Whenever files mounted from a GNU/Linux client using cifs option, the directive of veto files were not consistently enforced (on a) on some shares. To compound the problem, it could not be determined when the veto parameter will work or fail. The problem can be replicated by using this command: mount -t cifs //samba_server/networkshare -o username=somename,password=<verysecretpassword> /mountpoint The temporary remedy, as pointed out by Mr. Jeff Layton, is to issue a -o nounix switch. Thus: mount -t cifs //samba_server/networkshare -o username=somename,password=<verysecretpassword>,nounix /mountpoint With nounix option, the following were observed: 1) Couldn't create/transfer files on shares the bearing a vetoed pattern from any Linux client. 2) Vetoed files that transferred on shares via scp were not displayed when shares mounted with -o nounix, or accessed using Konqueror, Dolphin, Nautilus. Servers that were used were Debian GNU/Linux 5 (3.2.5, 3.3.4) and NetBSD 5 (version 3.0.34). Its is to be noted that this unexpected behaviour only occurs only on Linux clients and not with Windows clients.
I'd like some more information on this please. Can you give me you smb.conf, a listing of a directory containing veto'ed files, and a debug level 10 trace from a Linux client showing this problem please ? Thanks, Jeremy.
(In reply to comment #1) > I'd like some more information on this please. > Can you give me you smb.conf, a listing of a directory containing veto'ed > files, and a debug level 10 trace from a Linux client showing this problem > please ? > Thanks, > Jeremy. > Hello Jeremy! 1) smb.conf #======================= Global Settings ======================= [global] workgroup = CHEDCO netbios name = ANDRES (ANDRES2 when both servers were up simultaneously) server string = Windows 2003 Enterprise Server interfaces = lo bond0 (agr0 for NetBSD) bind interfaces only = yes hosts deny = ALL hosts allow = 172.16.4.0/22 127.0.0.1 dont descend = /proc /dev /root /tmp /srv /mnt /media #### Debugging/Accounting #### log file = /var/log/samba/%m.log log level = 3 max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d ###### Authentication ####### security = user encrypt passwords = true guest ok = no passdb backend = tdbsam ########## Domains ########### domain logons = yes logon path = logon home = logon script = %U.bat ########## Printing ########## load printers = no ############ Misc ############ socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 95 (96 when on NETBSD when both servers were up) domain master = yes preferred master = yes time server = yes dns proxy = no ====================== Share Definitions ======================= [misdata] path = /home/misdata comment = misdata group directory guest ok = no writeable = yes create mask = 0660 directory mask = 0750 force group = misdata valid users = @misdata veto files = /*.deb/*.rpm/*.mp3/*.mp4/*.dat/*.mpg/*.mpeg/*.avi/*.wmv/*.iso/*.nrg/*.bin/*.cue/*.exe/*.msi/*.dll/*.pif/*.scr/*.ini/*.bat/*.com/*.cmd/*.vb/*.vbs/*.inf/*.3gp/*.mov/*.rar/*.flv/DSC*.jpg/DSC*.jpeg delete veto files = yes [oppri] path = /home/oppri comment = oppri common directory guest ok = no read only = yes create mask = 0664 directory mask = 0775 read list = @chedusers write list = @misdata @misnet veto files = /*.deb/*.rpm/*.mp3/*.mp4/*.dat/*.mpg/*.mpeg/*.avi/*.wmv/*.iso/*.nrg/*.bin/*.cue/*.exe/*.msi/*.dll/*.pif/*.scr/*.ini/*.bat/*.com/*.cmd/*.vb/*.vbs/*.inf/*.3gp/*.mov/*.rar/*.flv/DSC*.jpg/DSC*.jpeg/ delete veto files = yes 2) Directory listing linux-8bu5:~ # mount /dev/sda1 on / type ext3 (rw,acl,user_xattr) /proc on /proc type proc (rw) sysfs on /sys type sysfs (rw) debugfs on /sys/kernel/debug type debugfs (rw) udev on /dev type tmpfs (rw) devpts on /dev/pts type devpts (rw,mode=0620,gid=5) fusectl on /sys/fs/fuse/connections type fusectl (rw) securityfs on /sys/kernel/security type securityfs (rw) none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw) gvfs-fuse-daemon on /home/ibmtest/.gvfs type fuse.gvfs-fuse-daemon (rw,nosuid,nodev,user=ibmtest) //172.16.4.10/misdata on /media/share1 type cifs (rw,mand) //172.16.4.10/oppri on /media/share2 type cifs (rw,mand) linux-8bu5:~ # ls -la /media/share1 total 24 drwxrwx--T 6 root 1007 0 May 19 2009 . drwxr-xr-x 4 root root 4096 May 18 15:20 .. drwxr-x--- 2 1005 1007 0 May 19 2009 New Folder -rw-rw-r-- 1 1005 1007 2 May 10 19:41 president_txt -rw-r--r-- 1 1005 1007 11312 Feb 27 08:59 sample_docu.odt -rw-rw-r-- 1 1005 1007 45 May 15 04:20 testing drwxr-x--- 11 1005 1007 0 May 16 10:46 untitled folder drwxr-x--- 3 1005 1007 0 May 16 08:46 untitled folder 2 linux-8bu5:~ # ls -la /media/share2 total 3172 drwxrwx--T 7 root 1008 0 May 19 2009 . drwxr-xr-x 4 root root 4096 May 18 15:20 .. -rw-r--r-- 1 1005 1007 1538048 Jan 21 04:53 43j925a.iso drwxr-xr-x 2 1005 1007 0 May 15 10:14 folder.dll drwxr-xr-x 2 1005 1007 0 May 16 03:52 folder.exe drwxr-xr-x 2 1005 1007 0 May 19 2009 folder.iso -rwx------ 1 1005 1007 1693569 Feb 19 2004 record.mp3 drwxrwxr-x 4 1005 1007 0 May 16 10:47 untitled folder drwxrwxr-x 2 1005 1007 0 May 19 2009 untitled folder 2
(In reply to comment #1) > I'd like some more information on this please. > Can you give me you smb.conf, a listing of a directory containing veto'ed > files, and a debug level 10 trace from a Linux client showing this problem > please ? > Thanks, > Jeremy. > Hello Jeremy! Any links/docs on how to correctly perform level 10 trace from a Linux client? Joseph
just tested with samba 4.12 and kernel 5.4 cifs vfs with SMB1 and unix extensions, veto files does prohibit creation of vetoed files and it prohibits access to existing vetoed files