[Bug 1939968] Re: Directory traversal permission not respected even with noperm

Joel Low 1939968 at bugs.launchpad.net
Sun Aug 15 06:32:14 UTC 2021 

(I've tried to figure out how to attach an `ubuntu-bug` report, but
since this isn't exactly a bug with a specific program, I don't know
what to do in that circumstance. Guidance would be much appreciated.)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cifs-utils in Ubuntu.
https://bugs.launchpad.net/bugs/1939968

Title:
  Directory traversal permission not respected even with noperm

Status in cifs-utils package in Ubuntu:
  New

Bug description:
  I'm trying to mount a Samba share on an Ubuntu system. Both server and
  client are Ubuntu machines. On the server, the directory shared (outer
  directory) belongs to a user different from mine, but the owner of the
  outer directory has granted everyone traverse permission (chmod 0711,
  basically) to access an inner directory, of which I have been given
  read access (using setfacl, rx permission).

  When I am running as myself locally on the server, I can access the
  inner directory. I can also do so logging in as myself from a Windows
  machine and accessing the inner directory. However, when accessing the
  inner directory via an Ubuntu client, I get permission denied even
  with `noperm` set (but expected this to succeed, exactly like the
  Windows client.)

  I have tried to distil this down into a reproduce script which can be
  run on a single machine:

  # Install dependencies
  sudo apt install --yes samba cifs-utils
  sudo smbpasswd -a $USER # Add a password

  # Set up shares
  mkdir ~/samba
  sudo mkdir -p ~/samba/outer/inner
  sudo chmod 0711  ~/samba/outer ~/samba/outer/inner
  sudo setfacl -m u:$USER:rx ~/samba/outer/inner
  cat <<-SAMBA | sudo tee -a /etc/samba/smb.conf
  [test]
   path = $HOME/samba
   browseable = yes
   read only = no
   guest ok = no
  SAMBA
  sudo systemctl restart smbd nmbd

  # Mount the share
  sudo mkdir /media/$USER
  sudo chown $USER /media/$USER
  mkdir /media/$USER/samba
  sudo mount //localhost/test /media/$USER/samba -t cifs -o vers=3.1.1,user=$USER,noperm

  # Test local access
  ls -la ~/samba ~/samba/outer ~/samba/outer/inner # ~/samba lists fine, ~/samba/outer Permission denied, ~/samba/outer/inner lists fine.

  # Test mount access
  ls -la /media/$USER/samba /media/$USER/samba/outer /media/$USER/samba/outer/inner # /media/$USER/samba lists fine, others Permission denied (inner should have listed fine)

  # On a Windows machine
  net use T: \\<ip>\test /User:$USER *
  dir T:\ # OK
  dir T:\outer # File not found
  dir T:\outer\inner # OK

  I have run this script on a fresh Ubuntu 21.04 desktop install and
  observed this behaviour. However, the trigger for this investigation
  was observed on an Ubuntu 20.04.2 server install (both server and
  client).

  lsb_release -rd: Ubuntu 21.04
  uname -srv: Linux 5.11.0-25-generic #27-Ubuntu SMP Fri Jul 9 23:06:29 UTC 2021
  cifs-utils package version: 2:6.11-1ubuntu1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cifs-utils/+bug/1939968/+subscriptions

More information about the foundations-bugs mailing list