[Pkg-samba-maint] [Bug 8933] Regression after security update - linux client unable to delete files
samba-bugs at samba.org
samba-bugs at samba.org
Fri May 11 13:30:56 UTC 2012
https://bugzilla.samba.org/show_bug.cgi?id=8933
--- Comment #2 from Jeremy Allison <jra at samba.org> 2012-05-11 13:30:55 UTC ---
Here is the authentication token of the connected user:
NT user token of user S-1-22-1-10249
contains 6 SIDs
SID[ 0]: S-1-22-1-10249
SID[ 1]: S-1-5-21-2222734727-3523169228-4078589058-514
SID[ 2]: S-1-1-0
SID[ 3]: S-1-5-2
SID[ 4]: S-1-5-11
SID[ 5]: S-1-22-2-10014
SE_PRIV 0x0 0x0 0x0 0x0
Note the primary SID is a Samba-UNIX-style SID (i.e. no mapping from a Windows
name has been done).
Now look at the unlink call that fails. At line 4445 we see the file has
permissions:
canon_ace index 0. Type = allow SID =
S-1-5-21-2222734727-3523169228-4078589058-21249 uid 10249 (zalohymail)
SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx
canon_ace index 1. Type = allow SID = S-1-22-2-0 gid 0 (root)
SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms r-x
canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags =
0x0 perms r-x
Note that the owning user is S-1-5-21-2222734727-3523169228-4078589058-21249,
which is the same as UNIX user uid 10249 - the problem is that when this user
logged in the uid 10249 isn't being mapped into SID
S-1-5-21-2222734727-3523169228-4078589058-21249, but into SID S-1-22-1-10249.
That's the issue. The log doesn't show the user login information, so there
isn't enough information to know why the lookup isn't being done.
I'd suggest retrying with a later Samba version to see if the mapping of the
incoming user is being done to the correct SID.
--
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the reporter.
More information about the Pkg-samba-maint
mailing list