Comment 7 for bug 2009858

Hello Marc,

Permissions are right, see:

root@xx-xxx:~# su - administrador
administrador@xx-xxx:~$ cd /home/administrador/Compartida
administrador@xx-xxx:~/Compartida$ ls -la -tr -d /home/administrador/Compartida /home/administrador /home /
drwxr-xr-x 20 root root 4096 jul 13 2021 /
drwxr-xr-x 5 root root 4096 jun 9 2022 /home
drwxr-x--- 7 administrador administrador 4096 mar 10 13:19 /home/administrador
drwxr-xr-x 3 administrador administrador 4096 mar 10 16:00 /home/administrador/Compartida

..also without name resolution:

administrador@xx-xxx:~/Compartida$ ls -la -tr -d -n /home/administrador/Compartida /home/administrador /home /
drwxr-xr-x 20 0 0 4096 jul 13 2021 /
drwxr-xr-x 5 0 0 4096 jun 9 2022 /home
drwxr-x--- 7 1000 1000 4096 mar 10 13:19 /home/administrador
drwxr-xr-x 3 1000 1000 4096 mar 10 16:00 /home/administrador/Compartida

You can traverse without problems using "administrador" user (uid 1000).

It is also confirmed with strace a few lines before failing:

setresuid(0, 0, -1) = 0
geteuid() = 0
geteuid() = 0
getegid() = 0
setgroups(8, [1000, 4, 24, 27, 30, 46, 116, 65534]) = 0
setresgid(-1, 1000, -1) = 0
getegid() = 1000
setresuid(1000, 1000, -1) = 0
geteuid() = 1000
chdir("/home/administrador/Compartida") = 0
stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat("/home/administrador/Compartida", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
getcwd("/home/administrador/Compartida", 4096) = 31
getcwd("/home/administrador/Compartida", 4096) = 31
openat(AT_FDCWD, ".", O_RDONLY|O_NOFOLLOW|O_PATH|O_DIRECTORY) = 13
fstat(13, {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
getcwd("/home/administrador/Compartida", 4096) = 31
openat(AT_FDCWD, ".", O_RDONLY|O_NOFOLLOW|O_PATH|O_DIRECTORY) = 44
fstat(44, {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
openat(AT_FDCWD, "/proc/self/fd/13", O_RDONLY|O_DIRECTORY) = -1 EACCES (Permiso denegado)
close(13) = 0
fcntl(26, F_SETLK, {l_type=F_WRLCK, l_whence=SEEK_SET, l_start=36528, l_len=1}) = 0
fcntl(26, F_SETLKW, {l_type=F_UNLCK, l_whence=SEEK_SET, l_start=36528, l_len=1}) = 0
close(44)

See how two openat succeeded before failure. Call to setuid also confirm running user for those openat calls:

getcwd("/home/administrador/Compartida", 4096) = 31
openat(AT_FDCWD, ".", O_RDONLY|O_NOFOLLOW|O_PATH|O_DIRECTORY) = 13
...
getcwd("/home/administrador/Compartida", 4096) = 31
openat(AT_FDCWD, ".", O_RDONLY|O_NOFOLLOW|O_PATH|O_DIRECTORY) = 44
...

For some reason, it calls to self open fd/13 and fails with permission denied:

openat(AT_FDCWD, "/proc/self/fd/13", O_RDONLY|O_DIRECTORY) = -1 EACCES (Permiso denegado)

...however, it is not clear if that failure is connected with top level failure NT_STATUS_ACCESS_DENIED).

What I can confirm is that no other error appears during strace session while getting a NT_STATUS_ACCESS_DENIED listing with smbclient, and also, downgrading packages as indicated resolves the issue without changing anything.