Bug 8886 - Unable to create new group policy with s3fs backend
Unable to create new group policy with s3fs backend
Status: RESOLVED FIXED
Product: Samba 4.0
Classification: Unclassified
Component: File services
unspecified
All All
: P5 regression
: ---
Assigned To: Andrew Tridgell
samba4-qa@samba.org
:
Depends on:
Blocks: 8622
  Show dependency treegraph
 
Reported: 2012-04-22 06:57 UTC by Matthieu Patou
Modified: 2012-08-23 00:49 UTC (History)
4 users (show)

See Also:


Attachments
tcpdump trace (46.16 KB, application/octet-stream)
2012-04-24 21:13 UTC, Matthieu Patou
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Matthieu Patou 2012-04-22 06:57:35 UTC
With user administrator the creation of new policy when using the s3fs backend fails.
The attached trace show that packet 96 and 97 are the cause of the failure.
S3FS fails to set ACLs as requested by the client.
Comment 1 Volker Lendecke 2012-04-24 19:48:02 UTC
No trace attached
Comment 2 Matthieu Patou 2012-04-24 21:13:03 UTC
Created attachment 7486 [details]
tcpdump trace
Comment 3 Matthieu Patou 2012-04-24 21:13:48 UTC
(In reply to comment #1)
> No trace attached

Oups sorry, trace uploaded.
Comment 4 Volker Lendecke 2012-04-25 06:38:50 UTC
Ok, we need to support "Domain Admins" as file owner in acl_xattr
Comment 5 Michael Adam 2012-04-25 23:38:37 UTC
Possible explanation:
Acl code wants to set the owner to Domain Admins, which is a group.
This triggers a chown in the lower level (posix acls), and this
fails because this is a group.

Maybe idmap_both support can help curing this.

Including metze.
Comment 6 Stefan Metzmacher 2012-06-01 07:33:51 UTC
Matthieu, does this still fail?
Comment 7 Björn Baumbach 2012-07-10 13:47:20 UTC
(In reply to comment #6)
> Matthieu, does this still fail?

It doesn't fail with beta3:
Creating a GPO as Administrator from a Windows 7 client:

# file: opt/samba/var/locks/sysvol/testrealm.private/Policies/{3244D071-24CA-4104-B693-C34CE004EF68}
# owner: 3000011
# group: users
user::rwx
user:3000011:rwx
group::---
group:Enterprise\040Admins:rwx
group:Domain\040Admins:rwx
group:3000012:r-x
group:3000016:rwx
group:3000017:r-x
mask::rwx
other::---
default:user::rwx
default:user:3000011:rwx
default:group::---
default:group:Enterprise\040Admins:rwx
default:group:Domain\040Admins:rwx
default:group:3000012:r-x
default:group:3000016:rwx
default:group:3000017:r-x
default:mask::rwx
default:other::---
Comment 8 Andrew Bartlett 2012-08-23 00:49:36 UTC
Marking as fixed on this basis.