> From jdblair@frodo.tucc.uab.edu Wed Jan 28 10:52:13 1998
...> > We are running Samba 1.9.17p4 on Solaris 2.6.
> >
> > smbd and nmbd are spawned by inetd.
> >
> > Suddenly, 12 smbd processes were spawned belonging to a non-root user.
> >
> > Non-root users cannot login to this fileserver.
> >
> > Has anyone seen this? How can we prevent this?
>
> Who are they owned by? What do you mean that non-root users cannot login
> to this fileserver? Do you mean that all users log in as *root*? I'm
> assuming I'm misunderstanding you because this would be extremely
foolish.
This fileserver exports filesystems to trusted systems and
authenticates users who want to mount the filesystems via PC-NFS,
SMB, or other 3rd party packages. Users cannot actually login and
compute. The smbd process owner, stephen, was on an NT 4.0 system
and connecting to his home directory which is on the server.
Furthermore, when his system disconnected from the network, the smbd
processes remained.
Here is one of the process stack entries:
stephen 8474 167 0 Jan 26 ? 0:00 smbd -l /usr/local/samba/var/
log.server -s /usr/local/samba/lib/smb.server.
Here is one of the logged items in the log.smb file:
01/26/98 08:51:40 stephen opened file public_html/models/car.pov read=No write
=Yes (numopen=1 fnum=1)
01/26/98 08:51:40 stephen closed file public_html/models/car.pov (numopen=0)
>
> If you can describe what's going on in a little more detail I (or
someone
> else on the list) may be able to help.
>
> -john.
>
> ......................................................................
> . .
> .....John.D.Blair... mailto:jdblair@uab.edu phoneto:205.975.7123 .
> . http://frodo.tucc.uab.edu faxto:205.975.7129 .
> ..sys|net.admin.... .
> . the university computer center .....
> ..... g.e.e.k.n.i.k...the.university.of.alabama.at.birmingham....
>
>
>
Thanks.
Darcy