There were some delete-on-close problems. Not sure if this was caused by that...
On Tue, Nov 11, 2014 at 5:38 PM, Andrew Martin <[email protected]> wrote: > ----- Original Message ----- >> From: "Marcel Telka" <[email protected]> >> To: "Discussion list for OpenIndiana" <[email protected]> >> Sent: Tuesday, November 11, 2014 2:31:55 PM >> Subject: Re: [OpenIndiana-discuss] ZFS ACLs - Cannot Write Microsoft Office >> Files over CIFS >> >> I'm not sure it is related, but you might want to look at this: >> >> https://github.com/Nexenta/illumos-nexenta/commit/f360b07ec371df666ee6bb29182e387f57c948f7 >> > Marcel, > > Thanks, this looks promising! I am not sure if the version of smb/server that > I am running > has this patch, though I suspect it does not. I'll look into it. > > I've also been capturing activity with Wireshark to see if I can narrow this > down further: > > In a successful save, I can see Word doing the following: > * create a temporary file D92B1D52.tmp, write some data to it > * chown D92B1D52.tmp to the same owner as the actual docx (NT SET SECURITY > DESC), may fail > with STATUS_INVALID_OWNER but this doesn't seem to be a problem > * request the ACLs on the parent directory via NT QUERY SECURITY DESC > * set the ACLs on D92B1D52.tmp > ** Everyone - access allowed > ** Domain Users - access allowed > * close D92B1D52.tmp > * mv the docx to 11E1292B.tmp > * mv D92B1D52.tmp to the docx filename > * set (new) docx file owner and ACLs: > ** Everyone - access allowed > ** Domain Users - access allowed > * open 11E1292B.tmp and set the "delete on close" flag > * close 11E1292B.tmp, thus deleting it > > In a failed save: > * create a temporary file CE21CDFD.tmp, write some data to it > * attempt to chown CE21CDFD.tmp to the same owner as the actual docx (NT SET > SECURITY DESC), > fails with STATUS_INVALID_OWNER > * request the ACLs on the parent dir (NT QUERY SECURITY DESC), fails with > STATUS_NONE_MAPPED > * close CE21CDFD.tmp > * open CE21CDFD.tmp and set the "delete on close" flag > * close CE21CDFD.tmp, thus deleting it > > It appears that Word creates a temporary file in the same directory, writes > some data > to it, and then tries to query the ACLs of the parent directory. If it cannot > query the > parent directory's ACLs (STATUS_NONE_MAPPED), it then aborts and fails the > save. > > Note that the ACLs on the parent directory are: > 0:owner@:list_directory/read_data/add_file/write_data/add_subdirectory > /append_data/read_xattr/write_xattr/execute/delete_child > /read_attributes/write_attributes/delete/read_acl/write_acl > /write_owner/synchronize:dir_inherit:allow > 1:owner@:list_directory/read_data/add_file/write_data/add_subdirectory > /append_data/read_xattr/write_xattr/delete_child/read_attributes > /write_attributes/delete/read_acl/write_acl/write_owner > /synchronize:file_inherit/inherit_only:allow > 2:group:Domain Users:list_directory/read_data/add_file/write_data > /add_subdirectory/append_data/read_xattr/write_xattr/execute > /delete_child/read_attributes/write_attributes/delete/read_acl > /write_acl/write_owner/synchronize:dir_inherit:allow > 3:group:Domain Users:list_directory/read_data/add_file/write_data > /add_subdirectory/append_data/read_xattr/write_xattr/delete_child > /read_attributes/write_attributes/delete/read_acl/write_acl > /write_owner/synchronize:file_inherit/inherit_only:allow > 4:group@:list_directory/read_data/read_xattr/execute/read_attributes > /read_acl/synchronize:dir_inherit:allow > 5:group@:list_directory/read_data/read_xattr/read_attributes/read_acl > /synchronize:file_inherit/inherit_only:allow > 6:everyone@:list_directory/read_data/add_file/write_data > /add_subdirectory/append_data/read_xattr/write_xattr/execute > /delete_child/read_attributes/write_attributes/delete/read_acl > /write_acl/write_owner/synchronize:dir_inherit:allow > 7:everyone@:list_directory/read_data/add_file/write_data > /add_subdirectory/append_data/read_xattr/write_xattr/execute > /delete_child/read_attributes/write_attributes/delete/read_acl > /write_acl/write_owner/synchronize:file_inherit/inherit_only:allow > > Oddly enough, if I look at the parent directory's permissions through the > Security > tab in Windows, it shows Domain users as only having these permissions: > List folder contents > Special permissions > > If I try to grant Domain Users "Full control", Windows fails with this error: > No Mapping between account names and security IDs was done > > Does this additional debug information help provide a clue to the source of > this problem? > > Thanks, > > Andrew > > _______________________________________________ > openindiana-discuss mailing list > [email protected] > http://openindiana.org/mailman/listinfo/openindiana-discuss _______________________________________________ openindiana-discuss mailing list [email protected] http://openindiana.org/mailman/listinfo/openindiana-discuss
