Hello, our Windows clients can't rename or delte files which reside on gpfs: samba uses vfs_gpfs. vfs_gpfs does not support gpfs_getacl_alloc, hence samb's smbd/file_access.c:can_access_file_acl returns NT_STATUS_ACCESS_DENIED when the client tries such operations. This is bad. Unix file permissions allow access, creating files, writing and appending to files works o.k. [2009/02/02 16:04:18, 3] smbd/process.c:switch_message(1361) switch message SMBntcreateX (pid 2812) conn 0x2b0a657cec40 [2009/02/02 16:04:18, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2009/02/02 16:04:18, 5] smbd/filename.c:unix_convert(148) unix_convert called on file "tmp/test2.txt" [2009/02/02 16:04:18, 8] modules/vfs_gpfs.c:gpfs_getacl_alloc(136) smbd_gpfs_getacl failed with Function not implemented [2009/02/02 16:04:18, 5] smbd/file_access.c:can_access_file_acl(43) Could not get acl: NT_STATUS_ACCESS_DENIED [2009/02/02 16:04:18, 8] modules/vfs_gpfs.c:gpfs_getacl_alloc(136) smbd_gpfs_getacl failed with Function not implemented [2009/02/02 16:04:18, 5] smbd/file_access.c:can_access_file_acl(43) Could not get acl: NT_STATUS_ACCESS_DENIED [2009/02/02 16:04:18, 3] smbd/error.c:error_packet_set(61) error packet at smbd/nttrans.c(532) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED [2009/02/02 16:04:18, 5] lib/util.c:show_msg(642) [2009/02/02 16:04:18, 5] lib/util.c:show_msg(652)
This is an ACL processing bug. I'm working on a fix ASAP. Jeremy.
*** Bug 6078 has been marked as a duplicate of this bug. ***
Created attachment 3908 [details] Patch. This should fix deletes and renames on all ACL-bearing filesystems with 3.3.0. Will be in 3.3.1. Thanks, Jeremy.
deleting works with 3.3.1 again, but renaming of folders is still not possible for me.
Created attachment 3961 [details] Experimental patch for 3.3.1 Can you try this patch for 3.3.1 ? It adds the same override in the open_directory path as for files. Thanks, Jeremy.
(In reply to comment #5) > Can you try this patch for 3.3.1 ? It adds the same override in the > open_directory path as for files. seems to work.
Ok, pushed to the 3.3 and master trees. Jeremy.
Closing out bug report. Please re-open if it's still an issue. Thanks for reporting!
Hello, I installed a new server running RHEL6.4 together with an IBM gpfs filesystem. Now I tried to install samba 4.1 from SerNet including the ctdb/gpfs support. When I try to connect from a Windows machine (Server 2008R2 or Win7) I can access the local mounted folders but not the gpfs SAN folders. In Windows it just says cannot connect and the samba log files shows exactly the error message I found here in this thread. Perhaps anyone has a solution for me, perhaps I'm doing something wrong?! Thanx in advance! Jens... Here is a part of my samba.log including the error message "smbd_gpfs_getacl failed with Function not implemented" and my smb.conf: [2013/11/22 13:06:51.485569, 4] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (3172, 234) - sec_ctx_stack_ndx = 0 [2013/11/22 13:06:51.485679, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (20): SID[ 0]: S-1-22-1-3172 SID[ 1]: S-1-22-2-234 SID[ 2]: S-1-22-2-288 SID[ 3]: S-1-22-2-5695 SID[ 4]: S-1-22-2-247 SID[ 5]: S-1-22-2-3224 SID[ 6]: S-1-22-2-290 SID[ 7]: S-1-22-2-5140 SID[ 8]: S-1-22-2-3172 SID[ 9]: S-1-22-2-178 SID[ 10]: S-1-22-2-218 SID[ 11]: S-1-22-2-5814 SID[ 12]: S-1-22-2-4098 SID[ 13]: S-1-22-2-3840 SID[ 14]: S-1-22-2-3369 SID[ 15]: S-1-22-2-4403 SID[ 16]: S-1-22-2-4416 SID[ 17]: S-1-1-0 SID[ 18]: S-1-5-2 SID[ 19]: S-1-5-11 Privileges (0x 0): Rights (0x 0): [2013/11/22 13:06:51.486180, 5] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 3172 Primary group is 234 and contains 16 supplementary groups Group[ 0]: 234 Group[ 1]: 288 Group[ 2]: 5695 Group[ 3]: 247 Group[ 4]: 3224 Group[ 5]: 290 Group[ 6]: 5140 Group[ 7]: 3172 Group[ 8]: 178 Group[ 9]: 218 Group[ 10]: 5814 Group[ 11]: 4098 Group[ 12]: 3840 Group[ 13]: 3369 Group[ 14]: 4403 Group[ 15]: 4416 [2013/11/22 13:06:51.486574, 5] ../source3/smbd/uid.c:363(change_to_user_internal) Impersonated user: uid=(3172,3172), gid=(0,234) [2013/11/22 13:06:51.486658, 5] ../source3/smbd/filename.c:258(unix_convert) unix_convert called on file "" [2013/11/22 13:06:51.486800, 5] ../source3/smbd/filename.c:292(unix_convert) conversion finished "" -> . [2013/11/22 13:06:51.486865, 5] ../source3/smbd/open.c:3019(open_directory) open_directory: opening directory ., access_mask = 0x100081, share_access = 0x7 create_options = 0x1, create_disposition = 0x1, file_attributes = 0x10 [2013/11/22 13:06:51.487053, 5] ../source3/modules/vfs_gpfs.c:294(vfs_gpfs_getacl) smbd_gpfs_getacl failed with Function not implemented [2013/11/22 13:06:51.489148, 4] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/22 13:06:51.489271, 5] ../source3/smbd/filename.c:258(unix_convert) unix_convert called on file "desktop.ini" [2013/11/22 13:06:51.489351, 5] ../source3/smbd/filename.c:421(unix_convert) unix_convert begin: name = desktop.ini, dirpath = , start = desktop.ini [2013/11/22 13:06:51.489531, 5] ../source3/smbd/dir.c:1485(OpenDir) OpenDir: Can't open .. Permission denied [2013/11/22 13:06:51.489645, 3] ../source3/smbd/filename.c:1150(get_real_filename_full_scan) scan dir didn't open dir [.] smb.conf: [global] clustering = no workgroup = xyz server string = Home netbios name = servername interfaces = eth8 log file = /var/log/samba/%m.log ; max log size = 50 log level = 5 security = ADS passdb backend = tdbsam realm = domain name password server = AD servers domain master = no local master = no preferred master = no unix extensions = no username map = /etc/samba/smbusers load printers = no # The following attributes I have tried without any change in behavior # ea support = yes # mangled names = no # store dos attributes = no # map readonly = no # map archive = no # map system = no # force unknown acl user = no [homes] vfs objects = gpfs comment = Home Directories browseable = no writable = yes follow symlinks = yes wide links = yes inherit acls = no path = /gpfs/home create mask = 0600 force create mode = 0600 locking = yes gpfs:sharemodes = yes gpfs:winattr = no
Problem solved. De-installing selinux and everything works.