Indulis Bernsteins
2001-Nov-06 23:56 UTC
Problem with GID being set to UID for Samba 2.2.2
Hi,
Just downloaded the latest SAMBA, and (after a couple of "learning
experiences" :-) it is sorta working on my home network. A laptop with
win95, and a server with RedHat 7.1 (Intel).
But there's this one little problem, the GID for a recognised user is
being set to an unknown group. It looks like the GID is being set to be
equal to the UID, or it is being set to the user's *original* GID (which
samba has cached away somewhere).
My user (pbabern) tries to access a share on the samba server- pbabern can
read/write OK in a directory which is owned by pbabern, but cannot write
in a directory that is *not* owned by pbabern, even though UNIX group
permissions let pbabern write when I try the same write operation from the
UNIX shell.
This is the situation:
- directory /mnt/d is owned by uid=indulis, gid=user, has rwxrwxr-x
permissions
- user pbabern has primary group=user, but as a samba user cannot
create anything in directory /mnt/d (permissions error), but *can* create
a file in a directory owned by pbabern (but the file has the wrong gid).
- user pbabern originally had a primary gid=501, but I deleted the
group and made a new group 502 (user), and made this pbabern's primary
group
- when samba client pbabern creates a file in a directory where
pbabern is the owner, the gid is set to 501 (=uid=original primary group)
I have smbd and nmbd both started from xinetd.conf, and refreshed xinetd
after each change (just to be sure).
Is this a bug, or am I missing something? Does samba look anywhere outside
of /etc/passwd and /etc/group to figure out what GID should be set for a
specific UID? Was GID=501 stored away somewhere inside samba the first
time user pbabern accessed the share?
I have enclosed the relevant bits of traces etc below, where the trace
shows smbd setting the gid to an invalid value of 501. Other
configuration stuff too...
Thanks!
Indulis
======================snip snip snip ===========================... the output
of ls showing a file "touched" by samba user pbabern (New
Folder), and a file "touched" by
pbabern as a UNIX user (unix_touch). where did gid=501 come from?!?!...
it does not exist on my system-
see /etc/group below taken at the same time as the problem!
total 3
drwxr-xr-x 2 pbabern 501 1024 Nov 4 18:05 Desktop
drwxr-xr-x 2 pbabern 501 1024 Nov 7 11:34 New Folder
drwxr-xr-x 2 pbabern user 1024 Nov 7 11:40 smb_prob
-rw-r--r-- 1 pbabern user 0 Nov 7 11:42 unix_touch
======================snip snip snip ===========================/etc/group
root:x:0:root
bin:x:1:root,bin,daemon
daemon:x:2:root,bin,daemon
sys:x:3:root,bin,adm
adm:x:4:root,adm,daemon
tty:x:5:
disk:x:6:root
lp:x:7:daemon,lp
mem:x:8:
kmem:x:9:
wheel:x:10:root
mail:x:12:mail
news:x:13:news
uucp:x:14:uucp
man:x:15:
games:x:20:
gopher:x:30:
dip:x:40:
ftp:x:50:
nobody:x:99:
users:x:100:
floppy:x:19:
nscd:x:28:
slocate:x:21:
utmp:x:22:
mailnull:x:47:
ident:x:98:
rpc:x:32:
rpcuser:x:29:
xfs:x:43:
gdm:x:42:
postgres:x:26:
apache:x:48:
named:x:25:
indulis:x:500:
user:x:502:indulis,pbabern
======================snip snip snip ===========================/etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:
daemon:x:2:2:daemon:/sbin:
adm:x:3:4:adm:/var/adm:
lp:x:4:7:lp:/var/spool/lpd:
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:
news:x:9:13:news:/var/spool/news:
uucp:x:10:14:uucp:/var/spool/uucp:
operator:x:11:0:operator:/root:
games:x:12:100:games:/usr/games:
gopher:x:13:30:gopher:/usr/lib/gopher-data:
ftp:x:14:50:FTP User:/var/ftp:
nobody:x:99:99:Nobody:/:
nscd:x:28:28:NSCD Daemon:/:/bin/false
mailnull:x:47:47::/var/spool/mqueue:/dev/null
ident:x:98:98:pident user:/:/bin/false
rpc:x:32:32:Portmapper RPC user:/:/bin/false
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/bin/false
xfs:x:43:43:X Font Server:/etc/X11/fs:/bin/false
gdm:x:42:42::/home/gdm:/bin/bash
postgres:x:26:26:PostgreSQL Server:/var/lib/pgsql:/bin/bash
apache:x:48:48:Apache:/var/www:/bin/false
named:x:25:25:Named:/var/named:/bin/false
indulis:x:500:500:Indulis Bernsteins:/home/indulis:/bin/bash
pbabern:x:501:502::/home/pbabern:/bin/bash
======================snip snip snip ===========================My very thick
smb.conf file.
# Samba config file created using SWAT
# from batfink.21Chouse.com (127.0.0.1)
# Date: 2001/11/07 10:35:45
# Global parameters
[global]
workgroup = TEST
log level = 6
[pbabern]
comment = %U home directory
writeable = yes
valid users = pbabern
path = %H
[d]
comment = batfink D drive
valid users = pbabern
writeable = yes
path = /mnt/d
read only = No
[e]
comment = batfink E drive
writeable = yes
path = /mnt/e
read only = No
[f]
comment = batfink F drive
writeable = yes
path = /mnt/f
read only = No
======================snip snip snip ============================
Anthony J. Breeds-Taurima
2001-Nov-07 00:20 UTC
Problem with GID being set to UID for Samba 2.2.2
On Wed, 7 Nov 2001, Indulis Bernsteins wrote:> But there's this one little problem, the GID for a recognised user is > being set to an unknown group. It looks like the GID is being set to be > equal to the UID, or it is being set to the user's *original* GID (which > samba has cached away somewhere).in /etc/passwd. See below.> ======================snip snip snip ===========================> /etc/passwd<snip>> indulis:x:500:500:Indulis Bernsteins:/home/indulis:/bin/bash > pbabern:x:501:502::/home/pbabern:/bin/bash^^^^^ This is why the GID is being set. Thats what its s'posed to do :) If you want to set a users primary group do it in /etc/passwd. secondary groups are done in /etc/group> [pbabern] > comment = %U home directory > writeable = yes > valid users = pbabern > path = %HUnrelated but try using the "[homes]" share: [homes] comment = %U Home Directory browseable = no writable = yes Then any user on the system will automagically have one.> [d]<snip>> [e]<snip>> [f]<snip> On all of the add a: force group = users man 5 smb.conf /force group Yours Tony. /* * "The significant problems we face cannot be solved at the * same level of thinking we were at when we created them." * --Albert Einstein */
Indulis Bernsteins
2001-Nov-07 02:17 UTC
Problem with GID being set to UID for Samba 2.2.2
Tony- thanks for the quick reply, but it probably doesn't solve the problem (I will try the force group=users tonight at home but that still won't explain where samba is getting nonexistent gid of 501 from.. 501 is not a group in my /etc/group file!)>On Wed, 7 Nov 2001, Indulis Bernsteins wrote:>> indulis:x:500:500:Indulis Bernsteins:/home/indulis:/bin/bash >> pbabern:x:501:502::/home/pbabern:/bin/bash^^^^^ This is why the GID is being set. Thats what its s'posed>to do :)The GID should be set by Samba to 502 not 501, and it is being set to 501 in samba according to the logs.>If you want to set a users primary group do it in /etc/passwd. secondary >groups are done in /etc/groupYep understand & agree... but if you look at the "ls" output which I attached, you can see that the uid:gid for "New Folder" created by pbabern as a samba client has an owner:gid of pbabern:501 *NOT* 502!!! (i.e. group 501 is not recognised by the system, & as it is not in /etc/group it doesn't print a group name!). Here is the "ls" again total 3 drwxr-xr-x 2 pbabern 501 1024 Nov 4 18:05 Desktop drwxr-xr-x 2 pbabern 501 1024 Nov 7 11:34 New Folder drwxr-xr-x 2 pbabern user 1024 Nov 7 11:40 smb_prob -rw-r--r-- 1 pbabern user 0 Nov 7 11:42 unix_touch ...and from the sbmd log file smbd/uid.c:become_user(201) become_user uid=(0,501) gid=(0,501) ^^^ ^^^ should be 502 according to /etc/passwd I created "New Folder" after I had deleted group 501, changed user pbabern to be in primary group 502 (as per the /etc/passwd), and kicked xinetd in the HUPs to force a daemon refresh (JIC). unix_touch was created after "New Folder", by Linux root after su - pbabern, then touch unix_touch. I don't understand where 501 is coming from, gid=502 is what I *want* it to do! Is there anything that samba does that would cause it to cache gid=501 for user pbabern? I can bodge my ownerships on the directories to make it work, but I'm trying to understand where samba is getting gid=501 from, when group 501 has been exterminated from the system. An interesting puzzle! Cheers, Indulis (in Perth) PS maybe it is the Jean Genie... the so-called "Bowie Effect"? PPS wanted to do a better joke tying together disintegration of group 501, the bugs bunny martian, spiders from mars, and 501 jeans but at this time of the day I'm witted out -------------- next part -------------- HTML attachment scrubbed and removed
Indulis Bernsteins
2001-Nov-07 18:19 UTC
Problem with GID being set to UID for Samba 2.2.2
OK the problem was that the smb daemons still had the uid/gid mappings cached away somewhere from the first connection attempt. I went home and tried it again (machines rebooted in the meantime) and all was OK (yay!). I suspect this was due to my using xinetd to start the daemons... I'll probably switch back to starting them as daemons 'cos the Redhat configuration files have about a gadzillion spots (+-10E6) where samba daemons are started this way. Of course, having compiled the source and got samba running now I need to either manually replace all of the SMB files scattered across the RH directories, or get an RPM (or learn how to put together my own RPM!). So, bug or not bug, I don't know, but certainly behaviour I didn't expect, and I don't think is as good as it can be. Then again, a normal UNIX user's goup list is only read in at the time when that instance of the shell is started, so maybe it is not too unreasonable. If I knew what I had to do to get the uid->gid mappings reread it would help. I may experiment a bit and report back here... Thansk to everyone for the help! Indulis -------------- next part -------------- HTML attachment scrubbed and removed
Or just forget RPMs all together and live a better life. V Indulis Bernsteins wrote: Of course, having> compiled the source and got samba running now I need > to either manually replace all of the SMB files > scattered across the RH directories, or get an RPM > (or learn how to put together my own RPM!).