15847 – Samba 4.20-4.22 corrupts ZFS ACLs via FCHMOD

Bug 15847 - Samba 4.20-4.22 corrupts ZFS ACLs via FCHMOD

Summary: Samba 4.20-4.22 corrupts ZFS ACLs via FCHMOD

Status:	NEW

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	File services (show other bugs)
Version:	4.22.0
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Samba QA Contact
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2025-04-14 11:48 UTC by Peter Eriksson
Modified:	2025-07-10 22:08 UTC (History)
CC List:	3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Peter Eriksson 2025-04-14 11:48:35 UTC

Samba 4.20-4.22 calls FCHMOD in source3/smbd/open.c:open_file_ntcreate() when creating new files which corrupts the ACL. This is a new behaviour that didn't occur in Samba 4.19.9 and earlier.

(inherit acls = no, inherit permissions = no in smb.conf)

Adding some debugging prints I notice this difference:

4.19.9
2025/04/14 13:29:58.666032,  1] ../../source3/smbd/open.c:4549(open_file_ntcreate)
  open_file_ntcreate: forcing unx_mode=0x81c0 due to (FILE_WAS_OVERWRITTEN=0 && map_archive=0) || store_dos_attributes=1
[2025/04/14 13:29:56.666072,  1] ../../source3/smbd/open.c:4562(open_file_ntcreate)
  open_file_ntcreate: acl0/j.txt: Maybe resetting via FCHMOD: posix_open=0 new_file_created=1 def_acl=0 unx_mode=0x81c0 smb_fname->st.st_ex_mode=0x81c0


4.22.0
[2025/04/11 15:18:09.101781,  1] ../../source3/smbd/open.c:4294(open_file_ntcreate)
  open_file_ntcreate: acl0/g.txt: Resetting via FCHMOD: posix_open=0 new_file_created=1 def_acl=0 unx_mode=0x1a4 smb_fname->st.st_ex_mode=0x81c0


(I'm doing a simple "copy b.txt j.txt" in a CMD window on a Windows client).

A quick fix is to just disable that FCHMOD call.

Looking at the code in 4.19.9/smbd/open.c and comparing it to the code in 4.22.0 it seems this section of code that sets unx_mode has been removed:

       if (info != FILE_WAS_OPENED) {
                /* Overwritten files should be initially set as archive */
                if ((info == FILE_WAS_OVERWRITTEN && lp_map_archive(SNUM(conn))) ||
                    lp_store_dos_attributes(SNUM(conn))) {
                        (void)fdos_mode(fsp);
                        if (!posix_open) {
                                if (file_set_dosmode(conn, smb_fname,
                                            new_dos_attributes | FILE_ATTRIBUTE_ARCHIVE,
                                            parent_dir_fname, true) == 0) {
                                        unx_mode = smb_fname->st.st_ex_mode;
                                        
                                }
                        }
                }
        }

Comment 1 Guenther Deschner 2025-07-10 09:00:20 UTC

Could you try the patch attached to https://bugzilla.samba.org/show_bug.cgi?id=15880?

Comment 2 Peter Eriksson 2025-07-10 22:08:01 UTC

With the patch in 15880 things look much better:


ACL protecting ".":

# file: .
# owner: peter86
# group: employee-liu.se
           everyone@:------a-R-c---:fd-----:allow
        user:peter86:rwxpDdaARWcCo-:fd-----:allow
           everyone@:--------------:fd----I:allow



ACL generated for "t.txt" on a Windows client with "dir >t.txt" without the patch:

# lac t.txt
# file: t.txt
# owner: peter86
# group: employee-liu.se
        user:peter86:rwxpDdaARWcCo-:------I:allow
              owner@:rw-p--aARWcCos:-------:allow
              group@:r-----a-R-c--s:-------:allow
           everyone@:r-----a-R-c--s:-------:allow



ACL generated with the patch:

# file: t2.txt
# owner: peter86
# group: employee-liu.se
           everyone@:------a-R-c---:------I:allow
        user:peter86:rwxpDdaARWcCo-:------I:allow
           everyone@:--------------:------I:allow