Bug 1274699 - getcifsacl output differs in rhel7.2
getcifsacl output differs in rhel7.2
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: samba (Show other bugs)
7.4
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Andreas Schneider
Robin Hack
:
Depends On:
Blocks: 1472751
  Show dependency treegraph
 
Reported: 2015-10-23 08:05 EDT by Steeve Goveas
Modified: 2018-04-25 03:37 EDT (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2018-03-28 09:08:04 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Samba logs on rhel7.1 (164.99 KB, application/x-gzip)
2015-10-24 11:35 EDT, Steeve Goveas
no flags Details
samba logs on rhel7.2 (152.60 KB, application/x-gzip)
2015-10-24 11:36 EDT, Steeve Goveas
no flags Details

  None (edit)
Description Steeve Goveas 2015-10-23 08:05:25 EDT
Description of problem:
getcifsacl gives expected output, i.e aduser sid or name resolution when samba server is rhel7.1, but gives a different output when samba server is rhel7.2

Version-Release number of selected component (if applicable):
samba-4.2.3-7.el7.x86_64 on rhel 7.2

works with
samba-4.1.12-21.el7_1.x86_64 on rhel7.1
 
How reproducible:
always

Steps to Reproduce:
1.
2.
3.

Actual results:

:: :: [  BEGIN   ] :: Running 'getcifsacl -r /mnt/samba/share1/testfile.660.1.txt|grep 'ACL:S-1-5-21-988729707-3926255045-3384196396-30422:0x0/0x0/0x12019f''
:: [   FAIL   ] :: Command 'getcifsacl -r /mnt/samba/share1/testfile.660.1.txt|grep 'ACL:S-1-5-21-988729707-3926255045-3384196396-30422:0x0/0x0/0x12019f'' (Expected 0, got 1)
:: [  BEGIN   ] :: Running 'getcifsacl /mnt/samba/share1/testfile.660.1.txt'
REVISION:0x1
CONTROL:0x9004
OWNER:S-1-22-1-966430422
GROUP:S-1-22-2-966400513
ACL:S-1-22-1-966430422:ALLOWED/0x0/RW
ACL:S-1-22-2-966400513:ALLOWED/0x0/RW
ACL:Everyone@WORLD AUTHORITY:ALLOWED/0x0/[  BEGIN   ] :: Running 'getcifsacl -r /mnt/samba/share1/testfile.660.1.txt|grep 'ACL:S-1-5-21-988729707-3926255045-3384196396-30422:0x0/0x0/0x12019f''
:: [   FAIL   ] :: Command 'getcifsacl -r /mnt/samba/share1/testfile.660.1.txt|grep 'ACL:S-1-5-21-988729707-3926255045-3384196396-30422:0x0/0x0/0x12019f'' (Expected 0, got 1)
:: [  BEGIN   ] :: Running 'getcifsacl /mnt/samba/share1/testfile.660.1.txt'
REVISION:0x1
CONTROL:0x9004
OWNER:S-1-22-1-966430422
GROUP:S-1-22-2-966400513
ACL:S-1-22-1-966430422:ALLOWED/0x0/RW
ACL:S-1-22-2-966400513:ALLOWED/0x0/RW
ACL:Everyone@WORLD AUTHORITY:ALLOWED/0x0/


Expected results:
:: [ :: [  BEGIN   ] :: Running 'getcifsacl -r /mnt/samba/share1/testfile.660.1.txt|grep 'ACL:S-1-5-21-988729707-3926255045-3384196396-30446:0x0/0x0/0x12019f''
ACL:S-1-5-21-988729707-3926255045-3384196396-30446:0x0/0x0/0x12019f
:: [   PASS   ] :: Command 'getcifsacl -r /mnt/samba/share1/testfile.660.1.txt|grep 'ACL:S-1-5-21-988729707-3926255045-3384196396-30446:0x0/0x0/0x12019f'' (Expected 0, got 0)
:: [  BEGIN   ] :: Running 'getcifsacl /mnt/samba/share1/testfile.660.1.txt'
REVISION:0x1
CONTROL:0x9004
OWNER:smbuser01-1123940@sssdad2012r2.com
GROUP:domain users@sssdad2012r2.com
ACL:smbuser01-1123940@sssdad2012r2.com:ALLOWED/0x0/RW
ACL:domain users@sssdad2012r2.com:ALLOWED/0x0/RW
ACL:Everyone@WORLD AUTHORITY:ALLOWED/0x0/ BEGIN   ] :: Running 'getcifsacl -r /mnt/samba/share1/testfile.660.1.txt|grep 'ACL:S-1-5-21-988729707-3926255045-3384196396-30446:0x0/0x0/0x12019f''
ACL:S-1-5-21-988729707-3926255045-3384196396-30446:0x0/0x0/0x12019f
:: [   PASS   ] :: Command 'getcifsacl -r /mnt/samba/share1/testfile.660.1.txt|grep 'ACL:S-1-5-21-988729707-3926255045-3384196396-30446:0x0/0x0/0x12019f'' (Expected 0, got 0)
:: [  BEGIN   ] :: Running 'getcifsacl /mnt/samba/share1/testfile.660.1.txt'
REVISION:0x1
CONTROL:0x9004
OWNER:smbuser01-1123940@sssdad2012r2.com
GROUP:domain users@sssdad2012r2.com
ACL:smbuser01-1123940@sssdad2012r2.com:ALLOWED/0x0/RW
ACL:domain users@sssdad2012r2.com:ALLOWED/0x0/RW
ACL:Everyone@WORLD AUTHORITY:ALLOWED/0x0/

Additional info:
Comment 5 Steeve Goveas 2015-10-24 11:35 EDT
Created attachment 1086099 [details]
Samba logs on rhel7.1
Comment 6 Steeve Goveas 2015-10-24 11:36 EDT
Created attachment 1086102 [details]
samba logs on rhel7.2
Comment 10 Andreas Schneider 2017-08-23 07:19:03 EDT
I'm not able to reproduce this issue. We get the same behaviour from 4.0.10 to master ...



linux-2f0k:~/samba-upstream # tail /etc/samba/smb.conf
    path = /srv/share
    read only = No
 
[thedata]
    inherit acls = Yes
    path = /data2
    read only = No
    vfs objects = acl_xattr
    map acl inherit = yes
    store dos attributes = yes
linux-2f0k:~/samba-upstream # mount | grep CIFS
//linux-2f0k/thedata on /CIFS type cifs (rw,relatime,vers=1.0,cache=strict,username=domain2test,domain=TESTDOMAIN1,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.100.130,file_mode=0755,dir_mode=0755,nounix,serverino,mapposix,rsize=61440,wsize=65536,actimeo=1)
linux-2f0k:~/samba-upstream # smbd --version
Version 4.0.10
linux-2f0k:~/samba-upstream # getfacl /data2/file.txt
getfacl: Removing leading '/' from absolute path names
# file: data2/file.txt
# owner: TESTDOMAIN1\134administrator
# group: TESTDOMAIN1\134domain\040users
user::rw-
group::r--
other::r--
 
linux-2f0k:~/samba-upstream # smbcacls --version
Version 4.0.10
linux-2f0k:~/samba-upstream # smbcacls -UAdministrator%pass123 //localhost/thedata file.txt
REVISION:1
CONTROL:SR|DP
OWNER:TESTDOMAIN1\administrator
GROUP:TESTDOMAIN1\Domain Users
ACL:TESTDOMAIN1\administrator:ALLOWED/0x0/RWDPO
ACL:TESTDOMAIN1\Domain Users:ALLOWED/0x0/R
ACL:Everyone:ALLOWED/0x0/R
linux-2f0k:~/samba-upstream # getcifsacl -r /CIFS/file.txt
REVISION:0x1
CONTROL:0x8004
OWNER:S-1-5-21-2631861994-2570104940-3658330153-500
GROUP:S-1-5-21-2631861994-2570104940-3658330153-513
ACL:S-1-5-21-2631861994-2570104940-3658330153-500:0x0/0x0/0x1f019f
ACL:S-1-5-21-2631861994-2570104940-3658330153-513:0x0/0x0/0x120089
ACL:S-1-1-0:0x0/0x0/0x120089
linux-2f0k:~/samba-upstream # smbcacls --numeric -UAdministrator%pass123 //localhost/thedata file.txt
REVISION:1
CONTROL:0x8004
OWNER:S-1-5-21-2631861994-2570104940-3658330153-500
GROUP:S-1-5-21-2631861994-2570104940-3658330153-513
ACL:S-1-5-21-2631861994-2570104940-3658330153-500:0/0x0/0x001f019f
ACL:S-1-5-21-2631861994-2570104940-3658330153-513:0/0x0/0x00120089
ACL:S-1-1-0:0/0x0/0x00120089
Comment 12 Andreas Schneider 2018-02-15 07:06:30 EST
Does this work with RHEL 7.4 and RHEL 7.5? Could you test that we can close this?
Comment 13 Steeve Goveas 2018-02-18 23:28:54 EST
Re-directing needinfo on Niranjan since he looks into these tests.
Comment 14 Andreas Schneider 2018-03-06 08:05:22 EST
Niranjan?
Comment 15 Niranjan Mallapadi Raghavender 2018-03-06 11:12:24 EST
On RHEL7.5 with samba-4.7.1-6.el7.x86_64 version i could not reproduce the issue that was reported. 


[root@bkr-hv02-guest25 samba]# getcifsacl -r /test1/testdir/testfile1.txt
REVISION:0x1
CONTROL:0x9004
OWNER:S-1-5-21-1570576923-412772934-562026323-6416
GROUP:S-1-5-21-1570576923-412772934-562026323-7420
ACL:S-1-5-21-1570576923-412772934-562026323-6416:0x0/0x0/0x12019f
ACL:S-1-5-21-1570576923-412772934-562026323-7420:0x0/0x0/0x120089
ACL:S-1-1-0:0x0/0x0/0x120089

Note You need to log in before you can comment on or make changes to this bug.