| View previous topic :: View next topic |
| Author |
Message |
javeree
Guru
Joined: 29 Jan 2006
Posts: 455
|
 Posted: Wed Feb 28, 2007 9:36 pm Post subject: permissions on samba share change automatically |
 |
|
First of all some information:
in /etc/fstab
| Quote: | | //Venus/D_ /mnt/D cifs users,gid=smb,file_mode=0770,dir_mode=0770,iocharset=iso8859-15,credentials=/etc/samba/credentials 0 0 |
Venus is a Windows XP home machine
if I open xterm, I can do
| Code: | cd /mnt/D
mkdir test6
ls -ld test* # in previous attempts I had already created the other testx directories
drwxrwx--- 1 root smb 0 Feb 28 21:50 test3/
drwxrwx--- 1 root smb 0 Feb 28 21:52 test4/
drwxrwx--- 1 root smb 0 Feb 28 21:52 test5/
drwxr-xr-x 2 root smb 0 Feb 28 21:52 test6/
ls -ld test* # I can repeat the command as many times as I want, without the permissions of test6 being different from 750, although I had expected 770
ls -ld test6
drwxrwx--- 1 root smb 0 Feb 28 21:52 test6/
# WOW, permissions suddenly changed
ls -ld test*
drwxrwx--- 1 root smb 0 Feb 28 21:50 test3/
drwxrwx--- 1 root smb 0 Feb 28 21:52 test4/
drwxrwx--- 1 root smb 0 Feb 28 21:52 test5/
drwxrwx--- 1 root smb 0 Feb 28 21:52 test6/
# and they remain changed as of now !! |
I see similar behaviour in thunar (that's how I first found out about this), where I sometimes could write files in newly created directories or sometimes not.
Anyhow, I believe this must be a problem with the way cifs has been setup. Can anyone explain what is happening here ?
By the way, in my kernel's .config, I have
| Quote: | #
# Network File Systems
#
CONFIG_NFS_FS=m
CONFIG_NFS_V3=y
# CONFIG_NFS_V3_ACL is not set
# CONFIG_NFS_V4 is not set
# CONFIG_NFS_DIRECTIO is not set
CONFIG_NFSD=m
CONFIG_NFSD_V3=y
# CONFIG_NFSD_V3_ACL is not set
# CONFIG_NFSD_V4 is not set
CONFIG_NFSD_TCP=y
CONFIG_LOCKD=m
CONFIG_LOCKD_V4=y
CONFIG_EXPORTFS=m
CONFIG_NFS_COMMON=y
CONFIG_SUNRPC=m
# CONFIG_RPCSEC_GSS_KRB5 is not set
# CONFIG_RPCSEC_GSS_SPKM3 is not set
CONFIG_SMB_FS=m
CONFIG_SMB_NLS_DEFAULT=y
CONFIG_SMB_NLS_REMOTE="cp850"
CONFIG_CIFS=m
CONFIG_CIFS_STATS=y
# CONFIG_CIFS_STATS2 is not set
# CONFIG_CIFS_XATTR is not set
# CONFIG_CIFS_EXPERIMENTAL is not set
# CONFIG_NCP_FS is not set
# CONFIG_CODA_FS is not set
# CONFIG_AFS_FS is not set
# CONFIG_9P_FS is not set
|
|
|
| Back to top |
|
 |
javeree_work
Tux's lil' helper
Joined: 13 Apr 2005
Posts: 84
|
| Posted: Thu Mar 01, 2007 9:18 am Post subject: |
|
|
| I saw that permissions are not the only thing that changes. after doing ls -ld test6, the number immediately after the permissions decreases too. According to `man ls`, this number indicates the number of links to the file. However, no links are involved at all ? |
|
| Back to top |
|
|
desultory
Bodhisattva
Joined: 04 Nov 2005
Posts: 9410
|
| Posted: Fri Mar 02, 2007 5:29 am Post subject: |
|
|
| Moved from Desktop Environments to Networking & Security. |
|
| Back to top |
|
|
KWhat
l33t
Joined: 04 Sep 2005
Posts: 660
Location: Los Angeles
|
| Posted: Fri Mar 09, 2007 12:10 am Post subject: |
|
|
| bump |
|
| Back to top |
|
|
javeree_work
Tux's lil' helper
Joined: 13 Apr 2005
Posts: 84
|
| Posted: Mon May 21, 2007 9:21 am Post subject: |
|
|
I found out what is the probable cause of the problem above, but not what the solution is.
I tried the above mentioned commands, but using different umasks on the client. I saw that when a directory is created, the (incorrect) permissions it gets are the ones specified by the umask, not the ones specified by the dir_mask from the mount command. The problem lies in the fact that the same thing does not happen with the user/group id. There, the options specified in the mount copmmand are appied immediately. This leads to a status where permission for the creating user are applied to the userid of the mount command instead.
In detail I think this happens:
1. The client creates a directory: the samba protocol sends that to the server, who actually creates the directory using local rules (probably with owner guest/everybody).
2. The cifs client remembers (caches) it created the directory with the umask of local user, but forgets (not-cached) that uid, and applies the mount specified uid instead. Therefore a umask specifying 'only the local user may write' now effectively says 'only the userid specified on the mount command may write'. This effectively prevents the creating user from accessing its own directory. I believe this is a bug, and should be corrected.
An ls -l command shows 2 hard links, which would correspond to the cached info and the uncached info being not equal.
3. Only some commands require the client to query the server again. Only as of that moment, does the client read from the server that the directory exists, and that it should be presented with the permissions as specified in the dir_mask. It throws away the incorrect cached info (thereby reducing the number of links), and applies the permissions that match the uid in the mount command, which now say 'users in the group (which happens to include the creating user) have write access'
In my opinion, one of two possible behaviours should be implemented:
A. the client caches not only the umask permissions, but also the creating user. As long as the server data has not been re-read, it looks as though the creating user has access rights according to the umask. the mount uid/gid is only applied when the mount dir_mask is applied.
B. permissions are not cached and dir_mask is applied immediately.
Maybe such a behaviour is already implemented, and it may be possible to specify what the cifs client does by activating some option in the mount command. However, I was unable to find any such option.
Alternatively, I will file a bug report to the cifs client upstream |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
