------------------
1144    nobody       nogroup      127.0.0.1 (ipv4:127.0.0.1:58106)          NT1               -                    -                    

Service      pid     Machine       Connected at                     Encryption   Signing     
---------------------------------------------------------------------------------------------
pub          1144    127.0.0.1     Mon Jul  2 21:22:49 2018 UTC     -            -           
IPC$         1144    127.0.0.1     Mon Jul  2 21:22:49 2018 UTC     -            -           

No locked files

root@cosmic-samba48:~# mount -t cifs
//localhost/pub on /localhost type cifs (rw,relatime,vers=1.0,sec=none,cache=strict,domain=,uid=0,noforceuid,gid=0,noforcegid,addr=127.0.0.1,soft,unix,posixpaths,serverino,mapposix,acl,rsize=1048576,wsize=65536,echo_interval=60,actimeo=1)
root@cosmic-samba48:~# 


But for other protocol versions things change. For example, with vers=2.0:
- file is owned by root:root when viewed through the CIFS mountpoint:
root@cosmic-samba48:~# l /localhost/hello.txt 
-rwxr-xr-x 1 root root 6 Jul  2 21:24 /localhost/hello.txt

- ch

root@cosmic-samba48:~# mount //localhost/pub -o sec=none,vers=2.0 /localhost/

root@cosmic-samba48:~# echo hello > /localhost/hello.txt

# file is seen as owned by root when viewed via CIFS:
root@cosmic-samba48:~# l /localhost/hello.txt 
-rwxr-xr-x 1 root root 6 Jul  2 21:24 /localhost/hello.txt

# but still nobody:nogroup in the source filesystem:
root@cosmic-samba48:~# l /tmp/hello.txt 
-rwxr--r-- 1 nobody nogroup 6 Jul  2 21:24 /tmp/hello.txt

# chmod has no effect via cifs:
root@cosmic-samba48:~# chmod 0600 /localhost/hello.txt 

# and this works
root@cosmic-samba48:~# cat /localhost/hello.txt 
hello

root@cosmic-samba48:~# smbstatus

Samba version 4.8.2-Ubuntu
PID     Username     Group        Machine                                   Protocol Version  Encryption           Signing              
----------------------------------------------------------------------------------------------------------------------------------------
1234    nobody       nogroup      127.0.0.1 (ipv4:127.0.0.1:58110)          SMB2_02           -                    -                    

Service      pid     Machine       Connected at                     Encryption   Signing     
---------------------------------------------------------------------------------------------
IPC$         1234    127.0.0.1     Mon Jul  2 21:24:52 2018 UTC     -            -           
pub          1234    127.0.0.1     Mon Jul  2 21:24:52 2018 UTC     -            -           

No locked files

root@cosmic-samba48:~# mount -t cifs
//localhost/pub on /localhost type cifs (rw,relatime,vers=2.0,sec=none,cache=strict,domain=,uid=0,noforceuid,gid=0,noforcegid,addr=127.0.0.1,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,rsize=65536,wsize=65536,echo_interval=60,actimeo=1)


Same for sec=none,vers=3.0
Comment 8 Andreas Hasenack 2018-08-21 17:13:59 UTC
Turns out the same error happens with samba 4.7.7 and later in that series.
Comment 9 Mathieu Parent 2018-08-24 04:12:45 UTC
@Andreas: Can you reproduce on 4.8.4?

@Andrew: I've added yourself in CC, can you take a look please?
Comment 10 Andreas Hasenack 2018-08-28 18:38:38 UTC
root@samba-484:~# apt-cache policy samba cifs-utils
samba:
  Installed: 2:4.8.4+dfsg-2ubuntu1
  Candidate: 2:4.8.4+dfsg-2ubuntu1
  Version table:
 *** 2:4.8.4+dfsg-2ubuntu1 500
        500 http://br.archive.ubuntu.com/ubuntu cosmic/main amd64 Packages
        100 /var/lib/dpkg/status
cifs-utils:
  Installed: 2:6.8-2
  Candidate: 2:6.8-2
  Version table:
 *** 2:6.8-2 500
        500 http://br.archive.ubuntu.com/ubuntu cosmic/main amd64 Packages
        100 /var/lib/dpkg/status


root@samba-484:~# cat >> /etc/samba/smb.conf 
[tmp]
	guest ok = Yes
	path = /tmp
	read only = No


root@samba-484:~# systemctl restart smbd nmbd


Using default protocol version:
root@samba-484:~# mount //localhost/tmp -o guest /mnt

root@samba-484:~# mount -t cifs
//localhost/tmp on /mnt type cifs (rw,relatime,vers=default,sec=none,cache=strict,domain=,uid=0,noforceuid,gid=0,noforcegid,addr=127.0.0.1,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,rsize=1048576,wsize=1048576,echo_interval=60,actimeo=1)


root@samba-484:~# echo hello > /mnt/hello.txt

# note "root" ownership:
root@samba-484:~# ll /mnt/hello.txt
-rwxr-xr-x 1 root root 6 Aug 28 18:34 /mnt/hello.txt*

root@samba-484:~# cat /mnt/hello.txt 
hello

root@samba-484:~# chmod 0600 /mnt/hello.txt
root@samba-484:~# cat /mnt/hello.txt 
hello

But the chmod actually did nothing, because the permissions are still 0755:
root@samba-484:~# ll /mnt/hello.txt 
-rwxr-xr-x 1 root root 6 Aug 28 18:34 /mnt/hello.txt*


Trying again with vers=1.0:
root@samba-484:~# mount //localhost/tmp -o guest,vers=1.0 /mnt
root@samba-484:~# mount -t cifs
//localhost/tmp on /mnt type cifs (rw,relatime,vers=1.0,sec=none,cache=strict,domain=,uid=0,noforceuid,gid=0,noforcegid,addr=127.0.0.1,soft,unix,posixpaths,serverino,mapposix,acl,rsize=1048576,wsize=65536,echo_interval=60,actimeo=1)

# note "nobody" ownership:
root@samba-484:~# echo hello > /mnt/hello.txt
root@samba-484:~# ll /mnt/hello.txt 
-rw-r--r--+ 1 nobody nogroup 6 Aug 28 18:37 /mnt/hello.txt

root@samba-484:~# getfacl /mnt/hello.txt 
getfacl: Removing leading '/' from absolute path names
# file: mnt/hello.txt
# owner: nobody
# group: nogroup
user::rw-
group::r--
other::r--

root@samba-484:~# chmod 0600 /mnt/hello.txt 
root@samba-484:~# cat /mnt/hello.txt 
cat: /mnt/hello.txt: Permission denied
root@samba-484:~# ll /mnt/hello.txt 
-rw-------+ 1 nobody nogroup 6 Aug 28 18:37 /mnt/hello.txt
root@samba-484:~# 

So yeah, bug still happens with 4.8.4.