Bug 1962350

Summary: unprivileged user should be able to read-only to gencache.tdb instead of permission denied
Product: Red Hat Enterprise Linux 7 Reporter: Eugene Keck <ekeck>
Component: sambaAssignee: Andreas Schneider <asn>
Status: CLOSED WONTFIX QA Contact: sssd-qe <sssd-qe>
Severity: high Docs Contact:
Priority: high    
Version: 7.6CC: asn, dkarpele, gdeschner, jarrpa
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1831986 Environment:
Last Closed: 2021-07-07 09:48:43 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Eugene Keck 2021-05-19 19:37:46 UTC 
Description of problem:
unprivileged user should be able to read-only to gencache.tdb instead of permission denied

Version-Release number of selected component (if applicable):
4.10.16-13.el7_9 

How reproducible:
Always

Steps to Reproduce:
1. su - user
2. net ads status

Actual results:
Work

Expected results:
tdb(/var/lib/samba/lock/gencache.tdb): tdb_open_ex: could not open file /var/lib/samba/lock/gencache.tdb: Permission denied

Additional info:
This might be a regression of 

unprivileged user should be able to read-only to gencache.tdb instead of permission denied
 https://bugzilla.redhat.com/show_bug.cgi?id=1831986

# ls -lZ /var/lib/samba/lock/
-rw-r--r-- root root ?                                brlock.tdb
-rw-r--r-- root root ?                                gencache.tdb
-rw-r--r-- root root ?                                leases.tdb
-rw-r--r-- root root ?                                locking.tdb
drwxr-xr-x root root ?                                msg.lock
-rw-rw---- root root ?                                names.tdb
-rw-r--r-- root root ?                                printer_list.tdb
-rw------- root root ?                                smbXsrv_client_global.tdb
-rw------- root root ?                                smbXsrv_open_global.tdb
-rw------- root root ?                                smbXsrv_session_global.tdb
-rw------- root root ?                                smbXsrv_tcon_global.tdb
-rw------- root root ?                                smbXsrv_version_global.tdb
-rw-r--r-- root root ?                                smbd_cleanupd.tdb

# rpm -V samba-common
S.5....T.  c /etc/samba/smb.conf

# rpm -V filesystem
#
Comment 3 Andreas Schneider 2021-07-07 09:48:43 UTC 
This is a RFE. This is an improvement as there is not bug it if can't access the gencache.

This has been addressed in RHEL8, see https://bugzilla.redhat.com/show_bug.cgi?id=1859277