Project

General

Profile

Bug #13336

Configure "map readonly = no" as a default global parameter for smb4.conf

Added by an odos over 4 years ago. Updated about 4 years ago.

Status:
Closed: Not To Be Fixed
Priority:
Nice to have
Assignee:
John Hixson
Category:
OS
Target version:
Severity:
New
Reason for Closing:
Reason for Blocked:
Needs QA:
Yes
Needs Doc:
Yes
Needs Merging:
Yes
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

This is a problem I've observed related to how "store dos attributes" interacts with samba and ZFS ACLs.

For various reasons, a file or folder may end up with "owner@" having no permissions. Example:

# file: SKMBT_C22016012513440.pdf
# owner: CORP\scanner
# group: CORP\domain users
group:CORP\administrator:rwxpDdaARWcCo-:------:allow
            group@:rwxpDda-R-cCo-:------:allow

By default, most files do not have a DOSATTRIB extended attribute generated for them. When the DOSATTRIB xattr is missing, samba will use the owner@ ACE to determine whether the file is "read-only". Since owner@ does not have permissions in the above file, samba will mark it "read-only". I believe this behavior is generally undesirable. It is also easily avoided by disabling this mapping function. Note, I have not had time to thoroughly investigate this. It is conjecture based on problems observed in IRC and in the forums, but it seems consistent with samba documentation.

History

#1 Updated by John Hixson over 4 years ago

  • Status changed from Unscreened to Closed: Not To Be Fixed
  • Priority changed from No priority to Nice to have
  • Target version set to 261

an odos wrote:

This is a problem I've observed related to how "store dos attributes" interacts with samba and ZFS ACLs.

For various reasons, a file or folder may end up with "owner@" having no permissions. Example:
[...]

By default, most files do not have a DOSATTRIB extended attribute generated for them. When the DOSATTRIB xattr is missing, samba will use the owner@ ACE to determine whether the file is "read-only". Since owner@ does not have permissions in the above file, samba will mark it "read-only". I believe this behavior is generally undesirable. It is also easily avoided by disabling this mapping function. Note, I have not had time to thoroughly investigate this. It is conjecture based on problems observed in IRC and in the forums, but it seems consistent with samba documentation.

Extended attributes are written when dos attributes are set. As for "When the DOSATTRIB xattr is missing, samba will use the owner@ ACE to determine whether the file is "read-only", I'd like to know where this is docucumented, since I've never seen this nor can find any proof of this in the code. When read-only is set, the attribute is set. As for setting "map readonly = no", we set "store dos attributes = yes", which clearly states (about the map readonly attribute):

Note that this parameter will be ignored if the store dos attributes
parameter is set, as the DOS 'read-only' attribute will then be stored
inside a UNIX extended attribute.

#2 Avatar?id=14398&size=24x24 Updated by Kris Moore about 4 years ago

  • Target version changed from 261 to N/A

Also available in: Atom PDF