From: Peter Maydell <peter.maydell@linaro.org>
To: "Niklas Hambüchen" <mail@nh2.me>
Cc: QEMU Trivial <qemu-trivial@nongnu.org>,
QEMU Developers <qemu-devel@nongnu.org>,
qemu-stable <qemu-stable@nongnu.org>
Subject: Re: [PATCH] net/slirp: Fix incorrect permissions on samba >= 2.0.5
Date: Fri, 30 Apr 2021 18:29:53 +0100 [thread overview]
Message-ID: <CAFEAcA-TxOys5d=SAqwqU749j3-UoBf+WsWpMYZW_35w1r2ypQ@mail.gmail.com> (raw)
In-Reply-To: <c2b98872-4649-c291-bfb2-0fd5b3d40ac4@nh2.me>
On Tue, 23 Feb 2021 at 05:06, Niklas Hambüchen <mail@nh2.me> wrote:
>
> As the added commend and `man smb.conf` explain, starting
> with that samba version, `force user` must be configured
> in `[global]` in order to access the configured `smb_dir`.
>
> This broke `-net user,smb=/path/to/folder`:
>
> The `chdir` into e.g. `/run/user/0/qemu-smb.DCZ8Y0` failed.
> In verbose logs, this manifested as:
>
> [..., effective(65534, 65534), real(65534, 0)] /source3/smbd/service.c:159(chdir_current_service)
> chdir (/run/user/0) failed, reason: Permission denied
>
> [..., effective(65534, 65534), real(65534, 0)] /source3/smbd/service.c:167(chdir_current_service)
> chdir (/run/user/0) failed, reason: Permission denied
>
> [..., effective(65534, 65534), real(65534, 0)] /source3/smbd/uid.c:448(change_to_user_internal)
> change_to_user_internal: chdir_current_service() failed!
>
> This commit fixes it by setting the `[global]` force user to
> the user that owns the directories `smbd` needs to access.
>
> Signed-off-by: Niklas Hambüchen <mail@nh2.me>
> ---
> net/slirp.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/net/slirp.c b/net/slirp.c
> index be914c0be0..82387bdb19 100644
> --- a/net/slirp.c
> +++ b/net/slirp.c
> @@ -850,6 +850,11 @@ static int slirp_smb(SlirpState* s, const char *exported_dir,
> }
> fprintf(f,
> "[global]\n"
> + "# In Samba 2.0.5 and above the 'force user' parameter\n"
> + "# also causes the primary group of the forced user to be used\n"
> + "# as the primary group for all file activity.\n"
> + "# This includes the various directories set below.\n"
> + "force user=%s\n"
> "private dir=%s\n"
> "interfaces=127.0.0.1\n"
> "bind interfaces only=yes\n"
> @@ -871,6 +876,7 @@ static int slirp_smb(SlirpState* s, const char *exported_dir,
> "read only=no\n"
> "guest ok=yes\n"
> "force user=%s\n",
> + passwd->pw_name,
> s->smb_dir,
> s->smb_dir,
> s->smb_dir,
> --
> 2.25.4
If we add 'force user=whoever' to the [global] section, is it then
unnecessary to also specify it in the [qemu] section ?
thanks
-- PMM
next prev parent reply other threads:[~2021-04-30 17:57 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-23 2:41 [PATCH] net/slirp: Fix incorrect permissions on samba >= 2.0.5 Niklas Hambüchen
2021-03-19 2:16 ` Niklas Hambüchen
2021-04-30 16:48 ` Laurent Vivier
2021-04-30 16:51 ` Samuel Thibault
2021-04-30 17:29 ` Peter Maydell [this message]
2021-04-30 18:19 ` Niklas Hambüchen
2021-12-06 18:25 ` Niklas Hambüchen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAFEAcA-TxOys5d=SAqwqU749j3-UoBf+WsWpMYZW_35w1r2ypQ@mail.gmail.com' \
--to=peter.maydell@linaro.org \
--cc=mail@nh2.me \
--cc=qemu-devel@nongnu.org \
--cc=qemu-stable@nongnu.org \
--cc=qemu-trivial@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).