Re: [PATCH] net/slirp: Fix incorrect permissions on samba >= 2.0.5

Fri, 30 Apr 2021 10:56:42 -0700 

On Tue, 23 Feb 2021 at 05:06, Niklas Hambüchen <m...@nh2.me> wrote:
>
> As the added commend and `man smb.conf` explain, starting
> with that samba version, `force user` must be configured
> in `[global]` in order to access the configured `smb_dir`.
>
> This broke `-net user,smb=/path/to/folder`:
>
> The `chdir` into e.g. `/run/user/0/qemu-smb.DCZ8Y0` failed.
> In verbose logs, this manifested as:
>
>     [..., effective(65534, 65534), real(65534, 0)] 
> /source3/smbd/service.c:159(chdir_current_service)
>       chdir (/run/user/0) failed, reason: Permission denied
>
>     [..., effective(65534, 65534), real(65534, 0)] 
> /source3/smbd/service.c:167(chdir_current_service)
>       chdir (/run/user/0) failed, reason: Permission denied
>
>     [..., effective(65534, 65534), real(65534, 0)] 
> /source3/smbd/uid.c:448(change_to_user_internal)
>       change_to_user_internal: chdir_current_service() failed!
>
> This commit fixes it by setting the `[global]` force user to
> the user that owns the directories `smbd` needs to access.
>
> Signed-off-by: Niklas Hambüchen <m...@nh2.me>
> ---
>  net/slirp.c | 6 ++++++
>  1 file changed, 6 insertions(+)
>
> diff --git a/net/slirp.c b/net/slirp.c
> index be914c0be0..82387bdb19 100644
> --- a/net/slirp.c
> +++ b/net/slirp.c
> @@ -850,6 +850,11 @@ static int slirp_smb(SlirpState* s, const char 
> *exported_dir,
>      }
>      fprintf(f,
>              "[global]\n"
> +            "# In Samba 2.0.5 and above the 'force user' parameter\n"
> +            "# also causes the primary group of the forced user to be used\n"
> +            "# as the primary group for all file activity.\n"
> +            "# This includes the various directories set below.\n"
> +            "force user=%s\n"
>              "private dir=%s\n"
>              "interfaces=127.0.0.1\n"
>              "bind interfaces only=yes\n"
> @@ -871,6 +876,7 @@ static int slirp_smb(SlirpState* s, const char 
> *exported_dir,
>              "read only=no\n"
>              "guest ok=yes\n"
>              "force user=%s\n",
> +            passwd->pw_name,
>              s->smb_dir,
>              s->smb_dir,
>              s->smb_dir,
> --
> 2.25.4

If we add 'force user=whoever' to the [global] section, is it then
unnecessary to also specify it in the [qemu] section ?

thanks
-- PMM

Reply via email to