Bug 15290 - Linux Based NATCL Commands setfattr -n security.NTACL -v <data> net vfs getntacl home user Fail
Summary: Linux Based NATCL Commands setfattr -n security.NTACL -v <data> net vfs getnt...
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: VFS Modules (show other bugs)
Version: 4.17.1
Hardware: x64 Linux
: P5 major (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-01-21 19:00 UTC by Scott Harvey
Modified: 2023-01-21 19:23 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Scott Harvey 2023-01-21 19:00:15 UTC 

    


    


      



        
          Comment 1
        

        
          Scott Harvey

        

        
        

        
          2023-01-21 19:23:46 UTC
        

      






I am looking for an acceptable solution to be able to manipulate NTACLs 
directly on Samba PDC/AD server. "Server role: ROLE_ACTIVE_DIRECTORY_DC" 
It appears in years past using the commands:  
getfattr -e base64 -n security.NTACL $refNTACL on a known good share path and then using the setfattr -n security.NTACL -v $SACL to
set the NATCL of the files and paths needed to be changed.  The setfattr command, if it worked, could be used to set NTACL recursively on a Linux Samba AD/PDC.  The command samba-tool ntacl get --as-sddl $refNTACL works for getting the sddl data and then using the command find /home/pchome -exec samba-tool ntacl set $SACL "{}" \; work but it is very slow. Using the 
samba-tool ntacl set $SACL recursively, takes on the order of 24 hours to run of samba share file structure that holds ~ 100GB.

Otter related issue:  

net vfs getntacl home a-user
REVISION:1
CONTROL:0x8c04
OWNER:S-1-5-21-227278319-3996652893-3353838262-1115
GROUP:S-1-5-32-544
===============================================================
INTERNAL ERROR: Signal 11: Segmentation fault in pid 6120 (4.17.1)
If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting
===============================================================
PANIC (pid 6120): Signal 11: Segmentation fault in 4.17.1
BACKTRACE: 10 stack frames:
 #0 /usr/lib64/samba/libgenrand-samba4.so(log_stack_trace+0xbd) [0x55699f6fc40d]
 #1 /usr/lib64/samba/libgenrand-samba4.so(smb_panic+0x9) [0x55699f6fca59]
 #2 /usr/lib64/samba/libgenrand-samba4.so(CatchChild+0) [0x55699f6fcc80]
 #3 /usr/lib64/glibc-hwcaps/x86-64-v3/libc.so.6(+0x3acb0) [0x55699f04ecb0]
 #4 net(sec_desc_print+0x250) [0x5569a06dd010]
 #5 net(+0xa50b7) [0x5569a06d70b7]
 #6 net(main+0xa99) [0x5569a0659c29]
 #7 /usr/lib64/glibc-hwcaps/x86-64-v3/libc.so.6(+0x232b7) [0x55699f0372b7]
 #8 /usr/lib64/glibc-hwcaps/x86-64-v3/libc.so.6(__libc_start_main+0x85) [0x55699f037375]
 #9 net(_start+0x21) [0x5569a0659e41]
Can not dump core: corepath not set up

Other relevant version information:

date
Tue Jan 17 04:58:13 PM PST 2023

swupd info
Distribution:      Clear Linux OS
Installed version: 37500
Version URL:       https://cdn.download.clearlinux.org/update
Content URL:       https://cdn.download.clearlinux.org/update

samba -V
Version 4.17.1

uname -r
6.0.3-1202.native