Bug 44305
| Summary: | samba-tool ntacl sysvolcheck traceback due to /var/lib/samba/netlogon | ||
|---|---|---|---|
| Product: | UCS | Reporter: | Arvid Requate <requate> |
| Component: | Samba4 | Assignee: | Lukas Oyen <oyen> |
| Status: | CLOSED FIXED | QA Contact: | Felix Botner <botner> |
| Severity: | normal | ||
| Priority: | P5 | CC: | best, botner, gohmann |
| Version: | UCS 4.2 | ||
| Target Milestone: | UCS 4.2-2-errata | ||
| Hardware: | Other | ||
| OS: | Linux | ||
| See Also: |
https://forge.univention.org/bugzilla/show_bug.cgi?id=44876 https://forge.univention.org/bugzilla/show_bug.cgi?id=44282 |
||
| What kind of report is it?: | Bug Report | What type of bug is this?: | 5: Major Usability: Impairs usability in key scenarios |
| Who will be affected by this bug?: | 1: Will affect a very few installed domains | How will those affected feel about the bug?: | 3: A User would likely not purchase the product |
| User Pain: | 0.086 | Enterprise Customer affected?: | |
| School Customer affected?: | ISV affected?: | ||
| Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
| Ticket number: | Bug group (optional): | ||
| Max CVSS v3 score: | |||
| Bug Depends on: | |||
| Bug Blocks: | 44876, 47710 | ||
| Attachments: | 0001-Bug-44305-remove-netlogon-from-samba-tool-ntacl-sysv.patch | ||
Seems to be ucs-school specific Created attachment 9192 [details]
0001-Bug-44305-remove-netlogon-from-samba-tool-ntacl-sysv.patch
This occurs, as ucs-school sets the UCR variable `samba/share/netlogon/path=/var/lib/samba/netlogon`. /var/lib/samba/netlogon does not have the xattr `security.NTACL` set, and the samba-tool function `provision.setsysvolacl()` (used in `samba-tool ntacl sysvolreset` and provisioning) does not set the NTACLs for the netlogon path, so sysvolcheck fails.
This does not happen in a default UCS setup, as the UCR variable `samba/share/netlogon/path` is unset, and the netlogon path defaults to '/var/lib/samba/sysvol/<realm>/scripts' which is underneath the sysvol path and therefore recursively handled by `provision.setsysvolacl()`.
The attached patch removes netlogon from sysvolcheck (committed as r17667)
YAML: 8f751b9
OK - sysvolcheck (ignores netlogon) OK - samba.yaml |
On a UCS@school singlemaster samba-tool ntacl sysvolcheck aborts with a traceback while checking the NTACLs of /var/lib/samba/netlogon : === ERROR(<type 'exceptions.TypeError'>): uncaught exception - (61, 'No data available') File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run return self.run(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 270, in run lp) File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1732, in checksysvolacl fsacl = getntacl(lp, dir_path, direct_db_access=direct_db_access, service=SYSVOL_SERVICE) File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 82, in getntacl xattr.XATTR_NTACL_NAME) === We should patch samba-tool ntacl sysvolcheck to *only* check the sysvol