Bug 283381

Summary: Upgrading to samba-3.0.25c-0.fc7 breaks ACLs
Product: [Fedora] Fedora Reporter: Ted Staberow <tstab>
Component: sambaAssignee: Simo Sorce <ssorce>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 7CC: gdeschner, triage, zing
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-05-14 15:04:08 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ted Staberow 2007-09-08 02:11:51 UTC
Description of problem:
Proper POSIX ACL operation breaks after upgrading to samba-3.0.25c-0.fc7 from
samba-3.0.25b-2.fc7.

Version-Release number of selected component (if applicable):
samba-3.0.25c-0.fc7

How reproducible:
Upgrade to samba-3.0.25c-0.fc7 on a server that uses ACLs and authentication
through winbind.  

Steps to Reproduce:
1.
2.
3.
  
Actual results:
When edited using a Windows client, child directories automatically inherit ALL
ALCs from their parents regardless of the state of the Samba inherit options. 
After that, the inherited ACLs cannot be removed using a Windows client unless
they are removed from the parent first.  ACLs applied to the share directory
will set but cannot be removed using Windows.  All ACLs can be removed from the
command line but are immediately reapplied if any part of the ACL is edited from
Windows.

Expected results:
Child directories should only inherit ACLs if the inherit ACL option is used. 
Inherited ACLs should be editable via a Windows client independently from their
parents.  ACLs set on a share via Windows should be changeable after the fact.

Additional info:
When I downgraded to the previous version of Samba, proper ACL function was
restored.  Please feel free to contact me if my description sucks.  Maybe I will
need to explain it better.

Comment 1 Ted Staberow 2007-09-08 15:31:51 UTC
I just noticed that my syslog is filled with messages like this...

smbd(smb_panic+0x5d) [0x80244bad]   #2 smbd [0x801e6510]   #3
smbd(talloc_free+0x1c1) [0x80229831]   #4 smbd(open_file_ntcreate+0xae7)
[0x800b12d7]   #5 smbd(reply_ntcreate_and_X+0xf2a) [0x80078d6[2007/09/07
11:35:49, 0] lib/fault.c:dump_core(181)  dumping core in
/var/log/samba/cores/smbd : 1 Time(s)

Comment 2 Simo Sorce 2007-09-08 16:57:54 UTC
I am investigating, can you please provide your smb.conf so that I can try to
reproduce the same environment ?

Comment 3 Ted Staberow 2007-09-08 18:20:14 UTC
Here is our smb.conf.  This is our normal setup.  I turned off "inherit acls"
while testing but it had no effect.  We actually have more shares that what is
shown here.  I left them out for brevity.  They are otherhwise identically
configured.

[global]
        workgroup = D45
        server string = Jefferson Server
        interfaces = eth0
        bind interfaces only = Yes
        security = DOMAIN
        passdb backend = tdbsam
        log file = /var/log/samba/log.%m
        max log size = 50
        preferred master = No
        local master = No
        domain master = No
        wins server = 10.45.0.1
        ldap ssl = no
        idmap uid = 16777216-33554431
        idmap gid = 16777216-33554431
        winbind use default domain = Yes
        admin users = d45\admin
        ea support = Yes
        cups options = raw

[printers]
        comment = All Printers
        path = /var/spool/samba
        printable = Yes
        browseable = No

[Userfolders]
        comment = User Data
        path = /opt/UserFolders
        inherit permissions = Yes
        inherit acls = Yes
        inherit owner = Yes


Comment 4 Ted Staberow 2007-09-08 18:23:34 UTC
I suppose I should also add that our F7 installation has all current updates.

Comment 5 Bug Zapper 2008-05-14 14:17:53 UTC
This message is a reminder that Fedora 7 is nearing the end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 7. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '7'.

Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 7's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 7 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug. If you are unable to change the version, please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. If possible, it is recommended that you try the newest available Fedora distribution to see if your bug still exists.

Please read the Release Notes for the newest Fedora distribution to make sure it will meet your needs:
http://docs.fedoraproject.org/release-notes/

The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Comment 6 Simo Sorce 2008-05-14 15:04:08 UTC
Should be fixed since long now.