Indulis Bernsteins
2001-Nov-06 23:56 UTC
Problem with GID being set to UID for Samba 2.2.2
Hi, Just downloaded the latest SAMBA, and (after a couple of "learning experiences" :-) it is sorta working on my home network. A laptop with win95, and a server with RedHat 7.1 (Intel). But there's this one little problem, the GID for a recognised user is being set to an unknown group. It looks like the GID is being set to be equal to the UID, or it is being set to the user's *original* GID (which samba has cached away somewhere). My user (pbabern) tries to access a share on the samba server- pbabern can read/write OK in a directory which is owned by pbabern, but cannot write in a directory that is *not* owned by pbabern, even though UNIX group permissions let pbabern write when I try the same write operation from the UNIX shell. This is the situation: - directory /mnt/d is owned by uid=indulis, gid=user, has rwxrwxr-x permissions - user pbabern has primary group=user, but as a samba user cannot create anything in directory /mnt/d (permissions error), but *can* create a file in a directory owned by pbabern (but the file has the wrong gid). - user pbabern originally had a primary gid=501, but I deleted the group and made a new group 502 (user), and made this pbabern's primary group - when samba client pbabern creates a file in a directory where pbabern is the owner, the gid is set to 501 (=uid=original primary group) I have smbd and nmbd both started from xinetd.conf, and refreshed xinetd after each change (just to be sure). Is this a bug, or am I missing something? Does samba look anywhere outside of /etc/passwd and /etc/group to figure out what GID should be set for a specific UID? Was GID=501 stored away somewhere inside samba the first time user pbabern accessed the share? I have enclosed the relevant bits of traces etc below, where the trace shows smbd setting the gid to an invalid value of 501. Other configuration stuff too... Thanks! Indulis ======================snip snip snip ===========================... the output of ls showing a file "touched" by samba user pbabern (New Folder), and a file "touched" by pbabern as a UNIX user (unix_touch). where did gid=501 come from?!?!... it does not exist on my system- see /etc/group below taken at the same time as the problem! total 3 drwxr-xr-x 2 pbabern 501 1024 Nov 4 18:05 Desktop drwxr-xr-x 2 pbabern 501 1024 Nov 7 11:34 New Folder drwxr-xr-x 2 pbabern user 1024 Nov 7 11:40 smb_prob -rw-r--r-- 1 pbabern user 0 Nov 7 11:42 unix_touch ======================snip snip snip ===========================/etc/group root:x:0:root bin:x:1:root,bin,daemon daemon:x:2:root,bin,daemon sys:x:3:root,bin,adm adm:x:4:root,adm,daemon tty:x:5: disk:x:6:root lp:x:7:daemon,lp mem:x:8: kmem:x:9: wheel:x:10:root mail:x:12:mail news:x:13:news uucp:x:14:uucp man:x:15: games:x:20: gopher:x:30: dip:x:40: ftp:x:50: nobody:x:99: users:x:100: floppy:x:19: nscd:x:28: slocate:x:21: utmp:x:22: mailnull:x:47: ident:x:98: rpc:x:32: rpcuser:x:29: xfs:x:43: gdm:x:42: postgres:x:26: apache:x:48: named:x:25: indulis:x:500: user:x:502:indulis,pbabern ======================snip snip snip ===========================/etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin: daemon:x:2:2:daemon:/sbin: adm:x:3:4:adm:/var/adm: lp:x:4:7:lp:/var/spool/lpd: sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail: news:x:9:13:news:/var/spool/news: uucp:x:10:14:uucp:/var/spool/uucp: operator:x:11:0:operator:/root: games:x:12:100:games:/usr/games: gopher:x:13:30:gopher:/usr/lib/gopher-data: ftp:x:14:50:FTP User:/var/ftp: nobody:x:99:99:Nobody:/: nscd:x:28:28:NSCD Daemon:/:/bin/false mailnull:x:47:47::/var/spool/mqueue:/dev/null ident:x:98:98:pident user:/:/bin/false rpc:x:32:32:Portmapper RPC user:/:/bin/false rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/bin/false xfs:x:43:43:X Font Server:/etc/X11/fs:/bin/false gdm:x:42:42::/home/gdm:/bin/bash postgres:x:26:26:PostgreSQL Server:/var/lib/pgsql:/bin/bash apache:x:48:48:Apache:/var/www:/bin/false named:x:25:25:Named:/var/named:/bin/false indulis:x:500:500:Indulis Bernsteins:/home/indulis:/bin/bash pbabern:x:501:502::/home/pbabern:/bin/bash ======================snip snip snip ===========================My very thick smb.conf file. # Samba config file created using SWAT # from batfink.21Chouse.com (127.0.0.1) # Date: 2001/11/07 10:35:45 # Global parameters [global] workgroup = TEST log level = 6 [pbabern] comment = %U home directory writeable = yes valid users = pbabern path = %H [d] comment = batfink D drive valid users = pbabern writeable = yes path = /mnt/d read only = No [e] comment = batfink E drive writeable = yes path = /mnt/e read only = No [f] comment = batfink F drive writeable = yes path = /mnt/f read only = No ======================snip snip snip ============================
Anthony J. Breeds-Taurima
2001-Nov-07 00:20 UTC
Problem with GID being set to UID for Samba 2.2.2
On Wed, 7 Nov 2001, Indulis Bernsteins wrote:> But there's this one little problem, the GID for a recognised user is > being set to an unknown group. It looks like the GID is being set to be > equal to the UID, or it is being set to the user's *original* GID (which > samba has cached away somewhere).in /etc/passwd. See below.> ======================snip snip snip ===========================> /etc/passwd<snip>> indulis:x:500:500:Indulis Bernsteins:/home/indulis:/bin/bash > pbabern:x:501:502::/home/pbabern:/bin/bash^^^^^ This is why the GID is being set. Thats what its s'posed to do :) If you want to set a users primary group do it in /etc/passwd. secondary groups are done in /etc/group> [pbabern] > comment = %U home directory > writeable = yes > valid users = pbabern > path = %HUnrelated but try using the "[homes]" share: [homes] comment = %U Home Directory browseable = no writable = yes Then any user on the system will automagically have one.> [d]<snip>> [e]<snip>> [f]<snip> On all of the add a: force group = users man 5 smb.conf /force group Yours Tony. /* * "The significant problems we face cannot be solved at the * same level of thinking we were at when we created them." * --Albert Einstein */
Indulis Bernsteins
2001-Nov-07 02:17 UTC
Problem with GID being set to UID for Samba 2.2.2
Tony- thanks for the quick reply, but it probably doesn't solve the problem (I will try the force group=users tonight at home but that still won't explain where samba is getting nonexistent gid of 501 from.. 501 is not a group in my /etc/group file!)>On Wed, 7 Nov 2001, Indulis Bernsteins wrote:>> indulis:x:500:500:Indulis Bernsteins:/home/indulis:/bin/bash >> pbabern:x:501:502::/home/pbabern:/bin/bash^^^^^ This is why the GID is being set. Thats what its s'posed>to do :)The GID should be set by Samba to 502 not 501, and it is being set to 501 in samba according to the logs.>If you want to set a users primary group do it in /etc/passwd. secondary >groups are done in /etc/groupYep understand & agree... but if you look at the "ls" output which I attached, you can see that the uid:gid for "New Folder" created by pbabern as a samba client has an owner:gid of pbabern:501 *NOT* 502!!! (i.e. group 501 is not recognised by the system, & as it is not in /etc/group it doesn't print a group name!). Here is the "ls" again total 3 drwxr-xr-x 2 pbabern 501 1024 Nov 4 18:05 Desktop drwxr-xr-x 2 pbabern 501 1024 Nov 7 11:34 New Folder drwxr-xr-x 2 pbabern user 1024 Nov 7 11:40 smb_prob -rw-r--r-- 1 pbabern user 0 Nov 7 11:42 unix_touch ...and from the sbmd log file smbd/uid.c:become_user(201) become_user uid=(0,501) gid=(0,501) ^^^ ^^^ should be 502 according to /etc/passwd I created "New Folder" after I had deleted group 501, changed user pbabern to be in primary group 502 (as per the /etc/passwd), and kicked xinetd in the HUPs to force a daemon refresh (JIC). unix_touch was created after "New Folder", by Linux root after su - pbabern, then touch unix_touch. I don't understand where 501 is coming from, gid=502 is what I *want* it to do! Is there anything that samba does that would cause it to cache gid=501 for user pbabern? I can bodge my ownerships on the directories to make it work, but I'm trying to understand where samba is getting gid=501 from, when group 501 has been exterminated from the system. An interesting puzzle! Cheers, Indulis (in Perth) PS maybe it is the Jean Genie... the so-called "Bowie Effect"? PPS wanted to do a better joke tying together disintegration of group 501, the bugs bunny martian, spiders from mars, and 501 jeans but at this time of the day I'm witted out -------------- next part -------------- HTML attachment scrubbed and removed
Indulis Bernsteins
2001-Nov-07 18:19 UTC
Problem with GID being set to UID for Samba 2.2.2
OK the problem was that the smb daemons still had the uid/gid mappings cached away somewhere from the first connection attempt. I went home and tried it again (machines rebooted in the meantime) and all was OK (yay!). I suspect this was due to my using xinetd to start the daemons... I'll probably switch back to starting them as daemons 'cos the Redhat configuration files have about a gadzillion spots (+-10E6) where samba daemons are started this way. Of course, having compiled the source and got samba running now I need to either manually replace all of the SMB files scattered across the RH directories, or get an RPM (or learn how to put together my own RPM!). So, bug or not bug, I don't know, but certainly behaviour I didn't expect, and I don't think is as good as it can be. Then again, a normal UNIX user's goup list is only read in at the time when that instance of the shell is started, so maybe it is not too unreasonable. If I knew what I had to do to get the uid->gid mappings reread it would help. I may experiment a bit and report back here... Thansk to everyone for the help! Indulis -------------- next part -------------- HTML attachment scrubbed and removed
Or just forget RPMs all together and live a better life. V Indulis Bernsteins wrote: Of course, having> compiled the source and got samba running now I need > to either manually replace all of the SMB files > scattered across the RH directories, or get an RPM > (or learn how to put together my own RPM!).