[PATCH] net/slirp: Fix incorrect permissions on samba >= 2.0.5

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] net/slirp: Fix incorrect permissions on samba >= 2.0.5
@ 2021-02-23  2:41 Niklas Hambüchen
  2021-03-19  2:16 ` Niklas Hambüchen
                   ` (2 more replies)
  0 siblings, 3 replies; 7+ messages in thread
From: Niklas Hambüchen @ 2021-02-23  2:41 UTC (permalink / raw)
  To: qemu-devel; +Cc: qemu-stable, qemu-trivial

As the added commend and `man smb.conf` explain, starting
with that samba version, `force user` must be configured
in `[global]` in order to access the configured `smb_dir`.

This broke `-net user,smb=/path/to/folder`:

The `chdir` into e.g. `/run/user/0/qemu-smb.DCZ8Y0` failed.
In verbose logs, this manifested as:

    [..., effective(65534, 65534), real(65534, 0)] /source3/smbd/service.c:159(chdir_current_service)
      chdir (/run/user/0) failed, reason: Permission denied

    [..., effective(65534, 65534), real(65534, 0)] /source3/smbd/service.c:167(chdir_current_service)
      chdir (/run/user/0) failed, reason: Permission denied

    [..., effective(65534, 65534), real(65534, 0)] /source3/smbd/uid.c:448(change_to_user_internal)
      change_to_user_internal: chdir_current_service() failed!

This commit fixes it by setting the `[global]` force user to
the user that owns the directories `smbd` needs to access.

Signed-off-by: Niklas Hambüchen <mail@nh2.me>
---
 net/slirp.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/net/slirp.c b/net/slirp.c
index be914c0be0..82387bdb19 100644
--- a/net/slirp.c
+++ b/net/slirp.c
@@ -850,6 +850,11 @@ static int slirp_smb(SlirpState* s, const char *exported_dir,
     }
     fprintf(f,
             "[global]\n"
+            "# In Samba 2.0.5 and above the 'force user' parameter\n"
+            "# also causes the primary group of the forced user to be used\n"
+            "# as the primary group for all file activity.\n"
+            "# This includes the various directories set below.\n"
+            "force user=%s\n"
             "private dir=%s\n"
             "interfaces=127.0.0.1\n"
             "bind interfaces only=yes\n"
@@ -871,6 +876,7 @@ static int slirp_smb(SlirpState* s, const char *exported_dir,
             "read only=no\n"
             "guest ok=yes\n"
             "force user=%s\n",
+            passwd->pw_name,
             s->smb_dir,
             s->smb_dir,
             s->smb_dir,
-- 
2.25.4


^ permalink raw reply related	[flat|nested] 7+ messages in thread

* Re: [PATCH] net/slirp: Fix incorrect permissions on samba >= 2.0.5
  2021-02-23  2:41 [PATCH] net/slirp: Fix incorrect permissions on samba >= 2.0.5 Niklas Hambüchen
@ 2021-03-19  2:16 ` Niklas Hambüchen
  2021-04-30 16:48 ` Laurent Vivier
  2021-04-30 17:29 ` Peter Maydell
  2 siblings, 0 replies; 7+ messages in thread
From: Niklas Hambüchen @ 2021-03-19  2:16 UTC (permalink / raw)
  To: qemu-devel; +Cc: qemu-stable, qemu-trivial

On 2/23/21 3:41 AM, Niklas Hambüchen wrote:
> This broke `-net user,smb=/path/to/folder`:

Hey, just a short ping on whether anyone would have a moment to review this `qemu-trivial` patch; it would be very nice to have SMB support to work out of the box again.

Thanks!


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH] net/slirp: Fix incorrect permissions on samba >= 2.0.5
  2021-02-23  2:41 [PATCH] net/slirp: Fix incorrect permissions on samba >= 2.0.5 Niklas Hambüchen
  2021-03-19  2:16 ` Niklas Hambüchen
@ 2021-04-30 16:48 ` Laurent Vivier
  2021-04-30 16:51   ` Samuel Thibault
  2021-04-30 17:29 ` Peter Maydell
  2 siblings, 1 reply; 7+ messages in thread
From: Laurent Vivier @ 2021-04-30 16:48 UTC (permalink / raw)
  To: Niklas Hambüchen, qemu-devel
  Cc: qemu-trivial, Samuel Thibault, qemu-stable

CC: +Samuel

Le 23/02/2021 à 03:41, Niklas Hambüchen a écrit :
> As the added commend and `man smb.conf` explain, starting
> with that samba version, `force user` must be configured
> in `[global]` in order to access the configured `smb_dir`.
> 
> This broke `-net user,smb=/path/to/folder`:
> 
> The `chdir` into e.g. `/run/user/0/qemu-smb.DCZ8Y0` failed.
> In verbose logs, this manifested as:
> 
>     [..., effective(65534, 65534), real(65534, 0)] /source3/smbd/service.c:159(chdir_current_service)
>       chdir (/run/user/0) failed, reason: Permission denied
> 
>     [..., effective(65534, 65534), real(65534, 0)] /source3/smbd/service.c:167(chdir_current_service)
>       chdir (/run/user/0) failed, reason: Permission denied
> 
>     [..., effective(65534, 65534), real(65534, 0)] /source3/smbd/uid.c:448(change_to_user_internal)
>       change_to_user_internal: chdir_current_service() failed!
> 
> This commit fixes it by setting the `[global]` force user to
> the user that owns the directories `smbd` needs to access.
> 
> Signed-off-by: Niklas Hambüchen <mail@nh2.me>
> ---
>  net/slirp.c | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/net/slirp.c b/net/slirp.c
> index be914c0be0..82387bdb19 100644
> --- a/net/slirp.c
> +++ b/net/slirp.c
> @@ -850,6 +850,11 @@ static int slirp_smb(SlirpState* s, const char *exported_dir,
>      }
>      fprintf(f,
>              "[global]\n"
> +            "# In Samba 2.0.5 and above the 'force user' parameter\n"
> +            "# also causes the primary group of the forced user to be used\n"
> +            "# as the primary group for all file activity.\n"
> +            "# This includes the various directories set below.\n"
> +            "force user=%s\n"
>              "private dir=%s\n"
>              "interfaces=127.0.0.1\n"
>              "bind interfaces only=yes\n"
> @@ -871,6 +876,7 @@ static int slirp_smb(SlirpState* s, const char *exported_dir,
>              "read only=no\n"
>              "guest ok=yes\n"
>              "force user=%s\n",
> +            passwd->pw_name,
>              s->smb_dir,
>              s->smb_dir,
>              s->smb_dir,
> 



^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH] net/slirp: Fix incorrect permissions on samba >= 2.0.5
  2021-04-30 16:48 ` Laurent Vivier
@ 2021-04-30 16:51   ` Samuel Thibault
  0 siblings, 0 replies; 7+ messages in thread
From: Samuel Thibault @ 2021-04-30 16:51 UTC (permalink / raw)
  To: Laurent Vivier
  Cc: Niklas Hambüchen, qemu-trivial, qemu-devel, qemu-stable

Laurent Vivier, le ven. 30 avril 2021 18:48:29 +0200, a ecrit:
> CC: +Samuel

I don't know the smb code at all.

> Le 23/02/2021 à 03:41, Niklas Hambüchen a écrit :
> > As the added commend and `man smb.conf` explain, starting
> > with that samba version, `force user` must be configured
> > in `[global]` in order to access the configured `smb_dir`.
> > 
> > This broke `-net user,smb=/path/to/folder`:
> > 
> > The `chdir` into e.g. `/run/user/0/qemu-smb.DCZ8Y0` failed.
> > In verbose logs, this manifested as:
> > 
> >     [..., effective(65534, 65534), real(65534, 0)] /source3/smbd/service.c:159(chdir_current_service)
> >       chdir (/run/user/0) failed, reason: Permission denied
> > 
> >     [..., effective(65534, 65534), real(65534, 0)] /source3/smbd/service.c:167(chdir_current_service)
> >       chdir (/run/user/0) failed, reason: Permission denied
> > 
> >     [..., effective(65534, 65534), real(65534, 0)] /source3/smbd/uid.c:448(change_to_user_internal)
> >       change_to_user_internal: chdir_current_service() failed!
> > 
> > This commit fixes it by setting the `[global]` force user to
> > the user that owns the directories `smbd` needs to access.
> > 
> > Signed-off-by: Niklas Hambüchen <mail@nh2.me>
> > ---
> >  net/slirp.c | 6 ++++++
> >  1 file changed, 6 insertions(+)
> > 
> > diff --git a/net/slirp.c b/net/slirp.c
> > index be914c0be0..82387bdb19 100644
> > --- a/net/slirp.c
> > +++ b/net/slirp.c
> > @@ -850,6 +850,11 @@ static int slirp_smb(SlirpState* s, const char *exported_dir,
> >      }
> >      fprintf(f,
> >              "[global]\n"
> > +            "# In Samba 2.0.5 and above the 'force user' parameter\n"
> > +            "# also causes the primary group of the forced user to be used\n"
> > +            "# as the primary group for all file activity.\n"
> > +            "# This includes the various directories set below.\n"
> > +            "force user=%s\n"
> >              "private dir=%s\n"
> >              "interfaces=127.0.0.1\n"
> >              "bind interfaces only=yes\n"
> > @@ -871,6 +876,7 @@ static int slirp_smb(SlirpState* s, const char *exported_dir,
> >              "read only=no\n"
> >              "guest ok=yes\n"
> >              "force user=%s\n",
> > +            passwd->pw_name,
> >              s->smb_dir,
> >              s->smb_dir,
> >              s->smb_dir,
> > 
> 


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH] net/slirp: Fix incorrect permissions on samba >= 2.0.5
  2021-02-23  2:41 [PATCH] net/slirp: Fix incorrect permissions on samba >= 2.0.5 Niklas Hambüchen
  2021-03-19  2:16 ` Niklas Hambüchen
  2021-04-30 16:48 ` Laurent Vivier
@ 2021-04-30 17:29 ` Peter Maydell
  2021-04-30 18:19   ` Niklas Hambüchen
  2 siblings, 1 reply; 7+ messages in thread
From: Peter Maydell @ 2021-04-30 17:29 UTC (permalink / raw)
  To: Niklas Hambüchen; +Cc: QEMU Trivial, QEMU Developers, qemu-stable

On Tue, 23 Feb 2021 at 05:06, Niklas Hambüchen <mail@nh2.me> wrote:
>
> As the added commend and `man smb.conf` explain, starting
> with that samba version, `force user` must be configured
> in `[global]` in order to access the configured `smb_dir`.
>
> This broke `-net user,smb=/path/to/folder`:
>
> The `chdir` into e.g. `/run/user/0/qemu-smb.DCZ8Y0` failed.
> In verbose logs, this manifested as:
>
>     [..., effective(65534, 65534), real(65534, 0)] /source3/smbd/service.c:159(chdir_current_service)
>       chdir (/run/user/0) failed, reason: Permission denied
>
>     [..., effective(65534, 65534), real(65534, 0)] /source3/smbd/service.c:167(chdir_current_service)
>       chdir (/run/user/0) failed, reason: Permission denied
>
>     [..., effective(65534, 65534), real(65534, 0)] /source3/smbd/uid.c:448(change_to_user_internal)
>       change_to_user_internal: chdir_current_service() failed!
>
> This commit fixes it by setting the `[global]` force user to
> the user that owns the directories `smbd` needs to access.
>
> Signed-off-by: Niklas Hambüchen <mail@nh2.me>
> ---
>  net/slirp.c | 6 ++++++
>  1 file changed, 6 insertions(+)
>
> diff --git a/net/slirp.c b/net/slirp.c
> index be914c0be0..82387bdb19 100644
> --- a/net/slirp.c
> +++ b/net/slirp.c
> @@ -850,6 +850,11 @@ static int slirp_smb(SlirpState* s, const char *exported_dir,
>      }
>      fprintf(f,
>              "[global]\n"
> +            "# In Samba 2.0.5 and above the 'force user' parameter\n"
> +            "# also causes the primary group of the forced user to be used\n"
> +            "# as the primary group for all file activity.\n"
> +            "# This includes the various directories set below.\n"
> +            "force user=%s\n"
>              "private dir=%s\n"
>              "interfaces=127.0.0.1\n"
>              "bind interfaces only=yes\n"
> @@ -871,6 +876,7 @@ static int slirp_smb(SlirpState* s, const char *exported_dir,
>              "read only=no\n"
>              "guest ok=yes\n"
>              "force user=%s\n",
> +            passwd->pw_name,
>              s->smb_dir,
>              s->smb_dir,
>              s->smb_dir,
> --
> 2.25.4

If we add 'force user=whoever' to the [global] section, is it then
unnecessary to also specify it in the [qemu] section ?

thanks
-- PMM


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH] net/slirp: Fix incorrect permissions on samba >= 2.0.5
  2021-04-30 17:29 ` Peter Maydell
@ 2021-04-30 18:19   ` Niklas Hambüchen
  2021-12-06 18:25     ` Niklas Hambüchen
  0 siblings, 1 reply; 7+ messages in thread
From: Niklas Hambüchen @ 2021-04-30 18:19 UTC (permalink / raw)
  To: Peter Maydell; +Cc: QEMU Developers, qemu-stable, QEMU Trivial

On 4/30/21 7:29 PM, Peter Maydell wrote:
> If we add 'force user=whoever' to the [global] section, is it then
> unnecessary to also specify it in the [qemu] section ?

I believe it is, yes.

Source: https://www.samba.org/~ab/output/htmldocs/manpages-3/smb.conf.5.html#id2506183

> All S parameters can also be specified in the [global] section - in which case they will define the default behavior for all services.

And `force user (S)` in those docs is an "S parameter".

My patch does not remove the one in [qemu] because I found it somewhat nice to have the settings for "who owns management dirs like 'locks'" and "who owns the files inside the [qemu] share" both be stated explicitly.
It makes it a bit more obvious what's going on.


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH] net/slirp: Fix incorrect permissions on samba >= 2.0.5
  2021-04-30 18:19   ` Niklas Hambüchen
@ 2021-12-06 18:25     ` Niklas Hambüchen
  0 siblings, 0 replies; 7+ messages in thread
From: Niklas Hambüchen @ 2021-12-06 18:25 UTC (permalink / raw)
  To: QEMU Developers, qemu-stable, QEMU Trivial; +Cc: Peter Maydell

Hey all,

just checking on an update. It would be great if this could be included in the coming/next QEMU release.

Cheers!
Niklas


^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2021-12-06 18:28 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-23  2:41 [PATCH] net/slirp: Fix incorrect permissions on samba >= 2.0.5 Niklas Hambüchen
2021-03-19  2:16 ` Niklas Hambüchen
2021-04-30 16:48 ` Laurent Vivier
2021-04-30 16:51   ` Samuel Thibault
2021-04-30 17:29 ` Peter Maydell
2021-04-30 18:19   ` Niklas Hambüchen
2021-12-06 18:25     ` Niklas Hambüchen

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.