[Pkg-samba-maint] Bug#858564: samba: Since 8u4, Samba does not allow files not in root directory of share

James Bellinger jfb1776 at gmail.com
Thu Mar 23 16:41:19 UTC 2017 

Package: samba
Version: 2:4.2.14+dfsg-0+deb8u2
Severity: grave
Justification: renders package unusable

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
	I upgraded to 8u4 through unattended upgrades.
   * What exactly did you do (or not do) that was effective (or
     ineffective)?
	(1) I attempt to create a file not in the root directory of the share.
	(2) I try to write to files not in the root directory of the share.
   * What was the outcome of this action?
	(1) Windows Explorer freezes entirely until I end task it.
	(2) It says permission denied.
   * What outcome did you expect instead?
	(1) Normally I can create files.
	(2) Normally I can access files.

I have reverted back to 8u2 and am no longer experiencing problems.
Access to the root directory of the share works fine.

My smb.conf is as follows:
(start)
[global]
server string = Server
workgroup = WORKGROUP
log level = 1

interfaces = eth0 eth0:0 eth0:1 eth0:2 eth0:3
bind interfaces only = yes
socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=65536 SO_RCVBUF=65536

server role = standalone server
disable netbios = yes
disable spoolss = yes
csc policy = disable
oplocks = no
server min protocol = NT1

passdb backend = tdbsam
encrypt passwords = yes
invalid users = root fsadmin
disable netbios = yes
disable spoolss = yes
csc policy = disable
oplocks = no
server min protocol = NT1

passdb backend = tdbsam
encrypt passwords = yes
invalid users = root fsadmin

follow symlinks = no
hide dot files = no
wide links = no

create mask = 660
directory mask = 770

vfs objects = acl_xattr streams_xattr full_audit
full_audit:prefix = %S|%u|%I
follow symlinks = no
hide dot files = no
wide links = no

create mask = 660
directory mask = 770

vfs objects = acl_xattr streams_xattr full_audit
full_audit:prefix = %S|%u|%I
full_audit:success = mkdir open opendir rename rmdir unlink
full_audit:failure = all !getxattr !removexattr !is_offline !readdir_att$
full_audit:facility = LOCAL7
full_audit:priority = ALERT

map acl inherit = yes
store dos attributes = yes

browseable = no
writeable = yes

include = /etc/samba/smb.conf.%i
(end)

As an example of the IP-address specific file, here's one:
(start)
[hr$]
comment = HR Server
path = /mnt/data/hr
force group = +AccessHR
valid users = @AccessHR
(end)

Permissions are absolutely fine. They are essentially 770.
AppArmor is enabled, but I disabled it and the problem still exists in 8u4.
It does not exist in 8u2.

*** End of the template - remove these template lines ***


-- System Information:
Debian Release: 8.7
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages samba depends on:
ii  adduser                              3.113+nmu3
ii  dpkg                                 1.17.27
ii  libbsd0                              0.7.0-2
ii  libc6                                2.19-18+deb8u7
ii  libhdb9-heimdal [heimdal-hdb-api-8]  1.6~rc2+dfsg-9
ii  libldb1                              2:1.1.20-0+deb8u1
ii  libpam-modules                       1.1.8-3.1+deb8u2
ii  libpam-runtime                       1.1.8-3.1+deb8u2
ii  libpopt0                             1.16-10
ii  libpython2.7                         2.7.9-2+deb8u1
ii  libtalloc2                           2.1.2-0+deb8u1
ii  libtdb1                              1.3.6-0+deb8u1
ii  libtevent0                           0.9.28-0+deb8u1
ii  lsb-base                             4.1+Debian13+nmu1
ii  multiarch-support                    2.19-18+deb8u7
ii  procps                               2:3.3.9-9
ii  python                               2.7.9-1
ii  python-dnspython                     1.12.0-1
ii  python-ntdb                          1.0-5
ii  python-samba                         2:4.2.14+dfsg-0+deb8u2
pn  python2.7:any                        <none>
ii  samba-common                         2:4.2.14+dfsg-0+deb8u2
ii  samba-common-bin                     2:4.2.14+dfsg-0+deb8u2
ii  samba-dsdb-modules                   2:4.2.14+dfsg-0+deb8u2
ii  samba-libs                           2:4.2.14+dfsg-0+deb8u2
ii  tdb-tools                            1.3.6-0+deb8u1
ii  update-inetd                         4.43

Versions of packages samba recommends:
ii  attr               1:2.4.47-2
ii  logrotate          3.8.7-1+b1
ii  samba-vfs-modules  2:4.2.14+dfsg-0+deb8u2

Versions of packages samba suggests:
pn  bind9          <none>
pn  bind9utils     <none>
pn  ctdb           <none>
pn  ldb-tools      <none>
pn  ntp            <none>
pn  smbldap-tools  <none>
pn  winbind        <none>

-- no debconf information

More information about the Pkg-samba-maint mailing list