* [PATCH] net/slirp: Fix incorrect permissions on samba >= 2.0.5
@ 2021-02-23 2:41 Niklas Hambüchen
2021-03-19 2:16 ` Niklas Hambüchen
` (2 more replies)
0 siblings, 3 replies; 7+ messages in thread
From: Niklas Hambüchen @ 2021-02-23 2:41 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-stable, qemu-trivial
As the added commend and `man smb.conf` explain, starting
with that samba version, `force user` must be configured
in `[global]` in order to access the configured `smb_dir`.
This broke `-net user,smb=/path/to/folder`:
The `chdir` into e.g. `/run/user/0/qemu-smb.DCZ8Y0` failed.
In verbose logs, this manifested as:
[..., effective(65534, 65534), real(65534, 0)] /source3/smbd/service.c:159(chdir_current_service)
chdir (/run/user/0) failed, reason: Permission denied
[..., effective(65534, 65534), real(65534, 0)] /source3/smbd/service.c:167(chdir_current_service)
chdir (/run/user/0) failed, reason: Permission denied
[..., effective(65534, 65534), real(65534, 0)] /source3/smbd/uid.c:448(change_to_user_internal)
change_to_user_internal: chdir_current_service() failed!
This commit fixes it by setting the `[global]` force user to
the user that owns the directories `smbd` needs to access.
Signed-off-by: Niklas Hambüchen <mail@nh2.me>
---
net/slirp.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/net/slirp.c b/net/slirp.c
index be914c0be0..82387bdb19 100644
--- a/net/slirp.c
+++ b/net/slirp.c
@@ -850,6 +850,11 @@ static int slirp_smb(SlirpState* s, const char *exported_dir,
}
fprintf(f,
"[global]\n"
+ "# In Samba 2.0.5 and above the 'force user' parameter\n"
+ "# also causes the primary group of the forced user to be used\n"
+ "# as the primary group for all file activity.\n"
+ "# This includes the various directories set below.\n"
+ "force user=%s\n"
"private dir=%s\n"
"interfaces=127.0.0.1\n"
"bind interfaces only=yes\n"
@@ -871,6 +876,7 @@ static int slirp_smb(SlirpState* s, const char *exported_dir,
"read only=no\n"
"guest ok=yes\n"
"force user=%s\n",
+ passwd->pw_name,
s->smb_dir,
s->smb_dir,
s->smb_dir,
--
2.25.4
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH] net/slirp: Fix incorrect permissions on samba >= 2.0.5
2021-02-23 2:41 [PATCH] net/slirp: Fix incorrect permissions on samba >= 2.0.5 Niklas Hambüchen
@ 2021-03-19 2:16 ` Niklas Hambüchen
2021-04-30 16:48 ` Laurent Vivier
2021-04-30 17:29 ` Peter Maydell
2 siblings, 0 replies; 7+ messages in thread
From: Niklas Hambüchen @ 2021-03-19 2:16 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-stable, qemu-trivial
On 2/23/21 3:41 AM, Niklas Hambüchen wrote:
> This broke `-net user,smb=/path/to/folder`:
Hey, just a short ping on whether anyone would have a moment to review this `qemu-trivial` patch; it would be very nice to have SMB support to work out of the box again.
Thanks!
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] net/slirp: Fix incorrect permissions on samba >= 2.0.5
2021-02-23 2:41 [PATCH] net/slirp: Fix incorrect permissions on samba >= 2.0.5 Niklas Hambüchen
2021-03-19 2:16 ` Niklas Hambüchen
@ 2021-04-30 16:48 ` Laurent Vivier
2021-04-30 16:51 ` Samuel Thibault
2021-04-30 17:29 ` Peter Maydell
2 siblings, 1 reply; 7+ messages in thread
From: Laurent Vivier @ 2021-04-30 16:48 UTC (permalink / raw)
To: Niklas Hambüchen, qemu-devel
Cc: qemu-trivial, Samuel Thibault, qemu-stable
CC: +Samuel
Le 23/02/2021 à 03:41, Niklas Hambüchen a écrit :
> As the added commend and `man smb.conf` explain, starting
> with that samba version, `force user` must be configured
> in `[global]` in order to access the configured `smb_dir`.
>
> This broke `-net user,smb=/path/to/folder`:
>
> The `chdir` into e.g. `/run/user/0/qemu-smb.DCZ8Y0` failed.
> In verbose logs, this manifested as:
>
> [..., effective(65534, 65534), real(65534, 0)] /source3/smbd/service.c:159(chdir_current_service)
> chdir (/run/user/0) failed, reason: Permission denied
>
> [..., effective(65534, 65534), real(65534, 0)] /source3/smbd/service.c:167(chdir_current_service)
> chdir (/run/user/0) failed, reason: Permission denied
>
> [..., effective(65534, 65534), real(65534, 0)] /source3/smbd/uid.c:448(change_to_user_internal)
> change_to_user_internal: chdir_current_service() failed!
>
> This commit fixes it by setting the `[global]` force user to
> the user that owns the directories `smbd` needs to access.
>
> Signed-off-by: Niklas Hambüchen <mail@nh2.me>
> ---
> net/slirp.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/net/slirp.c b/net/slirp.c
> index be914c0be0..82387bdb19 100644
> --- a/net/slirp.c
> +++ b/net/slirp.c
> @@ -850,6 +850,11 @@ static int slirp_smb(SlirpState* s, const char *exported_dir,
> }
> fprintf(f,
> "[global]\n"
> + "# In Samba 2.0.5 and above the 'force user' parameter\n"
> + "# also causes the primary group of the forced user to be used\n"
> + "# as the primary group for all file activity.\n"
> + "# This includes the various directories set below.\n"
> + "force user=%s\n"
> "private dir=%s\n"
> "interfaces=127.0.0.1\n"
> "bind interfaces only=yes\n"
> @@ -871,6 +876,7 @@ static int slirp_smb(SlirpState* s, const char *exported_dir,
> "read only=no\n"
> "guest ok=yes\n"
> "force user=%s\n",
> + passwd->pw_name,
> s->smb_dir,
> s->smb_dir,
> s->smb_dir,
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] net/slirp: Fix incorrect permissions on samba >= 2.0.5
2021-04-30 16:48 ` Laurent Vivier
@ 2021-04-30 16:51 ` Samuel Thibault
0 siblings, 0 replies; 7+ messages in thread
From: Samuel Thibault @ 2021-04-30 16:51 UTC (permalink / raw)
To: Laurent Vivier
Cc: Niklas Hambüchen, qemu-trivial, qemu-devel, qemu-stable
Laurent Vivier, le ven. 30 avril 2021 18:48:29 +0200, a ecrit:
> CC: +Samuel
I don't know the smb code at all.
> Le 23/02/2021 à 03:41, Niklas Hambüchen a écrit :
> > As the added commend and `man smb.conf` explain, starting
> > with that samba version, `force user` must be configured
> > in `[global]` in order to access the configured `smb_dir`.
> >
> > This broke `-net user,smb=/path/to/folder`:
> >
> > The `chdir` into e.g. `/run/user/0/qemu-smb.DCZ8Y0` failed.
> > In verbose logs, this manifested as:
> >
> > [..., effective(65534, 65534), real(65534, 0)] /source3/smbd/service.c:159(chdir_current_service)
> > chdir (/run/user/0) failed, reason: Permission denied
> >
> > [..., effective(65534, 65534), real(65534, 0)] /source3/smbd/service.c:167(chdir_current_service)
> > chdir (/run/user/0) failed, reason: Permission denied
> >
> > [..., effective(65534, 65534), real(65534, 0)] /source3/smbd/uid.c:448(change_to_user_internal)
> > change_to_user_internal: chdir_current_service() failed!
> >
> > This commit fixes it by setting the `[global]` force user to
> > the user that owns the directories `smbd` needs to access.
> >
> > Signed-off-by: Niklas Hambüchen <mail@nh2.me>
> > ---
> > net/slirp.c | 6 ++++++
> > 1 file changed, 6 insertions(+)
> >
> > diff --git a/net/slirp.c b/net/slirp.c
> > index be914c0be0..82387bdb19 100644
> > --- a/net/slirp.c
> > +++ b/net/slirp.c
> > @@ -850,6 +850,11 @@ static int slirp_smb(SlirpState* s, const char *exported_dir,
> > }
> > fprintf(f,
> > "[global]\n"
> > + "# In Samba 2.0.5 and above the 'force user' parameter\n"
> > + "# also causes the primary group of the forced user to be used\n"
> > + "# as the primary group for all file activity.\n"
> > + "# This includes the various directories set below.\n"
> > + "force user=%s\n"
> > "private dir=%s\n"
> > "interfaces=127.0.0.1\n"
> > "bind interfaces only=yes\n"
> > @@ -871,6 +876,7 @@ static int slirp_smb(SlirpState* s, const char *exported_dir,
> > "read only=no\n"
> > "guest ok=yes\n"
> > "force user=%s\n",
> > + passwd->pw_name,
> > s->smb_dir,
> > s->smb_dir,
> > s->smb_dir,
> >
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] net/slirp: Fix incorrect permissions on samba >= 2.0.5
2021-02-23 2:41 [PATCH] net/slirp: Fix incorrect permissions on samba >= 2.0.5 Niklas Hambüchen
2021-03-19 2:16 ` Niklas Hambüchen
2021-04-30 16:48 ` Laurent Vivier
@ 2021-04-30 17:29 ` Peter Maydell
2021-04-30 18:19 ` Niklas Hambüchen
2 siblings, 1 reply; 7+ messages in thread
From: Peter Maydell @ 2021-04-30 17:29 UTC (permalink / raw)
To: Niklas Hambüchen; +Cc: QEMU Trivial, QEMU Developers, qemu-stable
On Tue, 23 Feb 2021 at 05:06, Niklas Hambüchen <mail@nh2.me> wrote:
>
> As the added commend and `man smb.conf` explain, starting
> with that samba version, `force user` must be configured
> in `[global]` in order to access the configured `smb_dir`.
>
> This broke `-net user,smb=/path/to/folder`:
>
> The `chdir` into e.g. `/run/user/0/qemu-smb.DCZ8Y0` failed.
> In verbose logs, this manifested as:
>
> [..., effective(65534, 65534), real(65534, 0)] /source3/smbd/service.c:159(chdir_current_service)
> chdir (/run/user/0) failed, reason: Permission denied
>
> [..., effective(65534, 65534), real(65534, 0)] /source3/smbd/service.c:167(chdir_current_service)
> chdir (/run/user/0) failed, reason: Permission denied
>
> [..., effective(65534, 65534), real(65534, 0)] /source3/smbd/uid.c:448(change_to_user_internal)
> change_to_user_internal: chdir_current_service() failed!
>
> This commit fixes it by setting the `[global]` force user to
> the user that owns the directories `smbd` needs to access.
>
> Signed-off-by: Niklas Hambüchen <mail@nh2.me>
> ---
> net/slirp.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/net/slirp.c b/net/slirp.c
> index be914c0be0..82387bdb19 100644
> --- a/net/slirp.c
> +++ b/net/slirp.c
> @@ -850,6 +850,11 @@ static int slirp_smb(SlirpState* s, const char *exported_dir,
> }
> fprintf(f,
> "[global]\n"
> + "# In Samba 2.0.5 and above the 'force user' parameter\n"
> + "# also causes the primary group of the forced user to be used\n"
> + "# as the primary group for all file activity.\n"
> + "# This includes the various directories set below.\n"
> + "force user=%s\n"
> "private dir=%s\n"
> "interfaces=127.0.0.1\n"
> "bind interfaces only=yes\n"
> @@ -871,6 +876,7 @@ static int slirp_smb(SlirpState* s, const char *exported_dir,
> "read only=no\n"
> "guest ok=yes\n"
> "force user=%s\n",
> + passwd->pw_name,
> s->smb_dir,
> s->smb_dir,
> s->smb_dir,
> --
> 2.25.4
If we add 'force user=whoever' to the [global] section, is it then
unnecessary to also specify it in the [qemu] section ?
thanks
-- PMM
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] net/slirp: Fix incorrect permissions on samba >= 2.0.5
2021-04-30 17:29 ` Peter Maydell
@ 2021-04-30 18:19 ` Niklas Hambüchen
2021-12-06 18:25 ` Niklas Hambüchen
0 siblings, 1 reply; 7+ messages in thread
From: Niklas Hambüchen @ 2021-04-30 18:19 UTC (permalink / raw)
To: Peter Maydell; +Cc: QEMU Developers, qemu-stable, QEMU Trivial
On 4/30/21 7:29 PM, Peter Maydell wrote:
> If we add 'force user=whoever' to the [global] section, is it then
> unnecessary to also specify it in the [qemu] section ?
I believe it is, yes.
Source: https://www.samba.org/~ab/output/htmldocs/manpages-3/smb.conf.5.html#id2506183
> All S parameters can also be specified in the [global] section - in which case they will define the default behavior for all services.
And `force user (S)` in those docs is an "S parameter".
My patch does not remove the one in [qemu] because I found it somewhat nice to have the settings for "who owns management dirs like 'locks'" and "who owns the files inside the [qemu] share" both be stated explicitly.
It makes it a bit more obvious what's going on.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] net/slirp: Fix incorrect permissions on samba >= 2.0.5
2021-04-30 18:19 ` Niklas Hambüchen
@ 2021-12-06 18:25 ` Niklas Hambüchen
0 siblings, 0 replies; 7+ messages in thread
From: Niklas Hambüchen @ 2021-12-06 18:25 UTC (permalink / raw)
To: QEMU Developers, qemu-stable, QEMU Trivial; +Cc: Peter Maydell
Hey all,
just checking on an update. It would be great if this could be included in the coming/next QEMU release.
Cheers!
Niklas
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2021-12-06 18:28 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-23 2:41 [PATCH] net/slirp: Fix incorrect permissions on samba >= 2.0.5 Niklas Hambüchen
2021-03-19 2:16 ` Niklas Hambüchen
2021-04-30 16:48 ` Laurent Vivier
2021-04-30 16:51 ` Samuel Thibault
2021-04-30 17:29 ` Peter Maydell
2021-04-30 18:19 ` Niklas Hambüchen
2021-12-06 18:25 ` Niklas Hambüchen
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.