Bug 4331 - Messes up file permissions in some conditions
Summary: Messes up file permissions in some conditions
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: File Services (show other bugs)
Version: 3.0.23d
Hardware: All Linux
: P3 major
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL: http://bugs.debian.org/396226
Keywords:
Depends on:
Blocks:
 
Reported: 2007-01-10 13:32 UTC by Christian Perrier (dead mail address)
Modified: 2013-12-11 12:29 UTC (History)
1 user (show)

See Also:


Attachments
Level 10 log file (654.57 KB, application/x-bzip2)
2007-01-10 22:47 UTC, Christian Perrier (dead mail address)
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Christian Perrier (dead mail address) 2007-01-10 13:32:33 UTC
This has been reported by a Debian user, then later confirmed by another:

First user, John Goerzen:
We are running Samba 3.0.23c on Debian.

Over the weekend, we updated out file server to Debian's kernel 2.6.18.  
We had previously never run a kernel with ACL support enabled.  Since 
the upgrade, we are seeing very strange permission behavior.  It appears 
to berelated to POSIX ACL support in Samba.

It seems that what's happening is this.

We have a number of files that are user/group writable (permissions 0664). 
When a user that is someone other than the Unix owner of the file writes 
to it, the permissions switch to 0474 (-r--rwxr--) and an ACL is added 
with this second user getting read/write permission to it.

Unfortunately, the Unix owner of the file now is locked out of writing 
to it.

We never had any problem with permissions on these files before using  
the ACL-enabled kernel.  


Second user, Geoff Crompton:

I'm also having this problem.

Package: samba
Version: 3.0.14a-3sarge2

in my case, using ext3:
/dev/sda2 on /var/local type ext3 (rw,noatime,acl,user_xattr)

I've got the following global samba settings:
inherit acls = yes
ea support = yes
map acl inherit = yes
nt acl support = yes


And for that share I've got the following share specific settings:
[company]
comment = Company Files
path = /var/local/company
guest ok = No
browseable = Yes
read only = No
valid users = @users, root
invalid users = dataentry
directory mask = 0775
create mask = 0775
force group = users
admin users = root
nt acl support = yes


I can confirm that I get the same weird behaviour, ie what John Goersen
said:
  > When a user that is someone other than the Unix owner of the file
  > writes to it, the permissions switch to 0474 (-r--rwxr--) and an ACL
  > is added with this second user getting read/write permission to it.
Comment 1 Christian Perrier (dead mail address) 2007-01-10 13:35:53 UTC
Another comment from the second user reporting the bug:
My tests show that this problem has occured with excel 2003, and word
2003, but not with just a text file and using notepad.

It might be related to https://bugzilla.samba.org/show_bug.cgi?id=1094.
I'm unclear from that bug report if the solution was found, or not.
Comment 2 Christian Perrier (dead mail address) 2007-01-10 22:47:01 UTC
Created attachment 2252 [details]
Level 10 log file

Our user sent us a level 10 log file of his server when he experinced the problem
Comment 3 Christian Perrier (dead mail address) 2007-01-10 22:48:35 UTC
User's comment about the logfile I just sent:

Hi Christian,
I tried to email you the file, but even when bzipped it was too large
for the debian servers. So you can download it from here for the next 10
days:
http://ft.strategicdata.com.au/download.cgi?dl=VboYF1rrrd


I've tried to highlight when things happened, hope thats helpful. The
line numbers may only be a guide though, I don't really know what will
be useful in the log file.

Before test, temp/Test_Sharing.xls had -rwxrw-r--

8:41:07, line 30909
testuser2 opened an existing file temp/Test_Sharing.xls.

8:41:13, line 40678
testuser2 Modified and saved file succesfully. Excel however showed the
message "The document was saved successfully, but Excel cannot re-open
it because of a sharing violation. Please close the document and try to
open it again."

File permissions are now -r--rwxr--+, and getfacl shows:
# file: Test_Sharing.xls
# owner: testuser2
# group: users
user::r--
user:testuser1:rwx
group::r--
mask::rwx
other::r--

8:42 line 236239
testuser2 opened file, but couldn't save it, opened readonly

8:43 line 406609
tesuser1 opened file, but couldn't save it, opened readonly


-- 
Geoff Crompton
Debian System Administrator
Strategic Data
+61 3 9340 9000

Comment 4 Christian Perrier (dead mail address) 2007-01-10 22:51:30 UTC
Yet another user comment:

I've also just ran a test where I tried this on a share that has "nt acl
support = no". I didn't have any problems in this case. So this might be
 an effective work around for my system.

Comment 5 Christian Perrier (dead mail address) 2012-05-11 12:21:46 UTC
. (don't worry, just a test I need on own of my bugs. Sorry for the noise)
Comment 6 Björn Jacke 2013-12-11 12:29:40 UTC
the bug report was for 3.0.23c. I am pretty sure that this is not an issue in recent samba versions any more. If you can reproduce it with latest samba 4 releases, please reopen.