Discussion:
Samba POSIX ACL behavior
Steve French
2013-11-14 18:13:35 UTC
Permalink
I recently encountered the following strange behavior as mentioned in
https://lists.samba.org/archive/linux-cifs-client/2009-February/004079.html
I'm currently running Ubuntu 12.04 LTS on desktop and server, so
I took some time to try the latest packaged versions of Samba and
the kernel to make sure that the issue had not yet been fixed.
Client: Ubuntu 12.04 LTS with Kernel 3.11.0-13-generic
Server: Ubuntu 12.04 LTS with Samba 3.6.20 and Kernel 3.5.0-43-generic
I tried many other combinations and the behavior is the same. It
looks like setting default ACLs somehow interacts with the
non-default ACLs and vice versa.
I tried this here to Samba 3.6 with slightly different results:
1) If I set both a default and non-default ACL that seems to work
2) but as you and Rob saw, if I setfacl a default ACL it removes the
non-default ACL
3) and if I setfacl a non-default ACL it removes the default ACL

So for case 2 and 3 the behavior is different than for a local file
system. This may be a server bug.

For Samba 4 and Samba 4.2-pre (master) - I get an error not supported on
this infolevel 512 (Set POSIX ACL).
--
Thanks,

Steve
Steve French
2013-11-14 18:14:01 UTC
Permalink
---------- Forwarded message ----------
From: Steve French <smfrench-***@public.gmane.org>
Date: Thu, Nov 14, 2013 at 12:13 PM
Subject: Samba POSIX ACL behavior
I recently encountered the following strange behavior as mentioned in
https://lists.samba.org/archive/linux-cifs-client/2009-February/004079.html
I'm currently running Ubuntu 12.04 LTS on desktop and server, so
I took some time to try the latest packaged versions of Samba and
the kernel to make sure that the issue had not yet been fixed.
Client: Ubuntu 12.04 LTS with Kernel 3.11.0-13-generic
Server: Ubuntu 12.04 LTS with Samba 3.6.20 and Kernel 3.5.0-43-generic
I tried many other combinations and the behavior is the same. It
looks like setting default ACLs somehow interacts with the
non-default ACLs and vice versa.
I tried this here to Samba 3.6 with slightly different results:
1) If I set both a default and non-default ACL that seems to work
2) but as you and Rob saw, if I setfacl a default ACL it removes the
non-default ACL
3) and if I setfacl a non-default ACL it removes the default ACL

So for case 2 and 3 the behavior is different than for a local file
system. This may be a server bug.

For Samba 4 and Samba 4.2-pre (master) - I get an error not supported
on this infolevel 512 (Set POSIX ACL).
--
Thanks,

Steve
--
Thanks,

Steve
Jeremy Allison
2013-11-14 18:18:58 UTC
Permalink
Post by Steve French
I recently encountered the following strange behavior as mentioned in
https://lists.samba.org/archive/linux-cifs-client/2009-February/004079.html
I'm currently running Ubuntu 12.04 LTS on desktop and server, so
I took some time to try the latest packaged versions of Samba and
the kernel to make sure that the issue had not yet been fixed.
Client:  Ubuntu 12.04 LTS with Kernel 3.11.0-13-generic
Server:  Ubuntu 12.04 LTS with Samba 3.6.20 and Kernel 3.5.0-43-generic
I tried many other combinations and the behavior is the same.  It
looks like setting default ACLs somehow interacts with the
non-default ACLs and vice versa.
1) If I set both a default and non-default ACL that seems to work
2) but as you and Rob saw, if I setfacl a default ACL it removes the non-
default ACL
3) and if I setfacl a non-default ACL it removes the default ACL
So for case 2 and 3 the behavior is different than for a local file system. 
This may be a server bug.
Can you send me a wireshark trace ?
Post by Steve French
For Samba 4 and Samba 4.2-pre (master) - I get an error not supported on this
infolevel 512 (Set POSIX ACL).
You're running the wrong server :-). You need smbd running, not the source4
server.

Jeremy.
Steve French
2013-11-14 18:32:43 UTC
Permalink
Post by Jeremy Allison
Post by Steve French
I recently encountered the following strange behavior as mentioned in
https://lists.samba.org/archive/linux-cifs-client/2009-February/004079.html
I'm currently running Ubuntu 12.04 LTS on desktop and server, so
I took some time to try the latest packaged versions of Samba and
the kernel to make sure that the issue had not yet been fixed.
Client: Ubuntu 12.04 LTS with Kernel 3.11.0-13-generic
Server: Ubuntu 12.04 LTS with Samba 3.6.20 and Kernel 3.5.0-43-generic
I tried many other combinations and the behavior is the same. It
looks like setting default ACLs somehow interacts with the
non-default ACLs and vice versa.
1) If I set both a default and non-default ACL that seems to work
2) but as you and Rob saw, if I setfacl a default ACL it removes the non-
default ACL
3) and if I setfacl a non-default ACL it removes the default ACL
So for case 2 and 3 the behavior is different than for a local file system.
This may be a server bug.
Can you send me a wireshark trace ?
Post by Steve French
For Samba 4 and Samba 4.2-pre (master) - I get an error not supported on this
infolevel 512 (Set POSIX ACL).
You're running the wrong server :-). You need smbd running, not the source4
server.
***@steven-GA-970A-DS3:/etc$ ps -A | grep "mbd"
2321 ? 00:00:00 smbd
19715 ? 00:00:00 smbd
19721 ? 00:00:00 smbd

This is smbd
Version 4.2.0pre1-GIT-72b240f
--
Thanks,

Steve
Jeremy Allison
2013-11-14 19:14:24 UTC
Permalink
Post by Steve French
Post by Jeremy Allison
Post by Steve French
I recently encountered the following strange behavior as mentioned in
https://lists.samba.org/archive/linux-cifs-client/2009-February/004079.html
I'm currently running Ubuntu 12.04 LTS on desktop and server, so
I took some time to try the latest packaged versions of Samba and
the kernel to make sure that the issue had not yet been fixed.
Client: Ubuntu 12.04 LTS with Kernel 3.11.0-13-generic
Server: Ubuntu 12.04 LTS with Samba 3.6.20 and Kernel 3.5.0-43-generic
I tried many other combinations and the behavior is the same. It
looks like setting default ACLs somehow interacts with the
non-default ACLs and vice versa.
1) If I set both a default and non-default ACL that seems to work
2) but as you and Rob saw, if I setfacl a default ACL it removes the non-
default ACL
3) and if I setfacl a non-default ACL it removes the default ACL
So for case 2 and 3 the behavior is different than for a local file system.
This may be a server bug.
Can you send me a wireshark trace ?
Post by Steve French
For Samba 4 and Samba 4.2-pre (master) - I get an error not supported on this
infolevel 512 (Set POSIX ACL).
You're running the wrong server :-). You need smbd running, not the source4
server.
2321 ? 00:00:00 smbd
19715 ? 00:00:00 smbd
19721 ? 00:00:00 smbd
This is smbd
Version 4.2.0pre1-GIT-72b240f
Then I definitely need the wireshark trace. I have never seen error
not supported from smbd.
Steve French
2013-11-14 19:37:09 UTC
Permalink
OK - figured out what the problem with Samba 4.x build (did not have
package acl-dev on Ubuntu and didn't see any mention of needing to
install that package in the log - but found the answer to the problem
googling)

So ... the set posix acl call works, but the behavior is similar to
what Rob and the recent poster described.
Post by Steve French
I recently encountered the following strange behavior as mentioned in
https://lists.samba.org/archive/linux-cifs-client/2009-February/004079.html
I'm currently running Ubuntu 12.04 LTS on desktop and server, so
I took some time to try the latest packaged versions of Samba and
the kernel to make sure that the issue had not yet been fixed.
Client: Ubuntu 12.04 LTS with Kernel 3.11.0-13-generic
Server: Ubuntu 12.04 LTS with Samba 3.6.20 and Kernel 3.5.0-43-generic
I tried many other combinations and the behavior is the same. It
looks like setting default ACLs somehow interacts with the
non-default ACLs and vice versa.
1) If I set both a default and non-default ACL that seems to work
2) but as you and Rob saw, if I setfacl a default ACL it removes the
non-default ACL
3) and if I setfacl a non-default ACL it removes the default ACL
So for case 2 and 3 the behavior is different than for a local file system.
This may be a server bug.
For Samba 4 and Samba 4.2-pre (master) - I get an error not supported on
this infolevel 512 (Set POSIX ACL).
--
Thanks,
Steve
--
Thanks,

Steve
Loading...