Red Hat Bugzilla – Bug 283381
Upgrading to samba-3.0.25c-0.fc7 breaks ACLs
Last modified: 2008-05-14 11:04:08 EDT
Description of problem:
Proper POSIX ACL operation breaks after upgrading to samba-3.0.25c-0.fc7 from
Version-Release number of selected component (if applicable):
Upgrade to samba-3.0.25c-0.fc7 on a server that uses ACLs and authentication
Steps to Reproduce:
When edited using a Windows client, child directories automatically inherit ALL
ALCs from their parents regardless of the state of the Samba inherit options.
After that, the inherited ACLs cannot be removed using a Windows client unless
they are removed from the parent first. ACLs applied to the share directory
will set but cannot be removed using Windows. All ACLs can be removed from the
command line but are immediately reapplied if any part of the ACL is edited from
Child directories should only inherit ACLs if the inherit ACL option is used.
Inherited ACLs should be editable via a Windows client independently from their
parents. ACLs set on a share via Windows should be changeable after the fact.
When I downgraded to the previous version of Samba, proper ACL function was
restored. Please feel free to contact me if my description sucks. Maybe I will
need to explain it better.
I just noticed that my syslog is filled with messages like this...
smbd(smb_panic+0x5d) [0x80244bad] #2 smbd [0x801e6510] #3
smbd(talloc_free+0x1c1) [0x80229831] #4 smbd(open_file_ntcreate+0xae7)
[0x800b12d7] #5 smbd(reply_ntcreate_and_X+0xf2a) [0x80078d6[2007/09/07
11:35:49, 0] lib/fault.c:dump_core(181) dumping core in
/var/log/samba/cores/smbd : 1 Time(s)
I am investigating, can you please provide your smb.conf so that I can try to
reproduce the same environment ?
Here is our smb.conf. This is our normal setup. I turned off "inherit acls"
while testing but it had no effect. We actually have more shares that what is
shown here. I left them out for brevity. They are otherhwise identically
workgroup = D45
server string = Jefferson Server
interfaces = eth0
bind interfaces only = Yes
security = DOMAIN
passdb backend = tdbsam
log file = /var/log/samba/log.%m
max log size = 50
preferred master = No
local master = No
domain master = No
wins server = 10.45.0.1
ldap ssl = no
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
winbind use default domain = Yes
admin users = d45\admin
ea support = Yes
cups options = raw
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
comment = User Data
path = /opt/UserFolders
inherit permissions = Yes
inherit acls = Yes
inherit owner = Yes
I suppose I should also add that our F7 installation has all current updates.
This message is a reminder that Fedora 7 is nearing the end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 7. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '7'.
Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 7's end of life.
Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 7 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug. If you are unable to change the version, please add a comment here and someone will do it for you.
Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. If possible, it is recommended that you try the newest available Fedora distribution to see if your bug still exists.
Please read the Release Notes for the newest Fedora distribution to make sure it will meet your needs:
The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Should be fixed since long now.