Bug 1274699

Summary: getcifsacl output differs in rhel7.2
Product: Red Hat Enterprise Linux 7 Reporter: Steeve Goveas <sgoveas>
Component: sambaAssignee: Andreas Schneider <asn>
Status: CLOSED CURRENTRELEASE QA Contact: Robin Hack <rhack>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.4CC: asn, gdeschner, jarrpa, mkosek, mniranja, rhack, sgoveas, xifeng
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-03-28 13:08:04 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1472751    
Attachments:
Description Flags
Samba logs on rhel7.1
none
samba logs on rhel7.2 none

Description Steeve Goveas 2015-10-23 12:05:25 UTC 
Description of problem:
getcifsacl gives expected output, i.e aduser sid or name resolution when samba server is rhel7.1, but gives a different output when samba server is rhel7.2

Version-Release number of selected component (if applicable):
samba-4.2.3-7.el7.x86_64 on rhel 7.2

works with
samba-4.1.12-21.el7_1.x86_64 on rhel7.1
 
How reproducible:
always

Steps to Reproduce:
1.
2.
3.

Actual results:

:: :: [  BEGIN   ] :: Running 'getcifsacl -r /mnt/samba/share1/testfile.660.1.txt|grep 'ACL:S-1-5-21-988729707-3926255045-3384196396-30422:0x0/0x0/0x12019f''
:: [   FAIL   ] :: Command 'getcifsacl -r /mnt/samba/share1/testfile.660.1.txt|grep 'ACL:S-1-5-21-988729707-3926255045-3384196396-30422:0x0/0x0/0x12019f'' (Expected 0, got 1)
:: [  BEGIN   ] :: Running 'getcifsacl /mnt/samba/share1/testfile.660.1.txt'
REVISION:0x1
CONTROL:0x9004
OWNER:S-1-22-1-966430422
GROUP:S-1-22-2-966400513
ACL:S-1-22-1-966430422:ALLOWED/0x0/RW
ACL:S-1-22-2-966400513:ALLOWED/0x0/RW
ACL:Everyone@WORLD AUTHORITY:ALLOWED/0x0/[  BEGIN   ] :: Running 'getcifsacl -r /mnt/samba/share1/testfile.660.1.txt|grep 'ACL:S-1-5-21-988729707-3926255045-3384196396-30422:0x0/0x0/0x12019f''
:: [   FAIL   ] :: Command 'getcifsacl -r /mnt/samba/share1/testfile.660.1.txt|grep 'ACL:S-1-5-21-988729707-3926255045-3384196396-30422:0x0/0x0/0x12019f'' (Expected 0, got 1)
:: [  BEGIN   ] :: Running 'getcifsacl /mnt/samba/share1/testfile.660.1.txt'
REVISION:0x1
CONTROL:0x9004
OWNER:S-1-22-1-966430422
GROUP:S-1-22-2-966400513
ACL:S-1-22-1-966430422:ALLOWED/0x0/RW
ACL:S-1-22-2-966400513:ALLOWED/0x0/RW
ACL:Everyone@WORLD AUTHORITY:ALLOWED/0x0/


Expected results:
:: [ :: [  BEGIN   ] :: Running 'getcifsacl -r /mnt/samba/share1/testfile.660.1.txt|grep 'ACL:S-1-5-21-988729707-3926255045-3384196396-30446:0x0/0x0/0x12019f''
ACL:S-1-5-21-988729707-3926255045-3384196396-30446:0x0/0x0/0x12019f
:: [   PASS   ] :: Command 'getcifsacl -r /mnt/samba/share1/testfile.660.1.txt|grep 'ACL:S-1-5-21-988729707-3926255045-3384196396-30446:0x0/0x0/0x12019f'' (Expected 0, got 0)
:: [  BEGIN   ] :: Running 'getcifsacl /mnt/samba/share1/testfile.660.1.txt'
REVISION:0x1
CONTROL:0x9004
OWNER:smbuser01-1123940
GROUP:domain users
ACL:smbuser01-1123940:ALLOWED/0x0/RW
ACL:domain users:ALLOWED/0x0/RW
ACL:Everyone@WORLD AUTHORITY:ALLOWED/0x0/ BEGIN   ] :: Running 'getcifsacl -r /mnt/samba/share1/testfile.660.1.txt|grep 'ACL:S-1-5-21-988729707-3926255045-3384196396-30446:0x0/0x0/0x12019f''
ACL:S-1-5-21-988729707-3926255045-3384196396-30446:0x0/0x0/0x12019f
:: [   PASS   ] :: Command 'getcifsacl -r /mnt/samba/share1/testfile.660.1.txt|grep 'ACL:S-1-5-21-988729707-3926255045-3384196396-30446:0x0/0x0/0x12019f'' (Expected 0, got 0)
:: [  BEGIN   ] :: Running 'getcifsacl /mnt/samba/share1/testfile.660.1.txt'
REVISION:0x1
CONTROL:0x9004
OWNER:smbuser01-1123940
GROUP:domain users
ACL:smbuser01-1123940:ALLOWED/0x0/RW
ACL:domain users:ALLOWED/0x0/RW
ACL:Everyone@WORLD AUTHORITY:ALLOWED/0x0/

Additional info:
Comment 5 Steeve Goveas 2015-10-24 15:35:23 UTC 
Created attachment 1086099 [details]
Samba logs on rhel7.1
Comment 6 Steeve Goveas 2015-10-24 15:36:13 UTC 
Created attachment 1086102 [details]
samba logs on rhel7.2
Comment 10 Andreas Schneider 2017-08-23 11:19:03 UTC 
I'm not able to reproduce this issue. We get the same behaviour from 4.0.10 to master ...



linux-2f0k:~/samba-upstream # tail /etc/samba/smb.conf
    path = /srv/share
    read only = No
 
[thedata]
    inherit acls = Yes
    path = /data2
    read only = No
    vfs objects = acl_xattr
    map acl inherit = yes
    store dos attributes = yes
linux-2f0k:~/samba-upstream # mount | grep CIFS
//linux-2f0k/thedata on /CIFS type cifs (rw,relatime,vers=1.0,cache=strict,username=domain2test,domain=TESTDOMAIN1,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.100.130,file_mode=0755,dir_mode=0755,nounix,serverino,mapposix,rsize=61440,wsize=65536,actimeo=1)
linux-2f0k:~/samba-upstream # smbd --version
Version 4.0.10
linux-2f0k:~/samba-upstream # getfacl /data2/file.txt
getfacl: Removing leading '/' from absolute path names
# file: data2/file.txt
# owner: TESTDOMAIN1\134administrator
# group: TESTDOMAIN1\134domain\040users
user::rw-
group::r--
other::r--
 
linux-2f0k:~/samba-upstream # smbcacls --version
Version 4.0.10
linux-2f0k:~/samba-upstream # smbcacls -UAdministrator%pass123 //localhost/thedata file.txt
REVISION:1
CONTROL:SR|DP
OWNER:TESTDOMAIN1\administrator
GROUP:TESTDOMAIN1\Domain Users
ACL:TESTDOMAIN1\administrator:ALLOWED/0x0/RWDPO
ACL:TESTDOMAIN1\Domain Users:ALLOWED/0x0/R
ACL:Everyone:ALLOWED/0x0/R
linux-2f0k:~/samba-upstream # getcifsacl -r /CIFS/file.txt
REVISION:0x1
CONTROL:0x8004
OWNER:S-1-5-21-2631861994-2570104940-3658330153-500
GROUP:S-1-5-21-2631861994-2570104940-3658330153-513
ACL:S-1-5-21-2631861994-2570104940-3658330153-500:0x0/0x0/0x1f019f
ACL:S-1-5-21-2631861994-2570104940-3658330153-513:0x0/0x0/0x120089
ACL:S-1-1-0:0x0/0x0/0x120089
linux-2f0k:~/samba-upstream # smbcacls --numeric -UAdministrator%pass123 //localhost/thedata file.txt
REVISION:1
CONTROL:0x8004
OWNER:S-1-5-21-2631861994-2570104940-3658330153-500
GROUP:S-1-5-21-2631861994-2570104940-3658330153-513
ACL:S-1-5-21-2631861994-2570104940-3658330153-500:0/0x0/0x001f019f
ACL:S-1-5-21-2631861994-2570104940-3658330153-513:0/0x0/0x00120089
ACL:S-1-1-0:0/0x0/0x00120089
Comment 12 Andreas Schneider 2018-02-15 12:06:30 UTC 
Does this work with RHEL 7.4 and RHEL 7.5? Could you test that we can close this?
Comment 13 Steeve Goveas 2018-02-19 04:28:54 UTC 
Re-directing needinfo on Niranjan since he looks into these tests.
Comment 14 Andreas Schneider 2018-03-06 13:05:22 UTC 
Niranjan?
Comment 15 Niranjan Mallapadi Raghavender 2018-03-06 16:12:24 UTC 
On RHEL7.5 with samba-4.7.1-6.el7.x86_64 version i could not reproduce the issue that was reported. 


[root@bkr-hv02-guest25 samba]# getcifsacl -r /test1/testdir/testfile1.txt
REVISION:0x1
CONTROL:0x9004
OWNER:S-1-5-21-1570576923-412772934-562026323-6416
GROUP:S-1-5-21-1570576923-412772934-562026323-7420
ACL:S-1-5-21-1570576923-412772934-562026323-6416:0x0/0x0/0x12019f
ACL:S-1-5-21-1570576923-412772934-562026323-7420:0x0/0x0/0x120089
ACL:S-1-1-0:0x0/0x0/0x120089