Browsing files or download files from samba server, smbd would check user's id to decide whether this user could access these files, by lookup user's information from the password file (e.g. /usr/local/samba/private/smbpasswd). smbd might goes through startsmbfilepwent(), this api calls [f]chmod() to make sure the password file has valid permissions 0600. Consider a scenario: we are doing a read performance benchmark about downloading a bunch of files (e.g. a thousand files) from a samba server, monitoring file system i/o activities counters, and expecting that should be only read operations on file system because this is just downloading, no uploading is involved. But actually found that still write operations on file system, because smbd lookup user and always reset 0600 permissions on password file while access each file, it makes dirty pages (inode modification) in ram, later triggered a kernel journal daemon to sync dirty pages into back storage (e.g. ext3 kjournald, or ext4 jbd2). This looks like not friendly for read performance benchmark if it happened on an entry-level systems with much less memory and limited computation power, because dirty pages syncing in the meantime slows down read performance. This patch adds fstat() before [f]chmod(), it would check whether password file has valid permissions 0600 or not. If 0600 smbd would bypass [f]chmod() to avoid making dirty pages on file systems. If not 0600 smbd would warn and go through [f]chmod() to set valid permissions 0600 to password file as earlier days. patch will follow.
Env: Ubuntu 22.04.3, samba-4.19.4. If this patch is not applied yet, stat could see the timestamps of password file, ACCESS and CHANGE, constantly updated during downloading files. $ sudo stat /usr/local/samba/private/smbpasswd File: /usr/local/samba/private/smbpasswd Size: 105 Blocks: 8 IO Block: 4096 regular file Device: fc03h/64515d Inode: 6818535 Links: 1 Access: (0600/-rw-------) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2024-01-12 13:57:14.469254245 +0800 Modify: 2024-01-11 15:27:30.129693950 +0800 Change: 2024-01-12 13:57:14.469254245 +0800 Birth: 2024-01-11 15:27:19.265237859 +0800 $ sudo stat /usr/local/samba/private/smbpasswd File: /usr/local/samba/private/smbpasswd Size: 105 Blocks: 8 IO Block: 4096 regular file Device: fc03h/64515d Inode: 6818535 Links: 1 Access: (0600/-rw-------) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2024-01-12 13:57:50.710265644 +0800 Modify: 2024-01-11 15:27:30.129693950 +0800 Change: 2024-01-12 13:57:50.710265644 +0800 Birth: 2024-01-11 15:27:19.265237859 +0800 $ gdb call graph shows that how smbd reaches fchmod(). Thread 1 "smbd[X.X.X.X" hit Breakpoint 1, fchmod () at ../sysdeps/unix/syscall-template.S:120 120 in ../sysdeps/unix/syscall-template.S #0 fchmod () at ../sysdeps/unix/syscall-template.S:120 #1 0x00007f04fa984517 in startsmbfilepwent (pfile=0x5576b68305d0 "/usr/local/samba/private/smbpasswd", type=PWF_READ, lock_depth=0x5576b6842610) at ../../source3/passdb/pdb_smbpasswd.c:329 #2 0x00007f04fa987794 in smbpasswd_getsampwnam (my_methods=0x5576b6842380, sam_acct=0x5576b683f690, username=0x7ffc232f1970 "root") at ../../source3/passdb/pdb_smbpasswd.c:1297 #3 0x00007f04fa9adf4a in pdb_default_uid_to_sid (methods=0x5576b6842380, uid=0, sid=0x7ffc232f1cf0) at ../../source3/passdb/pdb_interface.c:1435 #4 0x00007f04fa9ae19f in pdb_default_id_to_sid (methods=0x5576b6842380, id=0x7ffc232f1b08, sid=0x7ffc232f1cf0) at ../../source3/passdb/pdb_interface.c:1477 #5 0x00007f04fa9ad64f in pdb_id_to_sid (id=0x7ffc232f1b08, sid=0x7ffc232f1cf0) at ../../source3/passdb/pdb_interface.c:1233 #6 0x00007f04fa9a4a1c in xid_to_sid (psid=0x7ffc232f1cf0, xid=0x7ffc232f1c00) at ../../source3/passdb/lookup_sid.c:1231 #7 0x00007f04fa9a4c73 in uid_to_sid (psid=0x7ffc232f1cf0, uid=0) at ../../source3/passdb/lookup_sid.c:1266 #8 0x00007f04faac5cd2 in create_file_sids (psbuf=0x7ffc232f1e20, powner_sid=0x7ffc232f1cf0, pgroup_sid=0x7ffc232f1d40) at ../../source3/smbd/posix_acls.c:838 #9 0x00007f04faaccdfe in posix_get_nt_acl_common (conn=0x5576b685acc0, name=0x5576b6860e50 ".", sbuf=0x7ffc232f1e20, pal=0x0, posix_acl=0x5576b68579e0, def_acl=0x0, security_info=7, mem_ctx=0x5576b68576b0, ppdesc=0x7ffc232f1f90) at ../../source3/smbd/posix_acls.c:3202 #10 0x00007f04faacd75b in posix_fget_nt_acl (fsp=0x5576b6861280, security_info=7, mem_ctx=0x5576b68576b0, ppdesc=0x7ffc232f1f90) at ../../source3/smbd/posix_acls.c:3390 #11 0x00007f04faa68367 in vfswrap_fget_nt_acl (handle=0x5576b6869220, fsp=0x5576b6861280, security_info=7, mem_ctx=0x5576b68576b0, ppdesc=0x7ffc232f1f90) at ../../source3/modules/vfs_default.c:3448 #12 0x00007f04faac1978 in smb_vfs_call_fget_nt_acl (handle=0x5576b6869220, fsp=0x5576b6861280, security_info=7, mem_ctx=0x5576b68576b0, ppdesc=0x7ffc232f1f90) at ../../source3/smbd/vfs.c:2411 #13 0x00007f04faaa032d in smbd_check_access_rights_fsp (dirfsp=0x5576b686d1c0, fsp=0x5576b6861280, use_privs=false, access_mask=1048704) at ../../source3/smbd/open.c:311 #14 0x00007f04faaac307 in open_directory (conn=0x5576b685acc0, req=0x5576b6844620, access_mask=1048704, share_access=7, create_disposition=1, create_options=0, file_attributes=16, parent_dir_fname=0x5576b681c100, smb_fname_atname=0x5576b6860460, pinfo=0x7ffc232f21a4, fsp=0x5576b6861280) at ../../source3/smbd/open.c:4963 #15 0x00007f04faaaf9a4 in create_file_unixpath (conn=0x5576b685acc0, req=0x5576b6844620, dirfsp=0x5576b686d1c0, smb_fname=0x5576b685fa80, access_mask=1048704, share_access=7, create_disposition=1, create_options=0, file_attributes=0, oplock_request=0, lease=0x0, allocation_size=0, private_flags=0, sd=0x0, ea_list=0x0, result=0x7ffc232f2330, pinfo=0x7ffc232f2314) at ../../source3/smbd/open.c:6341 #16 0x00007f04faab058c in create_file_default (conn=0x5576b685acc0, req=0x5576b6844620, dirfsp=0x5576b686d1c0, smb_fname=0x5576b685fa80, access_mask=1048704, share_access=7, create_disposition=1, create_options=0, file_attributes=0, oplock_request=0, lease=0x0, allocation_size=0, private_flags=0, sd=0x0, ea_list=0x0, result=0x5576b6844308, pinfo=0x5576b684431c, in_context_blobs=0x7ffc232f2908, out_context_blobs=0x5576b68445a0) at ../../source3/smbd/open.c:6626 #17 0x00007f04faa612c1 in vfswrap_create_file (handle=0x5576b6869220, req=0x5576b6844620, dirfsp=0x5576b686d1c0, smb_fname=0x5576b685fa80, access_mask=1048704, share_access=7, create_disposition=1, create_options=0, file_attributes=0, oplock_request=0, lease=0x0, allocation_size=0, private_flags=0, sd=0x0, ea_list=0x0, result=0x5576b6844308, pinfo=0x5576b684431c, in_context_blobs=0x7ffc232f2908, out_context_blobs=0x5576b68445a0) at ../../source3/modules/vfs_default.c:770 #18 0x00007f04faabd18a in smb_vfs_call_create_file (handle=0x5576b6869220, req=0x5576b6844620, dirfsp=0x5576b686d1c0, smb_fname=0x5576b685fa80, access_mask=1048704, share_access=7, create_disposition=1, create_options=0, file_attributes=0, oplock_request=0, lease=0x0, allocation_size=0, private_flags=0, sd=0x0, ea_list=0x0, result=0x5576b6844308, pinfo=0x5576b684431c, in_context_blobs=0x7ffc232f2908, out_context_blobs=0x5576b68445a0) at ../../source3/smbd/vfs.c:1560 #19 0x00007f04fab040a0 in smbd_smb2_create_send (mem_ctx=0x5576b68438b0, ev=0x5576b682f4f0, smb2req=0x5576b68438b0, in_oplock_level=0 '\000', in_impersonation_level=2, in_desired_access=1048704, in_file_attributes=0, in_share_access=7, in_create_disposition=1, in_create_options=0, in_name=0x5576b6843ca0 "", in_context_blobs=...) at ../../source3/smbd/smb2_create.c:1115 #20 0x00007f04fab01544 in smbd_smb2_request_process_create (smb2req=0x5576b68438b0) at ../../source3/smbd/smb2_create.c:291 #21 0x00007f04faaf2069 in smbd_smb2_request_dispatch (req=0x5576b68438b0) at ../../source3/smbd/smb2_server.c:3474 #22 0x00007f04faaf71f8 in smbd_smb2_io_handler (xconn=0x5576b6842f00, fde_flags=1) at ../../source3/smbd/smb2_server.c:5101 #23 0x00007f04faaf732e in smbd_smb2_connection_handler (ev=0x5576b682f4f0, fde=0x5576b68421c0, flags=1, private_data=0x5576b6842f00) at ../../source3/smbd/smb2_server.c:5139 #24 0x00007f04fa8681b8 in tevent_common_invoke_fd_handler (fde=0x5576b68421c0, flags=1, removed=0x0) at ../../lib/tevent/tevent_fd.c:158 #25 0x00007f04fa873e86 in epoll_event_loop (epoll_ev=0x5576b68419d0, tvalp=0x7ffc232f2cc0) at ../../lib/tevent/tevent_epoll.c:730 #26 0x00007f04fa874619 in epoll_event_loop_once (ev=0x5576b682f4f0, location=0x7f04fabe0208 "../../source3/smbd/smb2_process.c:2050") at ../../lib/tevent/tevent_epoll.c:946 #27 0x00007f04fa870b2e in std_event_loop_once (ev=0x5576b682f4f0, location=0x7f04fabe0208 "../../source3/smbd/smb2_process.c:2050") at ../../lib/tevent/tevent_standard.c:110 #28 0x00007f04fa866b35 in _tevent_loop_once (ev=0x5576b682f4f0, location=0x7f04fabe0208 "../../source3/smbd/smb2_process.c:2050") at ../../lib/tevent/tevent.c:823 #29 0x00007f04fa866ebd in tevent_common_loop_wait (ev=0x5576b682f4f0, location=0x7f04fabe0208 "../../source3/smbd/smb2_process.c:2050") at ../../lib/tevent/tevent.c:952 #30 0x00007f04fa870bd7 in std_event_loop_wait (ev=0x5576b682f4f0, location=0x7f04fabe0208 "../../source3/smbd/smb2_process.c:2050") at ../../lib/tevent/tevent_standard.c:141 #31 0x00007f04fa866f64 in _tevent_loop_wait (ev=0x5576b682f4f0, location=0x7f04fabe0208 "../../source3/smbd/smb2_process.c:2050") at ../../lib/tevent/tevent.c:971 #32 0x00007f04faad7d2c in smbd_process (ev_ctx=0x5576b682f4f0, msg_ctx=0x5576b681a110, sock_fd=32, interactive=false) at ../../source3/smbd/smb2_process.c:2050 #33 0x00005576b60002bc in smbd_accept_connection (ev=0x5576b682f4f0, fde=0x5576b6841a60, flags=1, private_data=0x5576b68419d0) at ../../source3/smbd/server.c:1031 #34 0x00007f04fa8681b8 in tevent_common_invoke_fd_handler (fde=0x5576b6841a60, flags=1, removed=0x0) at ../../lib/tevent/tevent_fd.c:158 #35 0x00007f04fa873e86 in epoll_event_loop (epoll_ev=0x5576b68301d0, tvalp=0x7ffc232f30a0) at ../../lib/tevent/tevent_epoll.c:730 #36 0x00007f04fa874619 in epoll_event_loop_once (ev=0x5576b682f4f0, location=0x5576b60057d8 "../../source3/smbd/server.c:1373") at ../../lib/tevent/tevent_epoll.c:946 #37 0x00007f04fa870b2e in std_event_loop_once (ev=0x5576b682f4f0, location=0x5576b60057d8 "../../source3/smbd/server.c:1373") at ../../lib/tevent/tevent_standard.c:110 #38 0x00007f04fa866b35 in _tevent_loop_once (ev=0x5576b682f4f0, location=0x5576b60057d8 "../../source3/smbd/server.c:1373") at ../../lib/tevent/tevent.c:823 #39 0x00007f04fa866ebd in tevent_common_loop_wait (ev=0x5576b682f4f0, location=0x5576b60057d8 "../../source3/smbd/server.c:1373") at ../../lib/tevent/tevent.c:952 #40 0x00007f04fa870bd7 in std_event_loop_wait (ev=0x5576b682f4f0, location=0x5576b60057d8 "../../source3/smbd/server.c:1373") at ../../lib/tevent/tevent_standard.c:141 #41 0x00007f04fa866f64 in _tevent_loop_wait (ev=0x5576b682f4f0, location=0x5576b60057d8 "../../source3/smbd/server.c:1373") at ../../lib/tevent/tevent.c:971 #42 0x00005576b600106c in smbd_parent_loop (ev_ctx=0x5576b682f4f0, parent=0x5576b682cb40) at ../../source3/smbd/server.c:1373 #43 0x00005576b6003374 in main (argc=1, argv=0x7ffc232f3678) at ../../source3/smbd/server.c:2131
merge request: https://gitlab.com/samba-team/samba/-/merge_requests/3487 ci is passed: https://gitlab.com/samba-team/devel/samba/-/pipelines/1135770797
This bug was referenced in samba master: c82a267b2a1b7617e818548aa486b7cfbda74657
Created attachment 18229 [details] Patch for v4-19-test
Created attachment 18230 [details] Patch for v4-18-test
Pushed to autobuild-v4-{19,18}-test.
This bug was referenced in samba v4-18-test: e6745b151074c620fe5d102b0b5f0c47023e12e1
This bug was referenced in samba v4-19-test: 283ff41ee9273ee345ee8432e77eac950810581c
Closing out bug report. Thanks!
This bug was referenced in samba v4-18-stable (Release samba-4.18.10): e6745b151074c620fe5d102b0b5f0c47023e12e1
This bug was referenced in samba v4-19-stable (Release samba-4.19.5): 283ff41ee9273ee345ee8432e77eac950810581c