Bug 9630 - cifs mount ignores posix permissions and acl's
Summary: cifs mount ignores posix permissions and acl's
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.0
Classification: Unclassified
Component: File services (show other bugs)
Version: 4.0.0
Hardware: x86 Linux
: P5 major (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-02-04 08:24 UTC by steve (retry timeout exceeded; no DNS MX or A record)
Modified: 2013-03-21 16:50 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description steve (retry timeout exceeded; no DNS MX or A record) 2013-02-04 08:24:12 UTC 
When creating a file in a cifs mounted share, the file is always created with universal rw.

I posted this issue to both the samba and samba-technical list but without a response. Here are the details from that post, the commands used and how to reproduce:
----------------------------------------------------------------------------

Whenever a file is created in a cifs mounted share from samba 4.0.3 git (also confirmed on 4.0.2 stable) on a Linux client, it is always created with universal rw no matter what permissions and acl are set on the underlying ext4 file system. 

I have these shares in smb.conf:
[home2]
        path = /home2
        read only = No
[home]
        path = /home2/home
        read only = No

I mount [home] on a Linux client like this:
mount -t cifs //hh1/home2 /home2 -osec=krb5,rw,multiuser

Here is the output of the mount command:

//hh1/home2 on /home2 type cifs (rw,relatime,vers=1.0,sec=krb5,cache=loose,unc=\\hh1\home2,multiuser,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.1.2,unix,posixpaths,serverino,acl,noperm,rsize=1048576,wsize=65536,actimeo=1)

Here are the acl's on the relevant directories:

getfacl /home2
getfacl: Removing leading '/' from absolute path names
# file: home2
# owner: root
# group: root
user::rwx
group::r-x
other::r-x

getfacl /home2/home
getfacl: Removing leading '/' from absolute path names
# file: home2/home
# owner: root
# group: root
user::rwx
group::r-x
other::r-x

getfacl /home2/home/steve2
getfacl: Removing leading '/' from absolute path names
# file: home2/home/steve2
# owner: steve2
# group: Domain\040Users
user::rwx
group::r-x
other::r-x

Now, if steve2 logs in and creates a file on the cifs mounted share on the client:
steve2@hh10:~> touch s2.txt

it is created with universal read write access:
steve2@hh10:~> ls -l s2.txt
-rwxrwxrwx+ 1 steve2 Domain Users 0 Feb  1 12:08 s2.txt

getfacl s2.txt
# file: s2.txt
# owner: steve2
# group: Domain\040Users
user::rwx
user:steve2:rwx
group::rwx
group:Domain\040Users:rwx
mask::rwx
other::rwx

If I log into the fileserver as steve2 (I.e. when it's not mounted), it works fine and files are created as expected:
-rw-r--r--   1 steve2 Domain Users    0 Feb  1 11:52 s3.txt

Question:

Why does the cifs mounted share always create files with universal rw?
What can I do to correct this?
Comment 1 steve (retry timeout exceeded; no DNS MX or A record) 2013-03-21 16:50:51 UTC 
Solved by the security update to 4.0.3 or just installing 4.0.4 over the top.

Thanks.