From: Jeremy Allison <jra@samba.org>
To: Julian Sikorski <belegdol@gmail.com>, linux-cifs@vger.kernel.org
Subject: Re: Permission denied when chainbuilding packages with mock
Date: Sun, 7 Nov 2021 13:49:47 -0800 [thread overview]
Message-ID: <YYhJ+8ehPFX1XDhv@jeremy-acer> (raw)
In-Reply-To: <YYhI1bpioEOXnFYf@jeremy-acer>
On Sun, Nov 07, 2021 at 01:44:53PM -0800, Jeremy Allison wrote:
>On Sun, Nov 07, 2021 at 10:10:17PM +0100, Julian Sikorski wrote:
>>
>>but it is not really clear _why_ is the access being denied. Any
>>ideas where to look? Thanks!
>
>What debug log level are you using on th server ? To debug
>something like this use log level 10.
>
>fsync failed: Permission denied
>
>is strange. I need to see what access mask the fsp is being
>opened with. If it's a directory, it might be running into
>this (from smbd_smb2_flush_send()):
>
> if (!CHECK_WRITE(fsp)) {
> bool allow_dir_flush = false;
> uint32_t flush_access = FILE_ADD_FILE | FILE_ADD_SUBDIRECTORY;
>
> if (!fsp->fsp_flags.is_directory) {
> tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
> return tevent_req_post(req, ev);
> }
>
> /*
> * Directories are not writable in the conventional
> * sense, but if opened with *either*
> * FILE_ADD_FILE or FILE_ADD_SUBDIRECTORY
> * they can be flushed.
> */
>
> if ((fsp->access_mask & flush_access) != 0) {
> allow_dir_flush = true;
> }
>
> if (allow_dir_flush == false) {
> tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
> return tevent_req_post(req, ev);
> }
> }
>
>as 'man 2 fsync' on Linux doesn't show EACCES as a possible return
>error from fsync.
>
>If this is the case, then the client redirector is relying on Linux-specific
>behavior. From 'man 2 fsync':
>
>NOTES
> On some UNIX systems (but not Linux), fd must be a writable file descriptor.
If this is actually what is happening, Samba is implementing the
Windows semantics, and not the Linux ones (as we should). From
the Microsoft MS-SMB2 spec:
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/026984f6-38af-4408-8200-50557eb0a286
--------------------------------------------------------------------------
3.3.5.11 Receiving an SMB2 FLUSH Request
10/04/2021
When the server receives a request with an SMB2 header with a Command value
equal to SMB2 FLUSH, message handling proceeds as follows:
The server MUST locate the session, as specified in section 3.3.5.2.9.
The server MUST locate the tree connection, as specified in section 3.3.5.2.11.
Next the server MUST locate the open being flushed by performing
a lookup in the Session.OpenTable, using the FileId.Volatile of the
request as the lookup key. If no open is found, or if Open.DurableFileId
is not equal to FileId.Persistent, the server MUST fail the request
with STATUS_FILE_CLOSED. Otherwise, the server MUST locate the Request
in Connection.RequestList for which Request.MessageId matches
the MessageId value in the SMB2 header, and set Request.Open to the Open.
If the Open is on a file and Open.GrantedAccess includes neither
FILE_WRITE_DATA nor FILE_APPEND_DATA, the server MUST fail the
request with STATUS_ACCESS_DENIED.
If the Open is on a directory and Open.GrantedAccess includes
neither FILE_ADD_FILE nor FILE_ADD_SUBDIRECTORY, the server MUST
fail the request with STATUS_ACCESS_DENIED.
--------------------------------------------------------------------------
next prev parent reply other threads:[~2021-11-07 21:49 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-07 21:10 Permission denied when chainbuilding packages with mock Julian Sikorski
2021-11-07 21:44 ` Jeremy Allison
2021-11-07 21:49 ` Jeremy Allison [this message]
2021-11-07 22:03 ` Jeremy Allison
2021-11-07 22:15 ` Julian Sikorski
2021-11-07 22:47 ` Jeremy Allison
2021-11-07 22:50 ` Steve French
2021-11-07 22:55 ` Julian Sikorski
2021-11-08 1:46 ` Jeremy Allison
2021-11-07 22:51 ` Julian Sikorski
2021-11-08 1:48 ` Jeremy Allison
2021-11-08 6:59 ` Julian Sikorski
2021-11-08 15:52 ` Julian Sikorski
2021-11-08 16:46 ` Jeremy Allison
2021-11-09 8:10 ` Steve French
2021-11-09 9:26 ` Julian Sikorski
2021-11-10 0:54 ` Jeremy Allison
2021-11-10 7:56 ` Steve French
2021-11-10 11:23 ` Julian Sikorski
2021-11-13 15:37 ` Julian Sikorski
2021-11-15 3:25 ` Steve French
2021-11-15 7:10 ` Julian Sikorski
2021-11-09 19:25 ` Jeremy Allison
-- strict thread matches above, loose matches on Subject: below --
2021-11-07 15:44 Julian Sikorski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YYhJ+8ehPFX1XDhv@jeremy-acer \
--to=jra@samba.org \
--cc=belegdol@gmail.com \
--cc=linux-cifs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox