[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] net/slirp: Fix incorrect permissions on samba >= 2.0.5
From: |
Samuel Thibault |
Subject: |
Re: [PATCH] net/slirp: Fix incorrect permissions on samba >= 2.0.5 |
Date: |
Fri, 30 Apr 2021 18:51:31 +0200 |
User-agent: |
NeoMutt/20170609 (1.8.3) |
Laurent Vivier, le ven. 30 avril 2021 18:48:29 +0200, a ecrit:
> CC: +Samuel
I don't know the smb code at all.
> Le 23/02/2021 à 03:41, Niklas Hambüchen a écrit :
> > As the added commend and `man smb.conf` explain, starting
> > with that samba version, `force user` must be configured
> > in `[global]` in order to access the configured `smb_dir`.
> >
> > This broke `-net user,smb=/path/to/folder`:
> >
> > The `chdir` into e.g. `/run/user/0/qemu-smb.DCZ8Y0` failed.
> > In verbose logs, this manifested as:
> >
> > [..., effective(65534, 65534), real(65534, 0)]
> > /source3/smbd/service.c:159(chdir_current_service)
> > chdir (/run/user/0) failed, reason: Permission denied
> >
> > [..., effective(65534, 65534), real(65534, 0)]
> > /source3/smbd/service.c:167(chdir_current_service)
> > chdir (/run/user/0) failed, reason: Permission denied
> >
> > [..., effective(65534, 65534), real(65534, 0)]
> > /source3/smbd/uid.c:448(change_to_user_internal)
> > change_to_user_internal: chdir_current_service() failed!
> >
> > This commit fixes it by setting the `[global]` force user to
> > the user that owns the directories `smbd` needs to access.
> >
> > Signed-off-by: Niklas Hambüchen <mail@nh2.me>
> > ---
> > net/slirp.c | 6 ++++++
> > 1 file changed, 6 insertions(+)
> >
> > diff --git a/net/slirp.c b/net/slirp.c
> > index be914c0be0..82387bdb19 100644
> > --- a/net/slirp.c
> > +++ b/net/slirp.c
> > @@ -850,6 +850,11 @@ static int slirp_smb(SlirpState* s, const char
> > *exported_dir,
> > }
> > fprintf(f,
> > "[global]\n"
> > + "# In Samba 2.0.5 and above the 'force user' parameter\n"
> > + "# also causes the primary group of the forced user to be
> > used\n"
> > + "# as the primary group for all file activity.\n"
> > + "# This includes the various directories set below.\n"
> > + "force user=%s\n"
> > "private dir=%s\n"
> > "interfaces=127.0.0.1\n"
> > "bind interfaces only=yes\n"
> > @@ -871,6 +876,7 @@ static int slirp_smb(SlirpState* s, const char
> > *exported_dir,
> > "read only=no\n"
> > "guest ok=yes\n"
> > "force user=%s\n",
> > + passwd->pw_name,
> > s->smb_dir,
> > s->smb_dir,
> > s->smb_dir,
> >
>