Comment 0 for bug 271922

Binary package hint: smbfs

When creating files on a CIFS-mounted filesystem, default ACL are not inherited. However, directory created on same CIFS-mounted filesystem works just fine.

Both server and client are Ubuntu 8.04. On the server, running samba 3.0.28a-1ubuntu4.5, smb.conf is entirely distribution-default, except for the share definition:

[share]
        path = /srv/share
        read only = No
        inherit acls = Yes

Note that, in examples below, ubuntu is uid 1000 on both hardy-server and hardy-desktop.

On the server:

ubuntu@hardy-server:~$ umask
0022
ubuntu@hardy-server:~$ cd /srv/share
ubuntu@hardy-server:/srv/share$ sudo mkdir test-acl
ubuntu@hardy-server:/srv/share$ sudo chown ubuntu:ubuntu test-acl
ubuntu@hardy-server:/srv/share$ setfacl -m d:o:rwx test-acl
ubuntu@hardy-server:/srv/share$ mkdir test-acl/dir-local
ubuntu@hardy-server:/srv/share$ touch test-acl/file-local
ubuntu@hardy-server:/srv/share$ getfacl -R test-acl
# file: test-acl
# owner: ubuntu
# group: ubuntu
user::rwx
group::r-x
other::r-x
default:user::rwx
default:group::r-x
default:other::rwx

# file: test-acl/dir-local
# owner: ubuntu
# group: ubuntu
user::rwx
group::r-x
other::rwx
default:user::rwx
default:group::r-x
default:other::rwx

# file: test-acl/file-local
# owner: ubuntu
# group: ubuntu
user::rw-
group::r--
other::rw-

So far so good. Now, on the client, which have smbfs 3.0.28a-1ubuntu4.6 from hardy-proposed installed:

ubuntu@hardy-desktop-krb5:~$ uname -r
2.6.24-20-generic
ubuntu@hardy-desktop-krb5:~$ modinfo -F version cifs
1.52
ubuntu@hardy-desktop:~$ umask
0022
ubuntu@hardy-desktop:~$ grep hardy-server /etc/fstab
//hardy-server.montreal.canonical.com/share /home/ubuntu/hardy-server cifs user,username=ubuntu,password=whatever 0 0
ubuntu@hardy-desktop:~$ mkdir /home/ubuntu/hardy-server
ubuntu@hardy-desktop:~$ mount /home/ubuntu/hardy-server
ubuntu@hardy-desktop:~$ cd /home/ubuntu/hardy-server/test-acl
ubuntu@hardy-desktop:~/hardy-server/test-acl$ mkdir dir-cifs
ubuntu@hardy-desktop:~/hardy-server/test-acl$ touch file-cifs

Now, I cannot use getfacl to display the ACL from the client as the cifs module have not been compiled with CONFIG_CIFS_XATTR, but from the server:

ubuntu@hardy-server:/srv/share/test-acl$ getfacl *-cifs
# file: dir-cifs
# owner: ubuntu
# group: ubuntu
user::rwx
group::r-x
other::rwx
default:user::rwx
default:group::r-x
default:other::rwx

# file: file-cifs
# owner: ubuntu
# group: ubuntu
user::rw-
group::r--
other::r--

We can see the directory inherited the default ACL, but the file created on the client over the CIFS-mounted file system do not appear to have got the w permission propagated from the parent directory as expected. Even more puzzling, it appear to work as expected when using smbclient:

ubuntu@hardy-desktop:~$ touch file-smbclient
ubuntu@hardy-desktop:~$ smbclient //hardy-server/share
Password:
Domain=[HARDY-SERVER] OS=[Unix] Server=[Samba 3.0.28a]t
smb: \> cd test-acl
smb: \test-acl\> mkdir dir-smbclient
smb: \test-acl\> put file-smbclient
putting file file-smbclient as \test-acl\file-smbclient (0.0 kb/s) (average 0.0 kb/s)
smb: \test-acl\> quit

Witness on the server:

ubuntu@hardy-server:~$ getfacl /srv/share/test-acl/*-smbclient
getfacl: Removing leading '/' from absolute path names
# file: srv/share/test-acl/dir-smbclient
# owner: ubuntu
# group: ubuntu
user::rwx
group::r-x
other::rwx
default:user::rwx
default:group::r-x
default:other::rwx

# file: srv/share/test-acl/file-smbclient
# owner: ubuntu
# group: ubuntu
user::rwx
group::r-x
other::rwx

I am puzzled. Could it relate to the umask? acl(5) seems to imply it could. But then, the umask is the same on both hardy-desktop and hardy-desktop (0022) and yet, the actual behavior differ depending on if the file is created locally or through a CIFS-mounted file system (it should not). Maybe I am just confused about what the correct behavior should be in the first place.