From: Samuel Thibault <samuel.thibault@gnu.org>
To: Laurent Vivier <laurent@vivier.eu>
Cc: "Niklas Hambüchen" <mail@nh2.me>,
qemu-trivial@nongnu.org, qemu-devel@nongnu.org,
qemu-stable@nongnu.org
Subject: Re: [PATCH] net/slirp: Fix incorrect permissions on samba >= 2.0.5
Date: Fri, 30 Apr 2021 18:51:31 +0200 [thread overview]
Message-ID: <20210430165131.7ucqmsdqaaua2axt@begin> (raw)
In-Reply-To: <1cc238f3-c695-4975-3e26-de98da916ff0@vivier.eu>
Laurent Vivier, le ven. 30 avril 2021 18:48:29 +0200, a ecrit:
> CC: +Samuel
I don't know the smb code at all.
> Le 23/02/2021 à 03:41, Niklas Hambüchen a écrit :
> > As the added commend and `man smb.conf` explain, starting
> > with that samba version, `force user` must be configured
> > in `[global]` in order to access the configured `smb_dir`.
> >
> > This broke `-net user,smb=/path/to/folder`:
> >
> > The `chdir` into e.g. `/run/user/0/qemu-smb.DCZ8Y0` failed.
> > In verbose logs, this manifested as:
> >
> > [..., effective(65534, 65534), real(65534, 0)] /source3/smbd/service.c:159(chdir_current_service)
> > chdir (/run/user/0) failed, reason: Permission denied
> >
> > [..., effective(65534, 65534), real(65534, 0)] /source3/smbd/service.c:167(chdir_current_service)
> > chdir (/run/user/0) failed, reason: Permission denied
> >
> > [..., effective(65534, 65534), real(65534, 0)] /source3/smbd/uid.c:448(change_to_user_internal)
> > change_to_user_internal: chdir_current_service() failed!
> >
> > This commit fixes it by setting the `[global]` force user to
> > the user that owns the directories `smbd` needs to access.
> >
> > Signed-off-by: Niklas Hambüchen <mail@nh2.me>
> > ---
> > net/slirp.c | 6 ++++++
> > 1 file changed, 6 insertions(+)
> >
> > diff --git a/net/slirp.c b/net/slirp.c
> > index be914c0be0..82387bdb19 100644
> > --- a/net/slirp.c
> > +++ b/net/slirp.c
> > @@ -850,6 +850,11 @@ static int slirp_smb(SlirpState* s, const char *exported_dir,
> > }
> > fprintf(f,
> > "[global]\n"
> > + "# In Samba 2.0.5 and above the 'force user' parameter\n"
> > + "# also causes the primary group of the forced user to be used\n"
> > + "# as the primary group for all file activity.\n"
> > + "# This includes the various directories set below.\n"
> > + "force user=%s\n"
> > "private dir=%s\n"
> > "interfaces=127.0.0.1\n"
> > "bind interfaces only=yes\n"
> > @@ -871,6 +876,7 @@ static int slirp_smb(SlirpState* s, const char *exported_dir,
> > "read only=no\n"
> > "guest ok=yes\n"
> > "force user=%s\n",
> > + passwd->pw_name,
> > s->smb_dir,
> > s->smb_dir,
> > s->smb_dir,
> >
>
next prev parent reply other threads:[~2021-04-30 17:26 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-23 2:41 [PATCH] net/slirp: Fix incorrect permissions on samba >= 2.0.5 Niklas Hambüchen
2021-03-19 2:16 ` Niklas Hambüchen
2021-04-30 16:48 ` Laurent Vivier
2021-04-30 16:51 ` Samuel Thibault [this message]
2021-04-30 17:29 ` Peter Maydell
2021-04-30 18:19 ` Niklas Hambüchen
2021-12-06 18:25 ` Niklas Hambüchen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210430165131.7ucqmsdqaaua2axt@begin \
--to=samuel.thibault@gnu.org \
--cc=laurent@vivier.eu \
--cc=mail@nh2.me \
--cc=qemu-devel@nongnu.org \
--cc=qemu-stable@nongnu.org \
--cc=qemu-trivial@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).