Hi Paulo, On 11/13/24 1:51 PM, Paulo Alcantara wrote:
Ralph Boehme <slow@xxxxxxxxx> writes:In my testing against with 6.11.5-300.fc41.x86_64 against Samba chmod is not working on a posix mount. I don't see an expected set-sd call with the S-1-5-88-3-mode SID, it seems the client is not considering to do this. mount options (all default beside explicitly requesting posix): //localhost/posix on /mnt/smb3unix type cifs (rw,relatime,vers=3.1.1,cache=strict,username=slow,uid=0,noforceuid,gid=0,noforcegid,addr=127.0.0.1,file_mode=0755,dir_mode=0755,soft,posix,posixpaths,serverino,mapposix,reparse=nfs,rsize=4194304,wsize=4194304,bsize=1048576,retrans=1,echo_interval=60,actimeo=1,closetimeo=1) Is this supposed to work?Yes, but this is broken for a while already. Samuel reported such problem at SDC 2023 but nobody fixed it yet.
ok, I got a bit farther. It seems the client needs the mount option modefromsid to use this. Why? It's not even documented in the manpage. For a posix mount the behaviour to send a chmod(mode) as SMB2-SETINFO(SD, S-1-5-88-3-mode) must be the default.
And then there's another problem. This commit from Ronny 0c6f4ebf8835d01866eb686d47578cde80097981 cifs: modefromsids must add an ACE for authenticated usersbreaks this against Samba as Samba requires that this special SD has only a single ACE with the magic SID S-1-5-88-3-mode in check_smb2_posix_chmod_ace():
if (psd->dacl->num_aces != 1) {
return false;
}
I'm not sure I fully understand the reasoning in the commit messages,
but I think a userspace chmod() should be mapped to an ACL with the
single magic ACE and nothing else. Server should treat these SDs special
int the way, that they will *only* apply the mode from the SID, the must
not apply this as an SD (ACL) in the filesystem and hence to make this
clear we assert psd->dacl->num_aces == 1.
Am I missing anything? Thoughts? Thanks! -slow
Attachment:
OpenPGP_signature.asc
Description: OpenPGP digital signature
