Bug 6297 - owner of sticky directory cannot delete files created by others
Summary: owner of sticky directory cannot delete files created by others
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.3
Classification: Unclassified
Component: File services (show other bugs)
Version: 3.3.4
Hardware: All All
: P3 major
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-04-28 20:46 UTC by anonymous
Modified: 2009-06-12 08:46 UTC (History)
1 user (show)

See Also:
vl: review+


Attachments
level 3 log (80.96 KB, text/plain)
2009-04-28 20:51 UTC, anonymous
no flags Details
log for samba 3.2.6, in which sticky directories work well (64.37 KB, text/plain)
2009-05-03 20:12 UTC, anonymous
no flags Details
log for samba 3.3.4, to replace the previous log for 3.3.3 (71.98 KB, text/plain)
2009-05-03 20:14 UTC, anonymous
no flags Details
level 10 log for samba-3.2.6 (332.79 KB, text/plain)
2009-05-05 20:05 UTC, anonymous
no flags Details
level 10 log for samba-3.3.4 (359.90 KB, text/plain)
2009-05-05 20:06 UTC, anonymous
no flags Details
level 10 log for samba-3.4.0pre1 (also failed) (367.13 KB, text/plain)
2009-05-21 03:47 UTC, anonymous
no flags Details
level 10 log for samba-3.4.0pre2 (can't even login) (24.15 KB, text/plain)
2009-06-09 22:12 UTC, anonymous
no flags Details
screen capture when running "sh ./configure ...." (46.15 KB, text/plain)
2009-06-10 21:19 UTC, anonymous
no flags Details
smb.conf (944 bytes, text/plain)
2009-06-10 21:23 UTC, anonymous
no flags Details
/etc/group (316 bytes, text/plain)
2009-06-10 21:23 UTC, anonymous
no flags Details
/etc/passwd (616 bytes, text/plain)
2009-06-10 21:24 UTC, anonymous
no flags Details
smbpasswd (412 bytes, text/plain)
2009-06-10 21:24 UTC, anonymous
no flags Details
Patch for v3-4-test and v3-3-test (1.47 KB, patch)
2009-06-11 15:06 UTC, Jeremy Allison
jra: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description anonymous 2009-04-28 20:46:39 UTC
We've implemented a share for file exchange :

[TEMP]
path = /tmp
read only = no
create mask = 0666
directory mask = 1777

A number of sub-directories are created under /tmp, all of them have the sticky-bit set, i.e. mode 1777 (chmod a+rwxt).
Users can put files in directories which belong to someone else, but the owner of these directories cannot delete the files created by others.

For example, we a directory "/tmp/test_dir" which belongs to "user1" :

drwxrwxrwt   2 user1 users   4096 Apr 29 09:39 test_dir

Then "user2" can put files in it :

~> smbclient -U user2 //xxx.xxx.xxx.xxx/TEMP
Enter user2's password:
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.3.3]
smb: \> cd test_dir
smb: \test_dir\> put test_file.txt
putting file test_file.txt as \test_dir\test_file.txt (0.0 kb/s) (average nan kb/s)
smb: \test_dir\> quit

But "user1" cannot remove the file :

~> smbclient -U user1 //xxx.xxx.xxx.xxx/TEMP
Enter user1's password:
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.3.3]
smb: \> cd test_dir
smb: \test_dir\> del test_file.txt
NT_STATUS_ACCESS_DENIED deleting remote file \test_dir\test_file.txt
smb: \test_dir\> quit

The same bug is found on WinXP & Win9x clients too. However this implementation was working well in previous releases (3.2.x).
Comment 1 anonymous 2009-04-28 20:51:23 UTC
Created attachment 4090 [details]
level 3 log
Comment 2 anonymous 2009-04-30 00:09:09 UTC
The problem still exists after upgrade to samba 3.3.4 today.
Comment 3 anonymous 2009-04-30 00:10:21 UTC
The problem still exists after upgrade to samba 3.3.4 today.
Comment 4 anonymous 2009-05-03 20:12:31 UTC
Created attachment 4107 [details]
log for samba 3.2.6, in which sticky directories work well
Comment 5 anonymous 2009-05-03 20:14:06 UTC
Created attachment 4108 [details]
log for samba 3.3.4, to replace the previous log for 3.3.3
Comment 6 Jeremy Allison 2009-05-04 18:18:41 UTC
Ok, I'll take a look at this. Thanks,
Jeremy.
Comment 7 Jeremy Allison 2009-05-05 15:05:42 UTC
I have tried and can't reproduce this here. Can you post a debug level 10 log of the delete failure please ?
Thanks,
Jeremy.
Comment 8 anonymous 2009-05-05 20:05:33 UTC
Created attachment 4124 [details]
level 10 log for samba-3.2.6
Comment 9 anonymous 2009-05-05 20:06:16 UTC
Created attachment 4125 [details]
level 10 log for samba-3.3.4
Comment 10 anonymous 2009-05-21 03:47:07 UTC
Created attachment 4172 [details]
level 10 log for samba-3.4.0pre1 (also failed)
Comment 11 anonymous 2009-06-09 22:12:12 UTC
Created attachment 4265 [details]
level 10 log for samba-3.4.0pre2 (can't even login)
Comment 12 Jeremy Allison 2009-06-10 17:15:10 UTC
This bug is not reproducible here with latest 3.4.x - this case works perfectly. You will need to give me much more info - such as the group lists of the users you are trying to do this with, and your full smb.conf. I don't consider this a blocker bug as I have no other reports of anyone being able to reproduce this and I can't reproduce it myself.
Jeremy.
Comment 13 anonymous 2009-06-10 21:19:27 UTC
Created attachment 4271 [details]
screen capture when running "sh ./configure ...."
Comment 14 anonymous 2009-06-10 21:23:27 UTC
Created attachment 4272 [details]
smb.conf
Comment 15 anonymous 2009-06-10 21:23:57 UTC
Created attachment 4273 [details]
/etc/group
Comment 16 anonymous 2009-06-10 21:24:17 UTC
Created attachment 4274 [details]
/etc/passwd
Comment 17 anonymous 2009-06-10 21:24:33 UTC
Created attachment 4275 [details]
smbpasswd
Comment 18 anonymous 2009-06-10 21:27:36 UTC
The failure is reproduced with a testbed system.

hardware : Pentium-4 2.8GHz, ASUS P4C800 mainboard, 1GB RAM, 80GB HD
o.s. : bare LFS running kernel-2.6.23.12,
       with binutils-2.17, gcc-4.21, glibc-2.5.1

 1. downloaded ftp://ftp.samba.org/pub/samba/samba-3.3.4.tar.gz
 2. tar zxf samba-3.3.4.tar.gz
 3. cd samba-3.3.4/source
 4. sh ./configure --prefix=/10/samba-3.3.4 --datarootdir=/10/samba-3.3.4 \
       --enable-shared --with-quotas --with-sys-quotas --without-ldap --without-ads
    (see attachment id=4271)
 5. make
 6. make install
 7. ln -s samba-3.3.4 /10/samba
 8. added /10/samba/lib to /etc/ld.so.conf and run ldconfig
 9. created /10/samba/lib/smb.conf
    (see attachment id=4272)
10. created users :
    useradd user1
    useradd user2
    /10/samba/bin/smbpasswd -a root
    /10/samba/bin/smbpasswd -a -n nobody
    /10/samba/bin/smbpasswd -a user1
    /10/samba/bin/smbpasswd -a user2
    (see attachments id=4273,4274,4275)
11. login as user1 :
    mkdir /tmp/test_dir
    chmod a+rwxt /tmp/test_dir
12. /10/samba/sbin/nmbd -D
    /10/samba/sbin/smbd -D
13. /10/samba/bin/smbclient -U user2 //xxx.xxx.xxx.xxx/TMP
    Enter user2's password:
    Domain=[X093] OS=[Unix] Server=[Samba 3.3.4]
    smb: \> cd test_dir
    smb: \test_dir\> put test_file.txt
    putting file test_file.txt as \test_dir\test_file.txt (0.3 kb/s) (average 0.3 kb/s)
    smb: \test_dir\> quit
14. /10/samba/bin/smbclient -U user1 //xxx.xxx.xxx.xxx/TMP
    Enter user1's password:
    Domain=[X093] OS=[Unix] Server=[Samba 3.3.4]
    smb: \> cd test_dir
    smb: \test_dir\> del test_file.txt
    NT_STATUS_ACCESS_DENIED deleting remote file \test_dir\test_file.txt
    smb: \test_dir\> quit

The level 10 log for steps 13 & 14 had been submitted as attachment id=4125.

The above steps had been repeated for different versions and the results are :

samba-3.2.6 : works well (see attachment id=4124)
samba-3.3.4 : fail (see attachment id=4125)
samba-3.4.0pre1 : fail (see attachment id=4172)
samba-3.4.0pre2 : can't login in steps 13 & 14 (see attachment id=4265)
                  /10/samba/bin/smbclient -U user1 //xxxx.xxx.xxx.xxx/TMP
                  Enter user1's password:
                  Connection to xxx.xxx.xxx.xxx failed (Error NT_STATUS_CONNECTION_REFUSED)
Comment 19 Jeremy Allison 2009-06-11 14:39:09 UTC
Ok, I've finally reproduced this. Thanks for your perseverence. I have a patch which I'm currently testing.
Jeremy.
Comment 20 Jeremy Allison 2009-06-11 15:06:39 UTC
Created attachment 4278 [details]
Patch for v3-4-test and v3-3-test

Karolin and Volker, this needs to be in 3.4.0 and 3.3.next. Please review.
Thanks !
Jeremy.
Comment 21 Karolin Seeger 2009-06-12 08:46:08 UTC
Pushed to v3-4-test and v3-3-test.
Will be included in 3.3.5 and 3.4.0.
Closing out bug report.

Thanks for reporting!