Bug 14700 - file owner not available when file unredable
Summary: file owner not available when file unredable
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services (show other bugs)
Version: 4.16.2
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Ralph Böhme
QA Contact: Samba QA Contact
URL:
Keywords:
: 6505 (view as bug list)
Depends on:
Blocks: 14735
  Show dependency treegraph
 
Reported: 2021-05-08 01:14 UTC by Björn Jacke
Modified: 2022-08-23 10:42 UTC (History)
5 users (show)

See Also:

Attachments
Patch for 4.15 cherry-picked from master (3.33 KB, patch)
2021-08-08 12:20 UTC, Ralph Böhme 		jra: review+
metze: review+
Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Björn Jacke 2021-05-08 01:14:40 UTC 
the file/directory ownership is not available if a file/directory is not readable. The ownership should be readable in any case though.

I ran into this problem during some ACL testing: it *must* be possible to grant new permissions on a file/directory after you removed all permissions before - *if* you are the owner.
Comment 1 Ralph Böhme 2021-05-08 06:38:48 UTC 
Is this a 4.14 regression? Does it work in 4.13?
Comment 2 Björn Jacke 2021-05-08 17:56:51 UTC 
(In reply to Ralph Böhme from comment #1)
neither in 4.12/4.13. You can just check with a simple "touch file; chmod 000 file" and look at it in explorer.

(For the "revover from 0 ACEs" test there might be more issues but this is the first obvious one.)
Comment 3 Ralph Böhme 2021-05-08 19:50:08 UTC 
(In reply to Björn Jacke from comment #2)
Ok, thanks for confirming. This can now be fixed in 4.14 thanks for pathref fsps.

WIP MR: https://gitlab.com/samba-team/samba/-/merge_requests/1950
Patch: https://gitlab.com/samba-team/samba/-/merge_requests/1950/diffs?commit_id=3deaf6514aea343023ed8f1035ed12877f37349f
Comment 4 Samba QA Contact 2021-08-02 18:06:11 UTC 
This bug was referenced in samba master:

e71e373a07e467ff2d2328f39bd2bc285e2ba840
6d928eb1e8ea44f0d0aea4ec9b1b7c385a281193
Comment 5 Ralph Böhme 2021-08-08 12:20:51 UTC 
Created attachment 16721 [details]
Patch for 4.15 cherry-picked from master
Comment 6 Jule Anger 2021-08-09 11:27:17 UTC 
Pushed to autobuild-v4-15-test.
Comment 7 Samba QA Contact 2021-08-09 12:06:15 UTC 
This bug was referenced in samba v4-15-test:

4f3b6f6b311942e1cf42ed263188384d643f25e6
4467a0ba7f0764831827645ae4cca22360d7cb70
Comment 8 Jule Anger 2021-08-09 12:29:25 UTC 
Closing out bug report.

Thanks!
Comment 9 Samba QA Contact 2021-08-09 13:44:53 UTC 
This bug was referenced in samba v4-15-stable:

4f3b6f6b311942e1cf42ed263188384d643f25e6
4467a0ba7f0764831827645ae4cca22360d7cb70
Comment 10 Jeremy Allison 2021-08-10 16:04:12 UTC 
Comment on attachment 16721 [details]
Patch for 4.15 cherry-picked from master

Sorry for being late, took a vacation day yesterday.
Comment 11 Ralph Böhme 2021-09-09 07:24:17 UTC 
Fwiw, the fix relies on pathref fsps and a fully functional codebase that correctly uses pathref fsps everywhere in the VFS and in the VFS callers.

We can give these guarantees for 4.15 but not for 4.14 (older versions don't even have pathref fsps) which is why there's no patch for 4.14 included in this bugreport.
Comment 12 Björn Jacke 2022-06-18 22:46:49 UTC 
this is still broken for directories. Try:

mkdir "New folder"
chown "you_domain_user" "New folder"
chmod 000 "New folder"

Then the owner of the directory should be visible if you are logged in with your domain user account on a Windows Client. But the owner is not visible.

As the Windows Client does not see the owner of the direcory, you are also not able to modify the ACL via explorer, even though you should be able to modify the ACL because you are the owner.
Comment 13 Björn Jacke 2022-06-20 21:54:10 UTC 
*** Bug 6505 has been marked as a duplicate of this bug. ***
Comment 14 Björn Jacke 2022-08-23 10:42:00 UTC 
just checked with with 4.17 - there also the zero-permission directory case is fixed now!