Hi Jerrry ----- Original Message ----- From: "Gerald (Jerry) Carter" <[EMAIL PROTECTED]> To: "H.Kitagawa" <[EMAIL PROTECTED]> Cc: <[email protected]> Sent: Tuesday, January 30, 2007 2:05 PM Subject: Re: [Samba] Samba ACL bug?
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hiro, > > > [EMAIL PROTECTED] pub]# getfacl testfolder > > # file: testfolder > > # owner: [EMAIL PROTECTED] > > # group: [EMAIL PROTECTED] > > user::rwx > > mask::rwx > > mask::rwx > > other::--- > > Any idea why the mask listed twice here. I do not understand the reason why the mask is listed two times. > What file system is this? We are using vxfs(VERITAS). > > > default:user::rwx > > default:group::rwx > > default:group:[EMAIL PROTECTED]:rwx > > default:mask::rwx > > default:other::--- > > > > Then, the member of the Domain Users group became inaccessible > > the folder. > > > > The default aces are not used to determine access to a folder. > Only for files and subfolders created within the directory. > So that shouldn't make any difference. I would suggest > looking at a level 10 debug log from smbd and seeing > the root cause of the ACCESS_DENIED error. > I gathered the log with leve10. LOG1. It is a log when accessing it from the this server. [EMAIL PROTECTED] pub]# smbclient '//sambaSV/SMBpublic' -U fjsv003 Password: Domain=[KITA] OS=[Unix] Server=[Samba 3.0.21b-2] smb: \> cd testfolder smb: \testfolder\> ls NT_STATUS_ACCESS_DENIED listing \testfolder\* [2007/01/30 14:55:59, 5] smbd/uid.c:change_to_user(309) change_to_user uid=(10002,10002) gid=(0,10000) [2007/01/30 14:55:59, 3] smbd/trans2.c:call_trans2findfirst(1632) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=0, close_if_end = 2 requires_resume_key = 4 l evel = 0x104, max_data_bytes = 16644 [2007/01/30 14:55:59, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "testfolder/*" [2007/01/30 14:55:59, 10] smbd/statcache.c:stat_cache_lookup(215) stat_cache_lookup: lookup failed for name [TESTFOLDER/*] [2007/01/30 14:55:59, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [TESTFOLDER] -> [testfolder] [2007/01/30 14:55:59, 5] smbd/filename.c:unix_convert(185) unix_convert begin: name = testfolder/*, dirpath = testfolder, start = * [2007/01/30 14:55:59, 10] smbd/mangle_hash2.c:is_mangled(276) is_mangled * ? [2007/01/30 14:55:59, 10] smbd/mangle_hash2.c:is_mangled_component(215) is_mangled_component * (len 1) ? [2007/01/30 14:55:59, 10] smbd/mangle_hash2.c:is_mangled(276) is_mangled * ? [2007/01/30 14:55:59, 10] smbd/mangle_hash2.c:is_mangled_component(215) is_mangled_component * (len 1) ? [2007/01/30 14:55:59, 5] smbd/filename.c:unix_convert(335) New file * [2007/01/30 14:55:59, 5] smbd/trans2.c:call_trans2findfirst(1688) dir=testfolder, mask = * [2007/01/30 14:55:59, 5] smbd/dir.c:dptr_create(391) dptr_create dir=testfolder [2007/01/30 14:55:59, 5] smbd/dir.c:OpenDir(1033) OpenDir: Can't open testfolder. Permission denied 2007/01/30 14:55:59, 3] smbd/error.c:unix_error_packet(90) unix_error_packet: error string = Permission denied [2007/01/30 14:55:59, 3] smbd/error.c:error_packet(146) error packet at smbd/trans2.c(1742) cmd=50 (SMBtrans2) NT_STATUS_ACCESS_DENIED LOG2. This is a log when accessing it from the Windows client. [2007/01/30 15:03:33, 3] smbd/process.c:switch_message(993) switch message SMBntcreateX (pid 6872) conn 0xa06d258 [2007/01/30 15:03:33, 4] smbd/uid.c:change_to_user(222) change_to_user: Skipping user change - already user [2007/01/30 15:03:33, 10] smbd/nttrans.c:reply_ntcreate_and_X(506) reply_ntcreateX: flags = 0x16, access_mask = 0x20089 file_attributes = 0x80, share_access = 0x7, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0 [2007/01/30 15:03:33, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "testfolder" [2007/01/30 15:03:33, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [TESTFOLDER] -> [testfolder] [2007/01/30 15:03:33, 2] smbd/dosmode.c:unix_mode(70) unix_mode(testfolder) inheriting from . [2007/01/30 15:03:33, 2] smbd/dosmode.c:unix_mode(78) unix_mode(testfolder) inherit mode 40770 [2007/01/30 15:03:33, 3] smbd/dosmode.c:unix_mode(121) unix_mode(testfolder) returning 0760 [2007/01/30 15:03:33, 10] smbd/open.c:open_file_ntcreate(1110) open_file_ntcreate: fname=testfolder, dos_attrs=0x80 access_mask=0x20089 share_access=0x7 create_disposition = 0x1 cre ate_options=0x0 unix mode=0760 oplock_request=3 [2007/01/30 15:03:33, 8] smbd/dosmode.c:dos_mode(300) dos_mode: testfolder [2007/01/30 15:03:33, 8] smbd/dosmode.c:dos_mode_from_sbuf(167) dos_mode_from_sbuf returning d [2007/01/30 15:03:33, 8] smbd/dosmode.c:dos_mode(334) dos_mode returning d [2007/01/30 15:03:33, 10] smbd/open.c:open_file_ntcreate(1278) open_file_ntcreate: fname=testfolder, after mapping access_mask=0x20089 [2007/01/30 15:03:33, 5] smbd/files.c:file_new(128) allocated file structure 537, fnum = 4633 (2 used) [2007/01/30 15:03:33, 4] smbd/open.c:open_file_ntcreate(1509) calling open_file with flags=0x0 flags2=0x0 mode=0760 [2007/01/30 15:03:33, 10] smbd/open.c:fd_open(55) fd_open: name testfolder, flags = 00 mode = 0760, fd = -1. Permission denied [2007/01/30 15:03:33, 3] smbd/open.c:open_file(294) Error opening file testfolder (Permission denied) (local_flags=0) (flags=0) [2007/01/30 15:03:33, 5] smbd/files.c:file_free(450) freed files structure 4633 (1 used) [2007/01/30 15:03:33, 10] smbd/trans2.c:set_bad_path_error(2621) set_bad_path_error: err = 13 bad_path = 0 [2007/01/30 15:03:33, 3] smbd/error.c:unix_error_packet(90) unix_error_packet: error string = Permission denied [2007/01/30 15:03:33, 3] smbd/error.c:error_packet(146) error packet at smbd/trans2.c(2630) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED Are more a lot of logs necessary? > > > > cheers, jerry > ===================================================================== > Samba ------- http://www.samba.org > Centeris ----------- http://www.centeris.com > "What man is a man who does not make the world better?" --Balian > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2.2 (Darwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFFvtIrIR7qMdg1EfYRAk1HAJ4wN/V2dOtksgEDGoVKZhdCNHMyegCgrxFF > gWbdDPOh+8JwxrxRBtPt3oA= > =MRuR > -----END PGP SIGNATURE----- > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
