6155 – "force group" is no longer working as expected

Bug 6155 - "force group" is no longer working as expected

Summary: "force group" is no longer working as expected

Status:	RESOLVED FIXED

Alias:	None

Product:	Samba 3.3
Classification:	Unclassified
Component:	File services (show other bugs)
Version:	3.3.1
Hardware:	Other Linux

Importance:	P3 major
Target Milestone:	---
Assignee:	Jeremy Allison
QA Contact:	Samba QA Contact

URL:	http://bugs.debian.org/517760
Keywords:

Depends on:
Blocks:

Reported:	2009-03-03 14:57 UTC by Debian samba package maintainers (PUBLIC MAILING LIST)
Modified:	2009-06-15 02:21 UTC (History)
CC List:	0 users

See Also:

Attachments
Patch for 3.3.1 (2.47 KB, patch) 2009-03-03 18:05 UTC, Jeremy Allison	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Debian samba package maintainers (PUBLIC MAILING LIST) 2009-03-03 14:57:27 UTC

This is reported in Debian bug #517760.

While initially reported as "force group = +<group>" no longer working, it finally appears that "force group" itself is no longer working as expected.

Sample smb.conf:

[global]
        workgroup = MAISON
        server string = Le portable de Kiki (samba %v)
        bind interfaces only = Yes
        log level = 1
        max log size = 1000
        printcap name = /etc/printcap
        message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' &
        invalid users = root
        printing = bsd
        print command = lpr -r -P'%p' %s
        lpq command = lpq -P'%p'
        lprm command = lprm -P'%p' %j

[public]
        comment = Public
        path = /var/tmp/samba-test
        force group = users
        read only = No
        create mask = 0770
        directory mask = 0700
        guest ok = Yes


/var/samba/test:
root@mykerinos:/etc/samba> ls -la /var/tmp/samba-test/
total 0
drwxrwxrwx 2 bubulle bikinibottom   6 mar  3 21:52 .
drwxrwxrwt 8 root    root         135 mar  3 05:29 ..

Connecting with smbclient:
bubulle@mykerinos:~> smbclient //localhost/public
Enter bubulle's password:
Domain=[MYKERINOS] OS=[Unix] Server=[Samba 3.3.1]
smb: \> put foo
putting file foo as \foo (0,1 kb/s) (average 0,1 kb/s)

Back to /var/samba/test:
root@mykerinos:/etc/samba> ls -la /var/tmp/samba-test/
total 4
drwxrwxrwx 2 bubulle bikinibottom  16 mar  3 21:52 .
drwxrwxrwt 8 root    root         135 mar  3 05:29 ..
-rwxrw---- 1 bubulle bubulle        7 mar  3 21:52 foo

root@mykerinos:/etc/samba> id bubulle
uid=1000(bubulle) gid=1000(bubulle) groupes=1000(bubulle),29(audio),30(dip),44(video),46(plugdev),105(hal),800(geneweb),116(pootle),117(powerdev),1007(bob),126(vboxusers)


A level 3 log doesn't show anything really relevant while doing this:

[2009/03/03 21:54:47,  3] smbd/service.c:make_connection_snum(1103)
  mykerinos (::ffff:127.0.0.1) connect to service IPC$ initially as user bubulle (uid=1000, gid=1000) (pid 23751)
[2009/03/03 21:54:47,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/03/03 21:54:47,  3] smbd/reply.c:reply_tcon_and_X(789)
  tconX service=IPC$
[2009/03/03 21:54:47,  3] smbd/process.c:process_smb(1554)
  Transaction 4 of length 110 (0 toread)
[2009/03/03 21:54:47,  3] smbd/process.c:switch_message(1378)
  switch message SMBtrans2 (pid 23751) conn 0x9094468
[2009/03/03 21:54:47,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (1000, 1000) - sec_ctx_stack_ndx = 0
[2009/03/03 21:54:47,  3] smbd/msdfs.c:get_referred_path(813)
  get_referred_path: |public| in dfs path \localhost\public is not a dfs root.
[2009/03/03 21:54:47,  3] smbd/error.c:error_packet_set(61)
  error packet at smbd/trans2.c(7286) cmd=50 (SMBtrans2) NT_STATUS_NOT_FOUND
[2009/03/03 21:54:47,  3] smbd/process.c:process_smb(1554)
  Transaction 5 of length 39 (0 toread)
[2009/03/03 21:54:47,  3] smbd/process.c:switch_message(1378)
  switch message SMBtdis (pid 23751) conn 0x9094468
[2009/03/03 21:54:47,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/03/03 21:54:47,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/03/03 21:54:47,  3] smbd/service.c:close_cnum(1315)
  mykerinos (::ffff:127.0.0.1) closed connection to service IPC$
[2009/03/03 21:54:47,  3] smbd/connection.c:yield_connection(31)
  Yielding connection to IPC$
[2009/03/03 21:54:47,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/03/03 21:54:47,  3] smbd/process.c:process_smb(1554)
  Transaction 6 of length 92 (0 toread)
[2009/03/03 21:54:47,  3] smbd/process.c:switch_message(1378)
  switch message SMBtconX (pid 23751) conn 0x0
[2009/03/03 21:54:47,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/03/03 21:54:47,  3] lib/util_sid.c:string_to_sid(228)
  string_to_sid: Sid root does not start with 'S-'.
[2009/03/03 21:54:47,  3] smbd/sec_ctx.c:push_sec_ctx(224)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/03/03 21:54:47,  3] smbd/uid.c:push_conn_ctx(383)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/03/03 21:54:47,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/03/03 21:54:47,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/03/03 21:54:47,  3] smbd/sec_ctx.c:push_sec_ctx(224)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/03/03 21:54:47,  3] smbd/uid.c:push_conn_ctx(383)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/03/03 21:54:47,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/03/03 21:54:47,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/03/03 21:54:47,  3] smbd/sec_ctx.c:push_sec_ctx(224)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/03/03 21:54:47,  3] smbd/uid.c:push_conn_ctx(383)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/03/03 21:54:47,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/03/03 21:54:47,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/03/03 21:54:47,  3] smbd/sec_ctx.c:push_sec_ctx(224)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/03/03 21:54:47,  3] smbd/uid.c:push_conn_ctx(383)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/03/03 21:54:47,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/03/03 21:54:47,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/03/03 21:54:47,  3] smbd/sec_ctx.c:push_sec_ctx(224)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/03/03 21:54:47,  3] smbd/uid.c:push_conn_ctx(383)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/03/03 21:54:47,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/03/03 21:54:47,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/03/03 21:54:47,  3] smbd/sec_ctx.c:push_sec_ctx(224)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/03/03 21:54:47,  3] smbd/uid.c:push_conn_ctx(383)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/03/03 21:54:47,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/03/03 21:54:47,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/03/03 21:54:47,  3] smbd/service.c:find_forced_group(614)
  Forced group users
[2009/03/03 21:54:47,  3] smbd/service.c:make_connection_snum(863)
  Connect path is '/var/tmp/samba-test' for service [public]
[2009/03/03 21:54:47,  3] smbd/vfs.c:vfs_init_default(96)
  Initialising default vfs hooks
[2009/03/03 21:54:47,  3] smbd/vfs.c:vfs_init_custom(130)
  Initialising custom vfs hooks from [/[Default VFS]/]
[2009/03/03 21:54:47,  3] lib/util_sid.c:string_to_sid(228)
  string_to_sid: Sid root does not start with 'S-'.
[2009/03/03 21:54:47,  3] smbd/sec_ctx.c:push_sec_ctx(224)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/03/03 21:54:47,  3] smbd/uid.c:push_conn_ctx(383)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/03/03 21:54:47,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/03/03 21:54:47,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/03/03 21:54:47,  3] smbd/sec_ctx.c:push_sec_ctx(224)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/03/03 21:54:47,  3] smbd/uid.c:push_conn_ctx(383)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/03/03 21:54:47,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/03/03 21:54:47,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/03/03 21:54:47,  3] smbd/sec_ctx.c:push_sec_ctx(224)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/03/03 21:54:47,  3] smbd/uid.c:push_conn_ctx(383)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/03/03 21:54:47,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/03/03 21:54:47,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/03/03 21:54:47,  3] smbd/sec_ctx.c:push_sec_ctx(224)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/03/03 21:54:47,  3] smbd/uid.c:push_conn_ctx(383)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/03/03 21:54:47,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/03/03 21:54:47,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/03/03 21:54:47,  3] smbd/sec_ctx.c:push_sec_ctx(224)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/03/03 21:54:47,  3] smbd/uid.c:push_conn_ctx(383)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/03/03 21:54:47,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/03/03 21:54:47,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/03/03 21:54:47,  3] smbd/sec_ctx.c:push_sec_ctx(224)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/03/03 21:54:47,  3] smbd/uid.c:push_conn_ctx(383)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/03/03 21:54:47,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/03/03 21:54:47,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/03/03 21:54:47,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (1000, 1000) - sec_ctx_stack_ndx = 0
[2009/03/03 21:54:47,  1] smbd/service.c:make_connection_snum(1103)
  mykerinos (::ffff:127.0.0.1) connect to service public initially as user bubulle (uid=1000, gid=1000) (pid 23751)
[2009/03/03 21:54:47,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/03/03 21:54:47,  3] smbd/reply.c:reply_tcon_and_X(789)
  tconX service=PUBLIC
[2009/03/03 21:54:47,  3] smbd/process.c:process_smb(1554)
  Transaction 7 of length 57 (0 toread)
[2009/03/03 21:54:47,  3] smbd/process.c:switch_message(1378)
  switch message SMBecho (pid 23751) conn 0x0
[2009/03/03 21:54:47,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/03/03 21:54:47,  3] smbd/reply.c:reply_echo(4649)
  echo 1 times
[2009/03/03 21:54:49,  3] smbd/process.c:process_smb(1554)
  Transaction 8 of length 80 (0 toread)
[2009/03/03 21:54:49,  3] smbd/process.c:switch_message(1378)
  switch message SMBopenX (pid 23751) conn 0x9094468
[2009/03/03 21:54:49,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (1000, 1000) - sec_ctx_stack_ndx = 0
[2009/03/03 21:54:49,  3] smbd/dosmode.c:unix_mode(124)
  unix_mode(foo) returning 0760
[2009/03/03 21:54:49,  2] smbd/open.c:open_file(520)
  bubulle opened file foo read=Yes write=Yes (numopen=1)
[2009/03/03 21:54:49,  3] smbd/process.c:process_smb(1554)
  Transaction 9 of length 75 (0 toread)
[2009/03/03 21:54:49,  3] smbd/process.c:switch_message(1378)
  switch message SMBwriteX (pid 23751) conn 0x9094468
[2009/03/03 21:54:49,  3] lib/util.c:fcntl_getlock(2085)
  fcntl_getlock: fd 27 is returned info 2 pid 0
[2009/03/03 21:54:49,  3] smbd/oplock.c:initial_break_processing(299)
  initial_break_processing: called for 307:6019fd/1
  Current oplocks_open (exclusive = 0, levelII = 0)
[2009/03/03 21:54:49,  3] smbd/oplock.c:process_oplock_async_level2_break_message(437)
  process_oplock_async_level2_break_message: downgrading fake level 2 oplock.
[2009/03/03 21:54:49,  3] smbd/reply.c:reply_write_and_X(4121)
  writeX fnum=9246 num=7 wrote=7
[2009/03/03 21:54:49,  3] smbd/process.c:process_smb(1554)
  Transaction 10 of length 45 (0 toread)
[2009/03/03 21:54:49,  3] smbd/process.c:switch_message(1378)
  switch message SMBclose (pid 23751) conn 0x9094468
[2009/03/03 21:54:49,  3] smbd/reply.c:reply_close(4338)
  close fd=27 fnum=9246 (numopen=1)
[2009/03/03 21:54:49,  3] locking/locking.c:get_share_mode_lock(825)
  fill_share_mode_lock failed
[2009/03/03 21:54:49,  2] smbd/close.c:close_normal_file(594)
  bubulle closed file foo (numopen=0) NT_STATUS_OK
[2009/03/03 21:54:50,  3] smbd/process.c:process_smb(1554)
  Transaction 11 of length 39 (0 toread)
[2009/03/03 21:54:50,  3] smbd/process.c:switch_message(1378)
  switch message SMBtdis (pid 23751) conn 0x9094468
[2009/03/03 21:54:50,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/03/03 21:54:50,  3] smbd/sec_ctx.c:set_sec_ctx(324)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/03/03 21:54:50,  1] smbd/service.c:close_cnum(1315)
  mykerinos (::ffff:127.0.0.1) closed connection to service public

Comment 1 Jeremy Allison 2009-03-03 18:05:41 UTC

Created attachment 3968 [details]
Patch for 3.3.1

This is a nasty one. Warrents a 3.3.2 I think. Very subtle bug to fix.
Jeremy.

Comment 2 Debian samba package maintainers (PUBLIC MAILING LIST) 2009-03-04 14:46:24 UTC

Jeremy, do you need us to confirm that the fix works (needs recompiling with the patch,e tc...) or do you consider it to be OK without other checks?

--
Christian Perrier, for Debian maintainers

Comment 3 Volker Lendecke 2009-03-04 14:51:37 UTC

I've confirmed that current 3-3-test does work. I don't really like the patch though, I'm working on a different solution. Not sure what 3.3.2 will ship with. If you can wait a day or two, we'll know.

Volker

Comment 4 Jeremy Allison 2009-03-04 16:55:01 UTC

Ok, after working with Volker on this. Yes - please compile and test with this patch. This will be the patch that goes into 3.3.2.
Thanks,
Jeremy.

Comment 5 Karolin Seeger 2009-06-15 02:21:29 UTC

Closing out bug report.
Please re-open if it's still an issue.

Thanks for reporting!