Jonathan M. Prigot
2006-Jul-06 21:35 UTC
[Samba] Periodic rogue 3.0.22 smbd's eating system
I have three users whose smbd processes will suddenly go rogue and start sucking up CPU time. It isn't guaranteed that every time they log in, that their process goes rogue, but it happens a lot. At that time I see that those smbd processes have an effective UID of the person's username, and a real UID of root. Everyone else's is always EUID root and UID root. I haven't a clue how to attack this. Suggestions? -- Jonathan M. Prigot Brigham and Women's Hospital 900 Commonwealth Ave., East Boston, MA 02215-1213 617-278-0794
On Thu, Jul 06, 2006 at 04:35:28PM -0400, Jonathan M. Prigot wrote:> I have three users whose smbd processes will suddenly go rogue and start > sucking up CPU time. It isn't guaranteed that every time they log in, that > their process goes rogue, but it happens a lot. At that time I see that those > smbd processes have an effective UID of the person's username, and a real UID > of root. Everyone else's is always EUID root and UID root. > > I haven't a clue how to attack this. Suggestions?Do an strace on the process, see what system calls it's doing. Folling that, attach to a spinning process with gdb and get a stack backtrace using the "bt" command. Post both to the list please. Also you need to be very specific about what Samba version on what platform. Jeremy.