Created attachment 15785 [details] A 'force create mode' test 'force create mode' doesn't work with Samba >= 4.11 anymore. It works correctly with 4.10.
The logs show: [2020/02/12 16:17:11.534146, 5, pid=30091, effective(1000, 100), real(1000, 0)] ../../source3/smbd/dosmode.c:207(unix_mode) unix_mode: unix_mode(foo.30080) returning 0664 But then we do fd_open with 0644 *instead* of 0664: [2020/02/12 16:17:11.535549, 10, pid=30091, effective(1000, 100), real(1000, 0)] ../../source3/smbd/open.c:827(fd_open) fd_open: name foo.30080, flags = 04302 mode = 0644, fd = 35. So we loose a bit somewhere in between. The test is run e.g. with: make -j20 test TESTS="samba3.blackbox.smbclient_s3.NT1.plain.*nt4_dc"
Andreas, in the test I can see you do: + local filename="foo.$$" + local filename_path="$PREFIX/$filename" + + local tmpfile=$PREFIX/smbclient_interactive_prompt_commands + + touch $filename_path + + cat > $tmpfile <<EOF +lcd $PREFIX +put $filename +quit So you do "touch $filename_path" before doing the smbclient "put" command. Doesn't that mean that foo.$$ already xists in the share directory *before* doing the put ? If so, then "force create mode" doesn't do anything. The file already exists. "force create mode" only works on new files. Am I missing something here ?
In open_file_ntcreate() we are entering: 3637 if ((flags2 & O_CREAT) && lp_inherit_acls(SNUM(conn)) && 3638 (def_acl = directory_has_default_acl(conn, parent_dir))) { 3639 unx_mode = (0777 & lp_create_mask(SNUM(conn))); 3640 } This sets unx_mode to the create_mask, which is 0644. So this means we have 'inherit acls' set to 'true' and have a default ACL on that directory. Hmm.
The file to put is created in ./st/foo.XXXX and is then copied to ./st/nt4_dc/share/ using smbclient. Those are different files.
I think my reproducer doesn't work correctly because of vfs objects = acl_xattr fake_acls xattr_tdb streams_depot time_audit full_audit let me disable that.
Ah, OK - got it. Missed that, thanks. If we're going into the directory_has_default_acl(conn, parent_dir) case then I *think* the default ACL will take precedence over the passed in create mode though.
Ok, I've added 'vfs objects = dirsort' to not have 'inherit acls = yes' set. However now it works in 4.10 and master. My QE runs into the issue with 4.11.2 but it works with 4.10.4. Will check 4.11.2 next.
Created attachment 15786 [details] A 'force create mode' test
I will get a level 10 log of the issue.
False alarm, but we have a test now! :-)