15888 – sysvolreset fails if the sysvol path has symlink and the CWD is not root

Bug 15888 - sysvolreset fails if the sysvol path has symlink and the CWD is not root

Summary: sysvolreset fails if the sysvol path has symlink and the CWD is not root

Status:	NEW

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	AD: LDB/DSDB/SAMDB (show other bugs)
Version:	4.22.3
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Samba QA Contact
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2025-07-28 04:37 UTC by SATOH Fumiyasu
Modified:	2025-07-28 05:35 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description SATOH Fumiyasu 2025-07-28 04:37:04 UTC

`samba-tool ntacl sysvolreset` fails if the sysvol path has symlink and the current working directory is not root.

```
# samba-tool testparm --suppress-prompt
...
[global]
        server role = active directory domain controller
...
[sysvol]
        path = /opt/local/var/lib/samba/sysvol
...
# ls -l /opt/local/var
lrwxrwxrwx 1 root root 21  7月 11 20:54 /opt/local/var -> ../../var/opt/local
# cd /
# samba-tool ntacl sysvolreset; echo $?
0
# cd /path/to/non/root/dir
# samba-tool ntacl sysvolreset; echo $?
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: Your filesystem or build does not support posix ACLs, which s3fs requires.  Try the mounting the filesystem with the 'acl' option.
  File "/opt/local/libexec/samba/app/lib/python3.9/site-packages/samba/netcmd/__init__.py", line 356, in _run
    return self.run(*args, **kwargs)
  File "/opt/local/libexec/samba/app/lib/python3.9/site-packages/samba/netcmd/ntacl.py", line 449, in run
    provision.setsysvolacl(samdb, sysvol,
  File "/opt/local/libexec/samba/app/lib/python3.9/site-packages/samba/provision/__init__.py", line 1686, in setsysvolacl
    raise ProvisioningError("Your filesystem or build does not support posix ACLs, which s3fs requires.  "
255
# samba-tool ntacl sysvolreset -d 10
Initialising custom vfs hooks from [acl_xattr]
vfs_find_backend_entry called for acl_xattr
vfs module [acl_xattr] not loaded - trying to load...
load_module_absolute_path: Loading module '/opt/local/libexec/samba/vfs/acl_xattr.so'
load_module_absolute_path: Module '/opt/local/libexec/samba/vfs/acl_xattr.so' loaded
vfs_find_backend_entry called for acl_xattr
Successfully added vfs backend 'acl_xattr'
vfs_find_backend_entry called for acl_xattr
Successfully loaded vfs module [acl_xattr] with the new modules system
Initialising custom vfs hooks from [dfs_samba4]
vfs_find_backend_entry called for dfs_samba4
vfs module [dfs_samba4] not loaded - trying to load...
load_module_absolute_path: Loading module '/opt/local/libexec/samba/vfs/dfs_samba4.so'
load_module_absolute_path: Module '/opt/local/libexec/samba/vfs/dfs_samba4.so' loaded
vfs_find_backend_entry called for dfs_samba4
Successfully added vfs backend 'dfs_samba4'
vfs_dfs_samba4: Debug class number of 'fileid': 39
vfs_find_backend_entry called for dfs_samba4
Successfully loaded vfs module [dfs_samba4] with the new modules system
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service Unknown Service (snum == -1)
dfs_samba4: connect to service[Unknown Service (snum == -1)]
set_conn_connectpath: service (null), connectpath = /
vfs_get_fs_capabilities: vfs_get_fs_capabilities: timestamp resolution of sec available on share (null), directory /
vfs_ChDir to /path/to/non/root/dir
vfs_ChDir: vfs_ChDir got /path/to/non/root/dir
openat_pathref_fsp: smb_fname [/opt/local/var/lib/samba/sysvol/tmpktxi8z_n]
openat_pathref_fullname: smb_fname [/opt/local/var/lib/samba/sysvol/tmpktxi8z_n]
fsp_new: allocated files structure (1 used)
file_name_hash: /opt/local/var/lib/samba/sysvol/tmpktxi8z_n hash 0x17367853
fsp_new: allocated files structure (2 used)
file_name_hash: / hash 0xa2ff470e
openat_pathref_fsp_nosymlink: path_in=opt/local/var/lib/samba/sysvol
fsp_new: allocated files structure (3 used)
openat_pathref_fsp_nosymlink: SMB_VFS_OPENAT(/, opt/local/var/lib/samba/sysvol, RESOLVE_NO_SYMLINKS) returned 40 Too many levels of symbolic links => NT_STATUS_OBJECT_PATH_NOT_FOUND
fsp_new: allocated files structure (4 used)
file_free: freed files structure 0 (3 used)
file_free: freed files structure 0 (2 used)
safe_symlink_target_path: connectpath [/] target [opt/local/../../var/opt/local/lib/samba/sysvol/tmpktxi8z_n] unparsed [29]
safe_symlink_target_path: abs_target_canon=/var/opt/local/lib/samba/sysvol/tmpktxi8z_n
openat_pathref_fsp_nosymlink: path_in=var/opt/local/lib/samba/sysvol
fsp_new: allocated files structure (3 used)
openat_pathref_fsp_nosymlink: SMB_VFS_OPENAT(/path/to/non/root/dir, var/opt/local/lib/samba/sysvol, RESOLVE_NO_SYMLINKS) returned 2 No such file or directory => NT_STATUS_OBJECT_NAME_NOT_FOUND
openat_pathref_fsp_nosymlink: SMB_VFS_OPENAT() failed: No such file or directory
file_free: freed files structure 0 (2 used)
filename_convert_dirfsp_nosymlink: opening directory var/opt/local/lib/samba/sysvol failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
file_free: freed files structure 0 (1 used)
fd_openat: filename_convert_dirfsp_rel returned NT_STATUS_OBJECT_PATH_NOT_FOUND
openat_pathref_fullname: Opening pathref for [/opt/local/var/lib/samba/sysvol/tmpktxi8z_n] failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
file_free: freed files structure 0 (0 used)
dfs_samba4_disconnect() connect to service[(null)].
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: Your filesystem or build does not support posix ACLs, which s3fs requires.  Try the mounting the filesystem with the 'acl' option.
  File "/opt/local/libexec/samba/app/lib/python3.9/site-packages/samba/netcmd/__init__.py", line 356, in _run
    return self.run(*args, **kwargs)
  File "/opt/local/libexec/samba/app/lib/python3.9/site-packages/samba/netcmd/ntacl.py", line 449, in run
    provision.setsysvolacl(samdb, sysvol,
  File "/opt/local/libexec/samba/app/lib/python3.9/site-packages/samba/provision/__init__.py", line 1686, in setsysvolacl
    raise ProvisioningError("Your filesystem or build does not support posix ACLs, which s3fs requires.  "
```

Comment 1 SATOH Fumiyasu 2025-07-28 05:35:07 UTC

`samba-tool domain provision` also fails if the default sysvol path has symlink.

```
# /opt/local/bin/samba-tool domain provision
...
Repacking database from v1 to v2 format (first record CN=Parent-CA-Certificate-Chain,CN=Schema,CN=Configuration,DC=example,DC=jp)
Repack: re-packed 10000 records so far
Repacking database from v1 to v2 format (first record CN=mSMQConfiguration-Display,CN=816,CN=DisplaySpecifiers,CN=Configuration,DC=example,DC=jp)
Repacking database from v1 to v2 format (first record CN=ab402345-d3c3-455d-9ff7-40268a1099b6,CN=Operations,CN=DomainUpdates,CN=System,DC=example,DC=jp)
ERROR(<class 'samba.provision.ProvisioningError'>): Provision failed - ProvisioningError: Your filesystem or build does not support posix ACLs, which s3fs requires.  Try the mounting the filesystem with the 'acl' option.
```