Bug 6083 - Strange behavior with modify right
Strange behavior with modify right
Status: RESOLVED FIXED
Product: Samba 3.3
Classification: Unclassified
Component: File services
3.3.0
x86 Linux
: P3 normal
: ---
Assigned To: Samba Bugzilla Account
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-02-03 02:39 UTC by Wilfried Barnavon
Modified: 2009-05-11 04:17 UTC (History)
0 users

See Also:


Attachments
debug at level 10 (862.00 KB, text/plain)
2009-02-25 03:31 UTC, Urmas Buhvestov
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Wilfried Barnavon 2009-02-03 02:39:59 UTC
My OS Server is Linux (Centos 5.2) with kernel 2.6.21.6
On the test system I am "wbarnavon".
I use Windows XP as client in a Samba domain.
I create a directory /home/wbarnavon/public_html/cinq/Documents/Association
Here are the acls:
# file: .
# owner: wbarnavon
# group: users
user::rwx
user:apache:rwx
user:wbarnavon:rwx
group::---
mask::rwx
other::---
default:user::rwx
default:user:apache:rwx
default:user:wbarnavon:rwx
default:group::---
default:mask::rwx
default:other::---

I create a file test.txt
here is the acls:
# file: test.txt
# owner: wbarnavon
# group: users
user::rwx
user:apache:rwx
group::---
mask::rwx
other::---

Well here is my server configuration:
[global]
        workgroup = ON-FIRE
        interfaces = eth1, lo
        bind interfaces only = Yes
        null passwords = Yes
        passdb backend = ldapsam:ldap://phoenix.on-fire.local/
        username map = /etc/samba/smbusers
        username level = 1
        client NTLMv2 auth = Yes
        log level = 1
        time server = Yes
        socket options = TCP_NODELAY, IPTOS_LOWDELAY, SO_KEEPALIVE, SO_SNDBUF=14596, SO_RCVBUF=14596
        add user script = /usr/sbin/smbldap-useradd -m "%u" ; true
        delete user script = /usr/sbin/smbldap-userdel "%u" ; true
        add group script = /usr/sbin/smbldap-groupadd -p "%g" ; true
        delete group script = /usr/sbin/smbldap-groupdel "%g" ; true
        add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" ; true
        delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" ; true
        set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" ; true
        add machine script = /usr/sbin/smbldap-useradd -w "%u"
        logon script = logon.bat
        logon path =
        logon drive = U:
        domain logons = Yes
        os level = 128
        preferred master = Yes
        domain master = Yes
        dns proxy = No
        wins support = Yes
        ldap admin dn = cn=samba,ou=DSA,dc=on-fire,dc=net
        ldap delete dn = Yes
        ldap group suffix = ou=Groupes
        ldap idmap suffix = ou=Idmap,ou=Samba
        ldap machine suffix = ou=Ordinateurs
        ldap suffix = dc=on-fire,dc=net
        ldap ssl = start tls
        ldap user suffix = ou=Utilisateurs
        idmap backend = ldap:ldap://phoenix.on-fire.local
        idmap uid = 1000-2000000
        idmap gid = 1000-2000000
        winbind separator = /
        winbind use default domain = Yes
        winbind trusted domains only = Yes
        ldapsam:trusted = yes
        ea support = Yes
        map readonly = no
        store dos attributes = Yes

[netlogon]
        path = /var/spool/samba/netlogon
        browseable = No
        root preexec = /etc/samba/scripts/DomainGroupinLocalGroup.sh %m "Utilisateurs avec pouvoir" "Domain Users"

[homes]
        read only = No
        inherit permissions = Yes
        inherit acls = Yes
        map acl inherit = Yes
        browseable = No


[dfs]
        path = /var/spool/samba/dfs
        msdfs root = Yes

[root$]
        path = /
        valid users = administrateur, "@Domain Admins"
        read only = No
        browseable = No

[home$]
        path = /home
        valid users = administrateur, "@Domain Admins"
        read only = No
        inherit permissions = Yes
        inherit acls = Yes
        map acl inherit = Yes
        browseable = No

[doc]
        path = /usr/share/doc

[packs]
        path = /usr/local/packs


Now the bug !
I can create and delete the test.txt file, but I can't apply modification. I get "Access Refused Error".

If I downgrade Samba to 3.2.7, I have not this issue.

Here is the log in log.smbd:
[2009/02/02 20:25:26,  1] smbd/dosmode.c:get_ea_dos_attribute(208)
  get_ea_dos_attributes: Cannot get attribute from EA on file .: Error = Opération non supportée
[2009/02/02 20:26:50,  0] smbd/service.c:make_connection_snum(740)
  create_connection_server_info failed: NT_STATUS_ACCESS_DENIED
Comment 1 Karolin Seeger 2009-02-12 08:27:10 UTC
Please provide a level 10 log file of the whole operation including the session setup if possible. Please note that sensible data may be included.
Comment 2 Urmas Buhvestov 2009-02-25 03:07:49 UTC
I have similar problems with profiles share. I gave full rights to everyone, but windows still says that there is too few rights to access file (it greates prf*.tmp file, but isn't able to rename it).
and in half cases it ends with Segfault All other shares work as they did before.

3.3.0-SerNet-Debian

0xb794f424 in __kernel_vsyscall ()
#0  0xb794f424 in __kernel_vsyscall ()
#1  0xb75b46f3 in ?? ()
#2  0xb766fff4 in ?? ()
#3  0xb755246b in ?? ()
#4  0x00002d4b in ?? ()
#5  0xbfd7ab58 in ?? ()
#6  0x00000000 in ?? ()


[global]
passdb backend = tdbsam
guest account = ftp
name resolve order = lmhosts host wins bcast
hostname lookups = Yes
logon script = start.bat
logon path = \\WWW\profile\%U
logon drive = H:
logon home = \\WWW\%U
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
nt acl support = No

[profile]
path = /samba/profiles
read only = No
create mask = 0666
directory mask = 0777
guest ok = Yes
profile acls = Yes
case sensitive = No
preserve case = No
short preserve case = No
hide files = /desktop.ini/ntuser.ini/NTUSER.*/
browseable = No
csc policy = disable
locking = No

[netlogon]
comment = Network Logon Service
path = /samba/netlogon
write list = @sysop
read only = No
create mask = 0644
guest ok = Yes
csc policy = disable
root preexec = /etc/samba/logi.sh %u  sisse %T %m %I
root postexec = /etc/samba/logi.sh %u  valja %T %m %I

Comment 3 Urmas Buhvestov 2009-02-25 03:31:12 UTC
Created attachment 3955 [details]
debug at level 10

Computer started, 
started wpkg service to install updates
user tamme7 logged in (no profile on samba share)
user tamme7 logged out and ended with error that can't copy
tamme7/start menu/programs/outlook express.lnk
Rest of profile seems to be on place

tamme7/start menu/programs/
drwxr-xr-x 3 tamme7 arvutid 4096 2009-02-25 11:18 accessories/
-rw-rw-rw- 1 tamme7 arvutid  738 2009-02-25 11:18 prf90.tmp
-rw-rw-rw- 1 tamme7 arvutid  788 2009-02-25 11:17 prf91.tmp
-rw-rw-rw- 1 tamme7 arvutid  803 2009-02-25 11:18 prf92.tmp
-rw-rw-rw- 1 tamme7 arvutid  122 2009-02-25 11:18 prf93.tmp
drwxrwxrwx 2 tamme7 arvutid 4096 2009-02-25 11:17 startup/

No segfault this time :-)
Comment 4 Karolin Seeger 2009-05-03 03:06:16 UTC
So this one can be closed?
Comment 5 Karolin Seeger 2009-05-11 04:17:47 UTC
Closing out bug report.
Please re-open if it's still an issue.

Thanks for reporting!