On Fri, 2012-10-26 at 09:36 +0200, Olivier BILHAUT wrote: > Hi Andrew, Hi Alex, > > Pleased to see that you figured this out. > We've got exactly the same problem from a blank provisioned domain (not > a migration), with a setup with 2 gpo. (Ubuntu 12.04 - S4 rc3). > Since our instance is in a semi-production environment, we'll wait for > your fix. But if needed, we could give you more level 10 logs. > > Note that when the sysvolreset is launched and that sysvolcheck returns > no errors, then the windows clients can't "gpupdate" anymore on some gpo. > Note also that when syslvolreset isn't launched at S4 update, the > sysvolcheck command return the Alex's error but the client can update > their gpo.
This I think is the umask issue I addressed with this patch. A sysvolreset with this patch applied should fix that. steve noticed that permissions were missing from the posix ACL that was generated. (this patch is in master) Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org
>From 88df69b860c3d503846872d7624cd38f969185a7 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett <[email protected]> Date: Fri, 26 Oct 2012 14:22:07 +1100 Subject: [PATCH 2/3] pysmbd: Set umask to 0 during smbd operations --- source3/smbd/pysmbd.c | 43 ++++++++++++++++++++++++++++++++++--------- 1 file changed, 34 insertions(+), 9 deletions(-) diff --git a/source3/smbd/pysmbd.c b/source3/smbd/pysmbd.c index 2767c11..e7bef8a 100644 --- a/source3/smbd/pysmbd.c +++ b/source3/smbd/pysmbd.c @@ -43,6 +43,7 @@ static NTSTATUS set_sys_acl_no_snum(const char *fname, connection_struct *conn; NTSTATUS status = NT_STATUS_OK; int ret; + mode_t saved_umask; conn = talloc_zero(NULL, connection_struct); if (conn == NULL) { @@ -56,6 +57,10 @@ static NTSTATUS set_sys_acl_no_snum(const char *fname, return NT_STATUS_NO_MEMORY; } + /* we want total control over the permissions on created files, + so set our umask to 0 */ + saved_umask = umask(0); + conn->params->service = -1; set_conn_connectpath(conn, "/"); @@ -69,6 +74,8 @@ static NTSTATUS set_sys_acl_no_snum(const char *fname, "returned zero.\n")); } + umask(saved_umask); + conn_free(conn); return status; @@ -83,9 +90,16 @@ static NTSTATUS set_nt_acl_no_snum(const char *fname, files_struct *fsp; struct smb_filename *smb_fname = NULL; int flags; + mode_t saved_umask; + + if (!posix_locking_init(false)) { + TALLOC_FREE(frame); + return NT_STATUS_NO_MEMORY; + } conn = talloc_zero(frame, connection_struct); if (conn == NULL) { + TALLOC_FREE(frame); DEBUG(0, ("talloc failed\n")); return NT_STATUS_NO_MEMORY; } @@ -96,15 +110,6 @@ static NTSTATUS set_nt_acl_no_snum(const char *fname, return NT_STATUS_NO_MEMORY; } - conn->params->service = -1; - - set_conn_connectpath(conn, "/"); - - smbd_vfs_init(conn); - if (!posix_locking_init(false)) { - return NT_STATUS_NO_MEMORY; - } - fsp = talloc_zero(frame, struct files_struct); if (fsp == NULL) { TALLOC_FREE(frame); @@ -117,10 +122,21 @@ static NTSTATUS set_nt_acl_no_snum(const char *fname, } fsp->conn = conn; + /* we want total control over the permissions on created files, + so set our umask to 0 */ + saved_umask = umask(0); + + conn->params->service = -1; + + set_conn_connectpath(conn, "/"); + + smbd_vfs_init(conn); + status = create_synthetic_smb_fname_split(fsp, fname, NULL, &smb_fname); if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(frame); + umask(saved_umask); return status; } @@ -140,6 +156,7 @@ static NTSTATUS set_nt_acl_no_snum(const char *fname, if (fsp->fh->fd == -1) { printf("open: error=%d (%s)\n", errno, strerror(errno)); TALLOC_FREE(frame); + umask(saved_umask); return NT_STATUS_UNSUCCESSFUL; } @@ -153,6 +170,7 @@ static NTSTATUS set_nt_acl_no_snum(const char *fname, conn_free(conn); TALLOC_FREE(frame); + umask(saved_umask); return status; } @@ -297,6 +315,7 @@ static PyObject *py_smbd_chown(PyObject *self, PyObject *args) char *fname; int uid, gid; TALLOC_CTX *frame; + mode_t saved_umask; if (!PyArg_ParseTuple(args, "sii", &fname, &uid, &gid)) return NULL; @@ -314,6 +333,10 @@ static PyObject *py_smbd_chown(PyObject *self, PyObject *args) return NULL; } + /* we want total control over the permissions on created files, + so set our umask to 0 */ + saved_umask = umask(0); + conn->params->service = -1; set_conn_connectpath(conn, "/"); @@ -326,6 +349,8 @@ static PyObject *py_smbd_chown(PyObject *self, PyObject *args) DEBUG(0,("chown returned failure: %s\n", strerror(errno))); } + umask(saved_umask); + conn_free(conn); TALLOC_FREE(frame); -- 1.7.11.7
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
