Bug 6385 - UnUsual behaviour of veto files parameter on Samba 3.x on cifs mounted shares
UnUsual behaviour of veto files parameter on Samba 3.x on cifs mounted shares
Status: NEW
Product: Samba 3.3
Classification: Unclassified
Component: File services
3.3.4
x64 Linux
: P3 major
: ---
Assigned To: Jeremy Allison
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-05-21 11:47 UTC by Joseph A. Dacuma
Modified: 2009-05-28 12:58 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Joseph A. Dacuma 2009-05-21 11:47:42 UTC
Whenever files mounted from a GNU/Linux client using cifs option, the directive of veto files were not consistently enforced (on a) on some shares. To compound the problem, it could not be determined when the veto parameter will work or fail.

The problem can be replicated by using this command:

mount -t cifs //samba_server/networkshare -o username=somename,password=<verysecretpassword> /mountpoint

The temporary remedy, as pointed out by Mr. Jeff Layton, is to issue a -o nounix
switch. Thus:

mount -t cifs //samba_server/networkshare -o username=somename,password=<verysecretpassword>,nounix /mountpoint

With nounix option, the following were observed:

1) Couldn't create/transfer files on shares the bearing a vetoed pattern from any Linux client.

2) Vetoed files that transferred on shares via scp were not displayed when shares mounted with -o nounix, or accessed using Konqueror, Dolphin, Nautilus.

Servers that were used were Debian GNU/Linux 5 (3.2.5, 3.3.4) and NetBSD 5 (version 3.0.34). Its is to be noted that this unexpected behaviour only occurs only on Linux clients and not with Windows clients.
Comment 1 Jeremy Allison 2009-05-21 15:25:18 UTC
I'd like some more information on this please.
Can you give me you smb.conf, a listing of a directory containing veto'ed files, and a debug level 10 trace from a Linux client showing this problem please ?
Thanks,
Jeremy.
Comment 2 Joseph A. Dacuma 2009-05-27 23:21:10 UTC
(In reply to comment #1)
> I'd like some more information on this please.
> Can you give me you smb.conf, a listing of a directory containing veto'ed
> files, and a debug level 10 trace from a Linux client showing this problem
> please ?
> Thanks,
> Jeremy.
> 

Hello Jeremy!


1) smb.conf

#======================= Global Settings =======================

[global]

   workgroup = CHEDCO
   netbios name = ANDRES (ANDRES2 when both servers were up simultaneously)
   server string = Windows 2003 Enterprise Server

   interfaces = lo bond0 (agr0 for NetBSD)
   bind interfaces only = yes
   hosts deny = ALL
   hosts allow = 172.16.4.0/22 127.0.0.1

   dont descend = /proc /dev /root /tmp /srv /mnt /media

#### Debugging/Accounting ####

   log file = /var/log/samba/%m.log
   log level = 3
   max log size = 1000
   syslog = 0
   panic action = /usr/share/samba/panic-action %d

###### Authentication #######

   security = user
   encrypt passwords = true
   guest ok = no
   passdb backend = tdbsam

########## Domains ###########

   domain logons = yes
   logon path =
   logon home =
   logon script = %U.bat

########## Printing ##########

  load printers = no

############ Misc ############

   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   os level = 95 (96 when on NETBSD when both servers were up)
   domain master = yes
   preferred master = yes
   time server = yes
   dns proxy = no

====================== Share Definitions =======================

[misdata]
   path = /home/misdata
   comment = misdata group directory
   guest ok = no
   writeable = yes
   create mask = 0660
   directory mask = 0750
   force group = misdata
   valid users = @misdata
   veto files = /*.deb/*.rpm/*.mp3/*.mp4/*.dat/*.mpg/*.mpeg/*.avi/*.wmv/*.iso/*.nrg/*.bin/*.cue/*.exe/*.msi/*.dll/*.pif/*.scr/*.ini/*.bat/*.com/*.cmd/*.vb/*.vbs/*.inf/*.3gp/*.mov/*.rar/*.flv/DSC*.jpg/DSC*.jpeg
   delete veto files = yes

[oppri]
   path = /home/oppri
   comment = oppri common directory
   guest ok = no
   read only = yes
   create mask = 0664
   directory mask = 0775
   read list = @chedusers
   write list = @misdata @misnet
   veto files = /*.deb/*.rpm/*.mp3/*.mp4/*.dat/*.mpg/*.mpeg/*.avi/*.wmv/*.iso/*.nrg/*.bin/*.cue/*.exe/*.msi/*.dll/*.pif/*.scr/*.ini/*.bat/*.com/*.cmd/*.vb/*.vbs/*.inf/*.3gp/*.mov/*.rar/*.flv/DSC*.jpg/DSC*.jpeg/
   delete veto files = yes


2) Directory listing

linux-8bu5:~ # mount
/dev/sda1 on / type ext3 (rw,acl,user_xattr)
/proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
debugfs on /sys/kernel/debug type debugfs (rw)
udev on /dev type tmpfs (rw)
devpts on /dev/pts type devpts (rw,mode=0620,gid=5)
fusectl on /sys/fs/fuse/connections type fusectl (rw)
securityfs on /sys/kernel/security type securityfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
gvfs-fuse-daemon on /home/ibmtest/.gvfs type fuse.gvfs-fuse-daemon (rw,nosuid,nodev,user=ibmtest)
//172.16.4.10/misdata on /media/share1 type cifs (rw,mand)
//172.16.4.10/oppri on /media/share2 type cifs (rw,mand)

linux-8bu5:~ # ls -la /media/share1
total 24
drwxrwx--T  6 root 1007     0 May 19  2009 .
drwxr-xr-x  4 root root  4096 May 18 15:20 ..
drwxr-x---  2 1005 1007     0 May 19  2009 New Folder
-rw-rw-r--  1 1005 1007     2 May 10 19:41 president_txt
-rw-r--r--  1 1005 1007 11312 Feb 27 08:59 sample_docu.odt
-rw-rw-r--  1 1005 1007    45 May 15 04:20 testing
drwxr-x--- 11 1005 1007     0 May 16 10:46 untitled folder
drwxr-x---  3 1005 1007     0 May 16 08:46 untitled folder 2

linux-8bu5:~ # ls -la /media/share2
total 3172
drwxrwx--T 7 root 1008       0 May 19  2009 .
drwxr-xr-x 4 root root    4096 May 18 15:20 ..
-rw-r--r-- 1 1005 1007 1538048 Jan 21 04:53 43j925a.iso
drwxr-xr-x 2 1005 1007       0 May 15 10:14 folder.dll
drwxr-xr-x 2 1005 1007       0 May 16 03:52 folder.exe
drwxr-xr-x 2 1005 1007       0 May 19  2009 folder.iso
-rwx------ 1 1005 1007 1693569 Feb 19  2004 record.mp3
drwxrwxr-x 4 1005 1007       0 May 16 10:47 untitled folder
drwxrwxr-x 2 1005 1007       0 May 19  2009 untitled folder 2
Comment 3 Joseph A. Dacuma 2009-05-28 12:58:01 UTC
(In reply to comment #1)
> I'd like some more information on this please.
> Can you give me you smb.conf, a listing of a directory containing veto'ed
> files, and a debug level 10 trace from a Linux client showing this problem
> please ?
> Thanks,
> Jeremy.
> 

Hello Jeremy!

Any links/docs on how to correctly perform level 10 trace from a Linux client?

Joseph