[Pkg-samba-maint] Bug#396226: samba: Messes up file permissions when POSIX ACLs are

Debian BTS debbugs at bugs.debian.org
Mon Oct 30 18:33:15 CET 2006 

available
Reply-To: John Goerzen <jgoerzen at complete.org>, 396226 at bugs.debian.org
Resent-From: John Goerzen <jgoerzen at complete.org>
Resent-To: debian-bugs-dist at lists.debian.org
Resent-CC: Debian Samba Maintainers <pkg-samba-maint at lists.alioth.debian.org>
Resent-Date: Mon, 30 Oct 2006 17:33:11 +0000
Resent-Message-ID: <handler.396226.B.116222846922270 at bugs.debian.org>
Resent-Sender: owner at bugs.debian.org
X-Debian-PR-Message: report 396226
X-Debian-PR-Package: samba
X-Debian-PR-Keywords: 
X-Debian-PR-Source: samba
Received: via spool by submit at bugs.debian.org id=B.116222846922270
          (code B ref -1); Mon, 30 Oct 2006 17:33:11 +0000
Received: (at submit) by bugs.debian.org; 30 Oct 2006 17:14:29 +0000
Received: from chatterbox.excelhustler.com ([69.44.136.69] helo=excelhustler.com)
	by spohr.debian.org with esmtp (Exim 4.50)
	id 1GeaiT-0005mQ-Da
	for submit at bugs.debian.org; Mon, 30 Oct 2006 09:14:29 -0800
Received: from ralph.internal.excelhustler.com ([192.168.0.8])
	by excelhustler.com with esmtp
	(Exim 4.50)
	id 1GeaiG-0006lZ-7K; Mon, 30 Oct 2006 11:14:23 -0600
Received: from jgoerzen by ralph.internal.excelhustler.com with local (Exim 4.62)
	(envelope-from <jgoerzen at complete.org>)
	id 1GeaiG-0002Pr-4j; Mon, 30 Oct 2006 11:14:16 -0600
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: John Goerzen <jgoerzen at complete.org>
To: Debian Bug Tracking System <submit at bugs.debian.org>
Message-ID: <20061030171416.9268.82955.reportbug at ralph.internal.excelhustler.com>
X-Mailer: reportbug 3.21.2
Date: Mon, 30 Oct 2006 11:14:16 -0600
X-Virus-Scanned: by Exiscan on excelhustler.com at Mon, 30 Oct 2006 11:14:23 -0600
Delivered-To: submit at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02

Package: samba
Version: 3.0.23c-1
Severity: grave
Justification: renders package unusable

We are running Samba 3.0.23c on Debian.

Over the weekend, we updated out file server to Debian's kernel 2.6.18.  
We had previously never run a kernel with ACL support enabled.  Since 
the upgrade, we are seeing very strange permission behavior.  It appears 
to berelated to POSIX ACL support in Samba.

It seems that what's happening is this.

We have a number of files that are user/group writable (permissions 0664). 
When a user that is someone other than the Unix owner of the file writes 
to it, the permissions switch to 0474 (-r--rwxr--) and an ACL is added 
with this second user getting read/write permission to it.

Unfortunately, the Unix owner of the file now is locked out of writing 
to it.

We never had any problem with permissions on these files before using  
the ACL-enabled kernel.  


-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-1-xen-amd64
Locale: LANG=C, LC_CTYPE=en_US (charmap=ISO-8859-1)

Versions of packages samba depends on:
ii  debconf [debconf-2.0]      1.5.3         Debian configuration management sy
ii  libacl1                    2.2.41-1      Access control list shared library
ii  libattr1                   2.4.32-1      Extended attribute shared library
ii  libc6                      2.3.6.ds1-4   GNU C Library: Shared libraries
ii  libcomerr2                 1.39-1        common error description library
ii  libcupsys2                 1.2.2-2       Common UNIX Printing System(tm) - 
ii  libgnutls13                1.4.2-1       the GNU TLS library - runtime libr
ii  libkrb53                   1.4.4~beta1-1 MIT Kerberos runtime libraries
ii  libldap2                   2.1.30-13+b1  OpenLDAP libraries
ii  libpam-modules             0.79-3.1      Pluggable Authentication Modules f
ii  libpam-runtime             0.79-3.1      Runtime support for the PAM librar
ii  libpam0g                   0.79-3.1      Pluggable Authentication Modules l
ii  libpopt0                   1.10-2        lib for parsing cmdline parameters
ii  logrotate                  3.7.1-3       Log rotation utility
ii  lsb-base                   3.1-14        Linux Standard Base 3.1 init scrip
ii  netbase                    4.25          Basic TCP/IP networking system
ii  procps                     1:3.2.7-2     /proc file system utilities
ii  samba-common               3.0.23c-1     Samba common files used by both th
ii  zlib1g                     1:1.2.3-13    compression library - runtime

Versions of packages samba recommends:
pn  smbldap-tools                 <none>     (no description available)

-- debconf information:
  samba/nmbd_from_inetd:
* samba/run_mode: daemons
  samba/log_files_moved:
  samba/tdbsam: false
* samba/generate_smbpasswd: false

More information about the Pkg-samba-maint mailing list