Bug 283381 - Upgrading to samba-3.0.25c-0.fc7 breaks ACLs
Upgrading to samba-3.0.25c-0.fc7 breaks ACLs
Product: Fedora
Classification: Fedora
Component: samba (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Simo Sorce
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2007-09-07 22:11 EDT by Ted Staberow
Modified: 2008-05-14 11:04 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-05-14 11:04:08 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Ted Staberow 2007-09-07 22:11:51 EDT
Description of problem:
Proper POSIX ACL operation breaks after upgrading to samba-3.0.25c-0.fc7 from

Version-Release number of selected component (if applicable):

How reproducible:
Upgrade to samba-3.0.25c-0.fc7 on a server that uses ACLs and authentication
through winbind.  

Steps to Reproduce:
Actual results:
When edited using a Windows client, child directories automatically inherit ALL
ALCs from their parents regardless of the state of the Samba inherit options. 
After that, the inherited ACLs cannot be removed using a Windows client unless
they are removed from the parent first.  ACLs applied to the share directory
will set but cannot be removed using Windows.  All ACLs can be removed from the
command line but are immediately reapplied if any part of the ACL is edited from

Expected results:
Child directories should only inherit ACLs if the inherit ACL option is used. 
Inherited ACLs should be editable via a Windows client independently from their
parents.  ACLs set on a share via Windows should be changeable after the fact.

Additional info:
When I downgraded to the previous version of Samba, proper ACL function was
restored.  Please feel free to contact me if my description sucks.  Maybe I will
need to explain it better.
Comment 1 Ted Staberow 2007-09-08 11:31:51 EDT
I just noticed that my syslog is filled with messages like this...

smbd(smb_panic+0x5d) [0x80244bad]   #2 smbd [0x801e6510]   #3
smbd(talloc_free+0x1c1) [0x80229831]   #4 smbd(open_file_ntcreate+0xae7)
[0x800b12d7]   #5 smbd(reply_ntcreate_and_X+0xf2a) [0x80078d6[2007/09/07
11:35:49, 0] lib/fault.c:dump_core(181)  dumping core in
/var/log/samba/cores/smbd : 1 Time(s)
Comment 2 Simo Sorce 2007-09-08 12:57:54 EDT
I am investigating, can you please provide your smb.conf so that I can try to
reproduce the same environment ?
Comment 3 Ted Staberow 2007-09-08 14:20:14 EDT
Here is our smb.conf.  This is our normal setup.  I turned off "inherit acls"
while testing but it had no effect.  We actually have more shares that what is
shown here.  I left them out for brevity.  They are otherhwise identically

        workgroup = D45
        server string = Jefferson Server
        interfaces = eth0
        bind interfaces only = Yes
        security = DOMAIN
        passdb backend = tdbsam
        log file = /var/log/samba/log.%m
        max log size = 50
        preferred master = No
        local master = No
        domain master = No
        wins server =
        ldap ssl = no
        idmap uid = 16777216-33554431
        idmap gid = 16777216-33554431
        winbind use default domain = Yes
        admin users = d45\admin
        ea support = Yes
        cups options = raw

        comment = All Printers
        path = /var/spool/samba
        printable = Yes
        browseable = No

        comment = User Data
        path = /opt/UserFolders
        inherit permissions = Yes
        inherit acls = Yes
        inherit owner = Yes
Comment 4 Ted Staberow 2007-09-08 14:23:34 EDT
I suppose I should also add that our F7 installation has all current updates.
Comment 5 Bug Zapper 2008-05-14 10:17:53 EDT
This message is a reminder that Fedora 7 is nearing the end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 7. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '7'.

Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 7's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 7 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug. If you are unable to change the version, please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. If possible, it is recommended that you try the newest available Fedora distribution to see if your bug still exists.

Please read the Release Notes for the newest Fedora distribution to make sure it will meet your needs:

The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 6 Simo Sorce 2008-05-14 11:04:08 EDT
Should be fixed since long now.

Note You need to log in before you can comment on or make changes to this bug.