Bug 142352
| Summary: | smbmount fails to heed specified uid,gid,fmask,dmask | ||
|---|---|---|---|
| Product: | [Retired] Fedora Legacy | Reporter: | kenneth gf brown <shadowplay> |
| Component: | samba | Assignee: | Fedora Legacy Bugs <bugs> |
| Status: | CLOSED DEFERRED | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | fc2 | CC: | fenlason, mattdm, shadowplay |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | i686 | ||
| OS: | Linux | ||
| Whiteboard: | LEGACY, 2, DEFER | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2006-08-13 13:52:24 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
kenneth gf brown
2004-12-09 06:59:32 UTC
additional comments... assuming the roll of the user on the client with the co-responding uid as on the server allows me to open the the file for editing... nano afile when a save occurs.. editing application hangs... /var/log/messages shows Dec 9 01:15:43 clientbox kernel: smb_trans2: invalid data, disp=0, cnt=0, tot=0, ofs=0 Dec 9 01:16:13 clientbox kernel: smb_add_request: request [2c9a6e00, mid=222] timed out! the server shows... -rwxr--r-- 1 526 526 0 Dec 9 01:15 afile and contents of file are destroyed!!! this is kinda scary!!! and explains why ive been having wierd 0 size file issues with my redhat samba shares and any attempt to write data into the file causes hangs and delays and loss of data. If you configure your Samba server with "unix extensions = no", it will act like a Windows server, and smbfs won't be able to act like NFS. Most users who use SMB between two *ix machines want the unix extensions enabled, which is why it is the default. It looks to me like the real bug is that mount.smbfs and mount.cifs don't have "disable unix extensions" options, so you can only disable them on the server. Also, smbfs is buggy and unmaintained. You should be using "mount -t cifs ..." instead. And any Samba related bug report is incomplete without smb.conf files from all the affected machines. Please attach them.
i went to the smbserver ..
the origninal smb.conf that works AS IS from all our
RH9.0 machines...
start smb.conf.orig-->
[global]
# workgroup = NT-Domain-Name or Workgroup-Name
workgroup = WORKGROUP
# server string is the equivalent of the NT Description field
server string = SERVER
hosts allow = aaa.bbb.ccc. 127.
log file = /var/log/samba/%m.log
max log size = 0
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
unix password sync = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
pam password change = yes
obey pam restrictions = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
guest ok = yes
dns proxy = no
[homes]
comment = Home Directories
browseable = no
writeable = yes
valid users = %S
create mode = 0664
directory mode = 0775
[wurmlhtml]
comment = wurml
path = /home/wurml/public_html
writeable = yes
valid users = root
<--end smb.conf.orig
the new one... see the notes below...
i am still experiencing HUGE issues
start smb.conf-->
[global]
# workgroup = NT-Domain-Name or Workgroup-Name
workgroup = WORKGROUP
# server string is the equivalent of the NT Description field
server string = SERVER
hosts allow = aaa.bbb.ccc. 127.
unix extensions = no
log file = /var/log/samba/%m.log
max log size = 0
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
unix password sync = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
pam password change = yes
obey pam restrictions = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
guest ok = yes
dns proxy = no
[homes]
comment = Home Directories
browseable = no
writeable = yes
valid users = %S
create mode = 0664
directory mode = 0775
[wurmlhtml]
comment = wurml
path = /home/wurml/public_html
writeable = yes
valid users = root
<--end smb.conf
as you can see i added the unix extensions=no
as you suggested... and so the continuing saga begins...
restarted the server. fine no problem
i have 2 test cases for you now...
TEST CASE ONE using smbfs
as root on the client
fstab settings...
//SERVER/wurmlhtml /home/wurml/public_html/ \
smbfs password=secret,uid=544,gid=545,fmask=775,dmask=775,\
defaults,rw 0 0
[root@eclipse wurml]# mount //FOCUS/wurmlhtml
[root@eclipse wurml]# cd public_html/
[root@eclipse public_html]# ls -la
total 559
drwxrwxr-x 1 wurml wurml 4096 Dec 9 18:31 .
drwxr-xr-x 4 wurml wurml 4096 Dec 9 18:27 ..
drwxrwxr-x 1 wurml wurml 4096 Nov 29 14:42 imgs
-rwxrwxr-x 1 wurml wurml 83 Dec 9 01:18 index.php
drwxrwxr-x 1 wurml wurml 4096 Dec 9 17:48 usage
.
.
.
-rwxrwxr-x 1 wurml wurml 424 Nov 28 21:53 welcome.php
-rwxrwxr-x 1 wurml wurml 314710 Nov 20 23:34 wurML_inked-kgbmod.psd
-rwxrwxr-x 1 wurml wurml 200684 Nov 20 14:39 wurML_inked.psd
[root@eclipse public_html]# cd usage/
[root@eclipse usage]# ls
index.html
[root@eclipse usage]# echo helpme > index.html
-bash: index.html: Input/output error
[root@eclipse usage]# ls -la
total 8
drwxrwxr-x 1 wurml wurml 4096 Dec 9 17:48 .
drwxrwxr-x 1 wurml wurml 4096 Dec 9 18:31 ..
-rwxrwxr-x 1 wurml wurml 0 Dec 9 17:49 index.html
[root@eclipse usage]# su - httpd
-bash-2.05b$ cd ~wurml/public_html/usage/
-bash-2.05b$ ls -la
total 9
drwxrwxr-x 1 wurml wurml 4096 Dec 9 18:41 .
drwxrwxr-x 1 wurml wurml 4096 Dec 9 18:31 ..
-rwxrwxr-x 1 wurml wurml 7 Dec 9 18:41 index.html
-rwxrwxr-x 1 wurml wurml 19 Dec 9 18:47 test2.html
-bash-2.05b$ echo webtest > test2.html
-bash: test2.html: Input/output error
-bash-2.05b$ ls -la
drwxrwxr-x 1 wurml wurml 4096 Dec 9 18:51 .
drwxrwxr-x 1 wurml wurml 4096 Dec 9 18:31 ..
-rwxrwxr-x 1 wurml wurml 7 Dec 9 18:41 index.html
-rwxrwxr-x 1 wurml wurml 0 Dec 9 18:48 test2.html
NOTE ALL CONTENTS OF TEST2 ARE GONE
this it the /etc/group entry for wurml
wurml:x:545:httpd
and according to the fmask i have
rwx on the entire usage directory.
-bash-2.05b$ echo interesting > httpdtest.html
-bash-2.05b$ ls -la
total 10
drwxrwxr-x 1 wurml wurml 4096 Dec 9 18:53 .
drwxrwxr-x 1 wurml wurml 4096 Dec 9 18:31 ..
-rwxrwxr-x 1 wurml wurml 12 Dec 9 18:53 httpdtest.html
-rwxrwxr-x 1 wurml wurml 7 Dec 9 18:41 index.html
-rwxrwxr-x 1 wurml wurml 0 Dec 9 18:48 test2.html
-rwxrwxr-x 1 wurml wurml 5 Dec 9 18:51 webtest.html
but a second execution of
-bash-2.05b$ echo interesting > httpdtest.html
-bash: httpdtest.html: Input/output error
-bash-2.05b$ ls -la
total 9
drwxrwxr-x 1 wurml wurml 4096 Dec 9 18:53 .
drwxrwxr-x 1 wurml wurml 4096 Dec 9 18:31 ..
-rwxrwxr-x 1 wurml wurml 0 Dec 9 18:53 httpdtest.html
-rwxrwxr-x 1 wurml wurml 7 Dec 9 18:41 index.html
-rwxrwxr-x 1 wurml wurml 0 Dec 9 18:48 test2.html
-rwxrwxr-x 1 wurml wurml 5 Dec 9 18:51 webtest.html
NOTE ALL CONTENTS OF httpdtest.html are gone !!!
analysis smbmount is VERY BROKEN
does not obey uid/gid permisions of files
sent to the samba server and totally erases data on
the next attempted write access to the server
TEST CASE TWO using cifs as you suggested...
//FOCUS/wurmlhtml /home/wurml/public_html/ \
cifs password=secret,uid=544,gid=545,file_mode=0775,dir_mode=0775,\
defaults,rw 0 0
[root@eclipse wurml]# mount //FOCUS/wurmlhtml
[root@eclipse wurml]# ls -la
total 15468
drwxr-xr-x 4 wurml wurml 4096 Dec 9 18:27 .
drwxr-xr-x 45 root root 4096 Dec 5 23:53 ..
drwxrwxr-x 12 wurml wurml 0 Dec 9 00:46 public_html
UMMM this concerns me NOTE the 0 file size on public_html
[root@eclipse wurml]# cd public_html/
[root@eclipse public_html]# ls -la
total 596
drwxrwxr-x 12 wurml wurml 0 Dec 9 00:46 .
drwxr-xr-x 4 wurml wurml 4096 Dec 9 18:27 ..
drwxrwxr-x 1 wurml wurml 0 Nov 30 09:53 admin
drwxrwxr-x 1 wurml wurml 0 Nov 21 01:51 archives
-rwxrwxr-x 1 wurml wurml 181 Nov 29 16:05 conv2unix.sh
-rwxrwxr-x 1 wurml wurml 356 Nov 28 14:15 DbTest.php
-rwxrwxr-x 1 wurml wurml 701 Nov 28 22:03 detail.php
drwxrwxr-x 1 wurml wurml 0 Dec 3 14:16 dtd
drwxrwxr-x 1 wurml wurml 0 Nov 29 14:42 imgs
drwxrwxr-x 1 wurml wurml 0 Nov 7 13:20 imgstmp
-rwxrwxr-x 1 wurml wurml 83 Dec 9 01:18 index.php
drwxrwxr-x 1 wurml wurml 0 May 26 2004 install
drwxrwxr-x 1 wurml wurml 0 May 26 2004 mp3s
-rwxrwxr-x 1 wurml wurml 1115 Nov 28 22:02 sect.php
-rwxrwxr-x 1 wurml wurml 1597 Nov 20 13:40 style.css
-rwxrwxr-x 1 wurml wurml 5 Nov 17 13:39 test.html
drwxrwxr-x 1 wurml wurml 0 Nov 21 12:15 tmpl8
drwxrwxr-x 1 wurml wurml 0 Nov 30 09:50 tools
-rwxrwxr-x 1 wurml wurml 448 Nov 29 12:10 tools.php
drwxrwxr-x 1 wurml wurml 0 Dec 9 18:53 usage
-rwxrwxr-x 1 wurml wurml 424 Nov 28 21:53 welcome.php
-rwxrwxr-x 1 wurml wurml 314710 Nov 20 23:34 wurML_inked-kgbmod.psd
-rwxrwxr-x 1 wurml wurml 200684 Nov 20 14:39 wurML_inked.psd
note the 0 file length on all dirs.
[root@eclipse public_html]# cd usage/
[root@eclipse usage]# ls -la
total 16
drwxrwxr-x 2 wurml wurml 0 Dec 9 18:53 .
drwxrwxr-x 12 wurml wurml 0 Dec 9 00:46 ..
-rwxrwxr-x 1 wurml wurml 0 Dec 9 18:53 httpdtest.html
-rwxrwxr-x 1 wurml wurml 7 Dec 9 18:41 index.html
-rwxrwxr-x 1 wurml wurml 0 Dec 9 18:48 test2.html
-rwxrwxr-x 1 wurml wurml 5 Dec 9 18:51 webtest.html
[root@eclipse usage]# echo testing >cifs.root.html
[root@eclipse usage]# echo testing >>cifs.root.html
[root@eclipse usage]# cat cifs.root.html
testing
testing
[root@eclipse usage]# echo cifstesting >> index.html
[root@eclipse usage]# ls -la
total 20
drwxrwxr-x 2 wurml wurml 0 Dec 9 19:06 .
drwxrwxr-x 12 wurml wurml 0 Dec 9 00:46 ..
-rw-r--r-- 1 wurml wurml 16 Dec 9 19:06 cifs.root.html
-rwxrwxr-x 1 wurml wurml 0 Dec 9 18:53 httpdtest.html
-rwxrwxr-x 1 wurml wurml 19 Dec 9 19:06 index.html
-rwxrwxr-x 1 wurml wurml 0 Dec 9 18:48 test2.html
-rwxrwxr-x 1 wurml wurml 5 Dec 9 18:51 webtest.html
[root@eclipse usage]# cat index.html
helpme
cifstesting
[root@eclipse usage]# su - httpd
-bash-2.05b$ cd ~wurml/public_html/usage/
-bash-2.05b$ ls -la
total 20
drwxrwxr-x 2 wurml wurml 0 Dec 9 19:06 .
drwxrwxr-x 12 wurml wurml 0 Dec 9 00:46 ..
-rw-r--r-- 1 wurml wurml 16 Dec 9 19:06 cifs.root.html
-rwxrwxr-x 1 wurml wurml 0 Dec 9 18:53 httpdtest.html
-rwxrwxr-x 1 wurml wurml 19 Dec 9 19:06 index.html
-rwxrwxr-x 1 wurml wurml 0 Dec 9 18:48 test2.html
-rwxrwxr-x 1 wurml wurml 5 Dec 9 18:51 webtest.html
-bash-2.05b$ echo httpdcifstesting >> index.html
-bash-2.05b$ cat index.html
helpme
cifstesting
httpdcifstesting
-bash-2.05b$ echo httpdcifstesting >> cifs.root.html
-bash: cifs.root.html: Permission denied
shouldnt that file have been created as 775 ??
it should TOTALY be returning 775 in the ls
because of the fmask and dmasks
OVERALL
in both cases attempting to connect to
any of this as the httpd server for web
service the following happens
going to
http://wurml.shadowplay.net
gives access to the contents of THAT dir
going to
http://wurml.shadowplay.net/usage/index.html
gives a 403 permission denied (?????)
even tho httpd IS allowed access to that directory
going to
http://wurml.shadowplay.net/imgs/wurML_inked-banner.jpg
returns the image.
I repeat that none of this was an issue
with a connection from RH9 samba client
to RH9 samba server even with the lack of
"unix extensions" in the samba.conf
the smb client preformed as if it was set to off
this is a major issue as various applications "touch"
manipulate and create files inside of several
directories. ie croned scritps etc and ALL are causing
input/output errors and loss of data on the samba server.
[Bulk move of FC2 bugs to Fedora Legacy. See <http://www.redhat.com/archives/fedora-announce-list/2005-April/msg00020.html>.] Kenneth -- can you confirm if this problem still exists in the samba-3.0.10-1.fc2 package (released ~ Dec 20, 2004)? Thanks. This doesn't seem to be important enough to fix just on its own, so mark it DEFER. |
