Ubuntu
samba package

  1. Bug #2009858
  2. Comment #3

Comment 3 for bug 2009858

Revision history for this message
Francis Brosnan (francis-aspl) wrote :

Hello,

In our case, after upgrading, all shares are able to connect (though it is
done using anonymous user) but it fails to list with NT_STATUS_ACCESS_DENIED:

root@xxx:~# smbclient //192.xx.xx.211/Compartida -U xxx -p
Password for [WORKGROUP\xxx]:
Try "help" to get a list of possible commands.
smb: \> ls
NT_STATUS_ACCESS_DENIED listing \*

Tracing log debug it just reports the following:

2023/03/10 14:05:40.589326, 5, pid=2892249, effective(1000, 1000), real(1000, 0)] ../../source3/smbd/open.c:4621(open_directory)
  open_directory: Could not open fd for [.]: NT_STATUS_ACCESS_DENIED
[2023/03/10 14:05:40.589368, 10, pid=2892249, effective(1000, 1000), real(1000, 0)] ../../source3/smbd/open.c:6128(create_file_unixpath)
  create_file_unixpath: NT_STATUS_ACCESS_DENIED
[2023/03/10 14:05:40.589488, 10, pid=2892249, effective(1000, 1000), real(1000, 0)] ../../source3/smbd/open.c:6316(create_file_default)
  create_file: NT_STATUS_ACCESS_DENIED

However, it does have permissions. Doing an inspection with strace, you can see
it can traverse directory needed, and open it, but it fails in a /proc/self
open operation:

>> strace -p <smbd process pid>
...
...
getegid() = 0
setgroups(8, [1000, 4, 24, 27, 30, 46, 116, 65534]) = 0
setresgid(-1, 1000, -1) = 0
getegid() = 1000
setresuid(1000, 1000, -1) = 0
geteuid() = 1000
chdir("/home/administrador/Compartida") = 0
stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat("/home/administrador/Compartida", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
getcwd("/home/administrador/Compartida", 4096) = 31
getcwd("/home/administrador/Compartida", 4096) = 31
openat(AT_FDCWD, ".", O_RDONLY|O_NOFOLLOW|O_PATH|O_DIRECTORY) = 13
fstat(13, {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
getcwd("/home/administrador/Compartida", 4096) = 31
openat(AT_FDCWD, ".", O_RDONLY|O_NOFOLLOW|O_PATH|O_DIRECTORY) = 44
fstat(44, {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
openat(AT_FDCWD, "/proc/self/fd/13", O_RDONLY|O_DIRECTORY) = -1 EACCES (Permiso denegado)
close(13) = 0
fcntl(26, F_SETLK, {l_type=F_WRLCK, l_whence=SEEK_SET, l_start=36528, l_len=1}) = 0
fcntl(26, F_SETLKW, {l_type=F_UNLCK, l_whence=SEEK_SET, l_start=36528, l_len=1}) = 0
close(44) = 0
...
...

Here is our package list:

ii python3-samba 2:4.15.13+dfsg-0ubuntu0.20.04.1 amd64 Python 3 bindings for Samba
ii samba 2:4.15.13+dfsg-0ubuntu0.20.04.1 amd64 SMB/CIFS file, print, and login server for Unix
ii samba-common 2:4.15.13+dfsg-0ubuntu0.20.04.1 all common files used by both the Samba server and client
ii samba-common-bin 2:4.15.13+dfsg-0ubuntu0.20.04.1 amd64 Samba common files used by both the server and the client
ii samba-dsdb-modules:amd64 2:4.15.13+dfsg-0ubuntu0.20.04.1 amd64 Samba Directory Services Database
ii samba-libs:amd64 2:4.15.13+dfsg-0ubuntu0.20.04.1 amd64 Samba core libraries
ii samba-vfs-modules:amd64 2:4.15.13+dfsg-0ubuntu0.20.04.1 amd64 Samba Virtual FileSystem plugins