git-server-git.apps.pok.os.sepia.ceph.com Git

author	Anoop C S <anoopcs@cryptolab.net>
	Fri, 11 Jul 2025 12:30:51 +0000 (18:00 +0530)
committer	Adam King <adking@redhat.com>
	Fri, 25 Jul 2025 15:10:07 +0000 (11:10 -0400)
commit	91189a20e15ab12c7d51db3cb04a151883f7ba01
tree	23278f30b8cdfefd3be936a68959b4c904c818a4	tree \| snapshot
parent	8638bf768f47a7970f8d41415914d199816c61e5	commit \| diff

cephadm: Bind mount /var/lib/samba with 0755

To start with, all this while, `testparm -s` used to spit out the
following lines:

. . .
WARNING: state directory /var/lib/samba should have permissions 0755
for browsing to work
WARNING: cache directory /var/lib/samba should have permissions 0755
for browsing to work
. . .

Putting aside security sensitive stuff like secrets.tdb inside state
directory, others by design are expected to be accessed by configured
samba users and thus permissions differ between the directory and its
contents. With 0770 we denied the access for others and in certain
scenarios this denial resulted in real world problems like failure to
close file handles and other not so obvious return statuses.

Going by the design and corresponding warning emitted by the `testparm`
tool, it is safe and correct to change the mode from 0770 to 0755 while
preparing lib-samba bind mount for /var/lib/samba.

Fixes: https://tracker.ceph.com/issues/72089
Signed-off-by: Anoop C S <anoopcs@cryptolab.net>
(cherry picked from commit 50db194bc478a2f017541fae6a84efea2f4eb39a)