Rowland Penny
2024-Feb-01 09:16 UTC
[Samba] Error: Failed to open share info database /var/lib/samba/share_info.tdb
On Thu, 01 Feb 2024 08:58:29 +0100 Bestattungen Vitt - Thomas Reitelbach via samba <samba at lists.samba.org> wrote:> Hello people, > > on my way to implement a new file server for my enterprise I stumble > over a problem which I never had before with older samba versions and > this _might_ be a new unaddressed bug in samba. First some details > regarding my environment: > > ------- > OS: Debian bookworm (12) > Samba-Version: stock debian 4.17.12 (also tried 4.19.4 from backports > with no luck) > Environment: Samba configured as member server in an existing > environment > smb.conf (see end of my mail for better readability): > ------- > > As you can see in my smb.conf I have a share named "Users" which will > hold users personal data later on. As per the recommendations in the > samba wiki I have to set share permissions on it (see > https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs#Setting_Share_Permissions_and_ACLs) > and THIS does not work. > When I try to set share permissions (not the security tab, I really > talk about the tab "share permission") my settings are not stored in > any way but reverted immediately after cliking "ok". Samba log spits > out the following message: > > Feb 01 08:20:19 fs1 rpcd_classic[600]: [2024/02/01 08:20:19.721212, > 0] source3/lib/sharesec.c:161(share_info_db_init) > Feb 01 08:20:19 fs1 rpcd_classic[600]: Failed to open share info > database /var/lib/samba/share_info.tdb (Keine Berechtigung) > > "Keine Berechtigung" means "no permission" or "access denied". These > are the permissions on the file: > root at fs1:/var/lib/samba# ls -la share_info.tdb > -rwx------ 1 root root 421888 1. Feb 08:20 share_info.tdb > > Now I tried just for testing to set permissions 777 on this file an > et voila, share permissions are beeing stored without any error. > > I have found a bug on bugzilla which looks similar but with a > different topic - but maybe the reason for the bug might be the same: > https://bugzilla.samba.org/show_bug.cgi?id=15265 > > Now we are at the point where I need your help to identify the cause > for my problem: > a) is it wrong file system permissions on the file, so I should blame > debian package maintainers to correct it? > b) is there a bug similar to bug no. 15265 as stated above, so I > would open a new bug on samba bugzilla > c) is it may fault because I have made a configuration error, so I > would blame myself and ask you kindly for a hint into the right > direction ... > > Thank you in advance for your advice :) > ThomasYou may be correct about the reason, but using 'become_root()' isn't really a good idea (in my opinion), it possibly might lead to another attack vector. What I cannot understand is why you feel you need to alter the 'share' tab, I never have. It is always (in my experience) set to just 'EVERYONE' with 'Allow' Full Control, Change and Read permissions. The tab you need to change is the 'Security' tab and the wiki page tells you this. Rowland
Bestattungen Vitt - Thomas Reitelbach
2024-Feb-01 09:27 UTC
[Samba] Error: Failed to open share info database /var/lib/samba/share_info.tdb
Thanks Rowland, Am 01.02.2024 10:16, schrieb Rowland Penny via samba:> On Thu, 01 Feb 2024 08:58:29 +0100 > Bestattungen Vitt - Thomas Reitelbach via samba <samba at lists.samba.org> > wrote:>> I have found a bug on bugzilla which looks similar but with a >> different topic - but maybe the reason for the bug might be the same: >> https://bugzilla.samba.org/show_bug.cgi?id=15265 >> >> Now we are at the point where I need your help to identify the cause >> for my problem: >> a) is it wrong file system permissions on the file, so I should blame >> debian package maintainers to correct it? >> b) is there a bug similar to bug no. 15265 as stated above, so I >> would open a new bug on samba bugzilla >> c) is it may fault because I have made a configuration error, so I >> would blame myself and ask you kindly for a hint into the right >> direction ... >> >> Thank you in advance for your advice :) >> Thomas > > You may be correct about the reason, but using 'become_root()' isn't > really a good idea (in my opinion), it possibly might lead to another > attack vector.For sure it might be a attack vector, I'm with you here.> What I cannot understand is why you feel you need to alter the 'share' > tab, I never have. It is always (in my experience) set to just > 'EVERYONE' with 'Allow' Full Control, Change and Read permissions. > > The tab you need to change is the 'Security' tab and the wiki page > tells you this.The reason for setting the share permissions here is the recommendation in the wiki, sorry I forgot to include a second link in my initial post: https://wiki.samba.org/index.php/Windows_User_Home_Folders#Setting_up_the_Share_on_the_Samba_File_Server I'm following this wiki howto to setup the "Users" Share. This share should be used for folder redirection later to hold users personal data. As I'm no windows expert I am unsure if I _really_ need those share permissions or not. Anyway, using the Security Tab is working as expected. Just for information: I have a very old self-compiled samba 4.6.4 running on a different server. Just to be sure I tested the permissions tab settings on a share hosted on this server and it works flawlessly. share_info.tdb also has 700 permissions like my brand new debian. Cheers Thomas -- Bestattungen Vitt oHG Inhaber Willi & Thomas Reitelbach Rochusstra?e 176 53123 Bonn-Duisdorf Registergericht: Amtsgericht Bonn, HRA 7958 Facebook: http://www.facebook.de/bestattungenvitt Gedenkportal: http://begleiten.bestattungen-vitt.de Internet: http://www.bestattungen-vitt.de Telefon: 0228 - 62 68 68 Fax: 0228 - 978 30 36