Bug 6145 - Suddenly some user's permission changed to read only.
Summary: Suddenly some user's permission changed to read only.
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: File Services (show other bugs)
Version: 3.0.32
Hardware: x64 Linux
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-02-27 23:33 UTC by Yasuhiro Fujii
Modified: 2009-02-28 03:22 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Yasuhiro Fujii 2009-02-27 23:33:33 UTC
(I use samba 3.0.33)
I don't know why some user's permission changed to read only suddenly.
Users access to files via msdfs to files.
If this case happened,the user must logout from windowsXP(SP2).

The user must change to ID:samba for force user config.
But suddenly force user did not work.

----readonly access log----
[2009/02/27 18:25:06, 3] smbd/process.c:switch_message(927)
  switch message SMBntcreateX (pid 6656) conn 0x552b04ba70
[2009/02/27 18:25:06, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (901, 903) - sec_ctx_stack_ndx = 0
[2009/02/27 18:25:06, 5] auth/auth_util.c:debug_nt_user_token(454)
  NT user token of user S-1-5-21-148211337-2714050329-3066933918-19000
  contains 6 SIDs
  SID[  0]: S-1-5-21-148211337-2714050329-3066933918-19000
  SID[  1]: S-1-5-21-148211337-2714050329-3066933918-2801
  SID[  2]: S-1-1-0
  SID[  3]: S-1-5-2
  SID[  4]: S-1-5-11
  SID[  5]: S-1-22-2-903
  SE_PRIV  0x0 0x0 0x0 0x0
[2009/02/27 18:25:06, 5] auth/auth_util.c:debug_unix_user_token(474)
  UNIX token of user 901
  Primary group is 903 and contains 1 supplementary groups
  Group[  0]: 903
[2009/02/27 18:25:06, 5] smbd/uid.c:change_to_user(273)
  change_to_user uid=(901,901) gid=(0,903)
[2009/02/27 18:25:06, 4] smbd/vfs.c:vfs_ChDir(665)
  vfs_ChDir to /samba_home/sda1/GROUP/b_SOUMU/2_SOUMU
[2009/02/27 18:25:06, 10] smbd/nttrans.c:reply_ntcreate_and_X(515)
  reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f file_attributes = 0x80, share_access = 0x1, create_disposition = 0x1 create_options =
0x40 root_dir_fid = 0x0
[2009/02/27 18:25:06, 5] smbd/filename.c:unix_convert(147)
  unix_convert called on file "15_oa/03_lease/lease.xls"
[2009/02/27 18:25:06, 10] smbd/statcache.c:stat_cache_lookup(248)
  stat_cache_lookup: lookup succeeded for name [15_oa/03_lease/lease.XLS] -> [15_oa/03_lease/lease.xls]
[2009/02/27 18:25:06, 3] smbd/dosmode.c:unix_mode(142)
  unix_mode(15_oa/03_lease/lease.xls) returning 0664
[2009/02/27 18:25:06, 10] smbd/open.c:open_file_ntcreate(1184)
  open_file_ntcreate: fname=15_oa/03_lease/lease.xls, dos_attrs=0x80 access_mask=0x2019f share_access=0x1 create_disposition
 = 0x1 create_options=0x40 unix mode=0664 oplock_request=3
[2009/02/27 18:25:06, 8] smbd/dosmode.c:dos_mode(371)
  dos_mode: 15_oa/03_lease/lease.xls
[2009/02/27 18:25:06, 8] smbd/dosmode.c:dos_mode_from_sbuf(188)
  dos_mode_from_sbuf returning
[2009/02/27 18:25:06, 8] smbd/dosmode.c:dos_mode(409)
  dos_mode returning
[2009/02/27 18:25:06, 10] smbd/open.c:open_file_ntcreate(1347)
  open_file_ntcreate: fname=15_oa/03_lease/lease.xls, after mapping access_mask=0x2019f
[2009/02/27 18:25:06, 5] smbd/files.c:file_new(123)
  allocated file structure 8591, fnum = 12687 (3 used)
[2009/02/27 18:25:06, 4] smbd/open.c:open_file_ntcreate(1605)
  calling open_file with flags=0x2 flags2=0x0 mode=0664, access_mask = 0x2019f, open_access_mask = 0x2019f
[2009/02/27 18:25:06, 10] smbd/open.c:fd_open(67)
  fd_open: name 15_oa/03_lease/lease.xls, flags = 02 mode = 0664, fd = -1. Permission denied
[2009/02/27 18:25:06, 3] smbd/open.c:open_file(301)
  Error opening file 15_oa/03_lease/lease.xls (NT_STATUS_ACCESS_DENIED) (local_flags=2) (flags=2)
[2009/02/27 18:25:06, 5] smbd/files.c:file_free(454)
  freed files structure 12687 (2 used)
[2009/02/27 18:25:06, 3] smbd/error.c:error_packet_set(106)
  error packet at smbd/nttrans.c(805) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED
[2009/02/27 18:25:06, 5] lib/util.c:show_msg(484)
[2009/02/27 18:25:06, 5] lib/util.c:show_msg(494)

----access OK log----
[2009/02/27 18:25:11, 3] smbd/process.c:switch_message(927)
  switch message SMBclose (pid 6656) conn 0x552b04ba70
[2009/02/27 18:25:11, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (901, 903) - sec_ctx_stack_ndx = 0
[2009/02/27 18:25:11, 5] auth/auth_util.c:debug_nt_user_token(454)
  NT user token of user S-1-5-21-148211337-2714050329-3066933918-19000
  contains 6 SIDs
  SID[  0]: S-1-5-21-148211337-2714050329-3066933918-19000
  SID[  1]: S-1-5-21-148211337-2714050329-3066933918-2801
  SID[  2]: S-1-1-0
  SID[  3]: S-1-5-2
  SID[  4]: S-1-5-11
  SID[  5]: S-1-22-2-903
  SE_PRIV  0x0 0x0 0x0 0x0
[2009/02/27 18:25:11, 5] auth/auth_util.c:debug_unix_user_token(474)
  UNIX token of user 901
  Primary group is 903 and contains 1 supplementary groups
  Group[  0]: 903
[2009/02/27 18:25:11, 5] smbd/uid.c:change_to_user(273)
  change_to_user uid=(901,901) gid=(0,903)
[2009/02/27 18:25:11, 3] smbd/reply.c:reply_close(3338)
  close fd=29 fnum=12690 (numopen=2)
[2009/02/27 18:25:11, 10] locking/locking.c:parse_share_modes(523)
  parse_share_modes: delete_on_close: 0, num_share_modes: 2
[2009/02/27 18:25:11, 10] locking/locking.c:parse_share_modes(623)
  parse_share_modes: share_mode_entry[0]:  pid = 6656, share_access = 0x3, private_options = 0x40, access_mask = 0x20089, mid = 0x0, type= 0x3, fi
le_id = 1231, uid = 901, flags = 0, dev = 0xfd00, inode = 223313943
[2009/02/27 18:25:11, 10] locking/locking.c:parse_share_modes(623)
  parse_share_modes: share_mode_entry[1]: UNUSED pid = 6656, share_access = 0x7, private_options = 0x0, access_mask = 0x100080, mid = 0x0, type= 0
x40, file_id = 1233, uid = 901, flags = 0, dev = 0xfd00, inode = 223313943
[2009/02/27 18:25:11, 10] smbd/oplock_linux.c:linux_release_kernel_oplock(149)
  linux_release_kernel_oplock: file 15_oa/03_lease/lease.xls, dev = fd00, inode = 223313943 file_id = 1231 has kernel oplock
 state of 1.
[2009/02/27 18:25:11, 10] locking/posix.c:get_windows_lock_ref_count(545)
  get_windows_lock_count for file 15_oa/03_lease/lease.xls = 0
[2009/02/27 18:25:11, 10] locking/posix.c:delete_windows_lock_ref_count(559)
  delete_windows_lock_ref_count for file 15_oa/03_lease/lease.xls
[2009/02/27 18:25:11, 2] smbd/close.c:close_normal_file(406)
  samba closed file 15_oa/03_lease/lease.xls (numopen=1) NT_STATUS_OK
[2009/02/27 18:25:11, 5] smbd/files.c:file_free(454)
  freed files structure 12690 (2 used)

-- smb.conf --
[global]
        dos charset = cp932
        unix charset = eucjp-ms
        display charset = cp932
        workgroup = DOM
        server string = file-sv1
        passdb backend = ldapsam:"ldap://10.110.1.80:389 ldap://10.110.1.90:389"
        max log size = 15000
        # For debugging 2008/11/6
        log level = 1
        log file = /usr/local/samba/var/new/log.%U
        time server = Yes
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        domain logons = Yes
        security = user
        encrypt passwords = Yes
        server schannel = auto
        os level = 64
        preferred master = Yes
        domain master = Yes
        local master = Yes
        wins server = 10.110.1.80
        ldap ssl = no
        ldap admin dn = cn=Manager,dc=dom
        ldap delete dn = Yes
        ldap group suffix = ou=Groups
        ldap machine suffix = ou=Computers
        ldap suffix = dc=dom
        ldap user suffix = ou=Users
        ldap passwd sync = yes
        nt acl support = No
        host msdfs = Yes
        keepalive = 300

[GROUP]
        path = /samba_home/DFS_ROOT_GROUP_FILE-SV1
        msdfs root = Yes

[2_SOUMU]
        path = /samba_home/sda1/GROUP/b_SOUMU/2_SOUMU
        browseable = No
        read only = No
        valid users = @g00205, @g00206, @g00001,@g00002, @"Domain Admins"
        write list = @g00205, @"Domain Admins"
        read list = @g00206,@g00001,@g00002
        force user = samba
        delete readonly = Yes
        create mask = 664
        directory mask = 775

cd /samba_home/DFS_ROOT_SHONAI_FILE-SV1/b_SOUMU
ls -al 
2_SOUMU -> msdfs:file-sv1\2_SOUMU

cd /samba_home/DFS_ROOT_SHONAI_FILE-SV1/b_SOUMU
ls -al
drwxrwsr-x  27 samba g00205 4096 Feb 27 18:49 2_SOUMU

This problem happened samba 3.0.22,too.
Comment 1 Yasuhiro Fujii 2009-02-28 03:22:41 UTC
I'm so sorry.
I found the cause.
This is my big mistake.
Some SIDs are duplicated.