Hello,
I have a strange problem affecting samba-3.0.10-1.4E.12.2 on a Red Hat
Enterprise Linux AS release 4 system.
We have a multi-domain configuration here at University of Verona
(Italy). We use Samba as PDC for several faculties. Each faculty has its
own daemon instance and its own smb config file:
[root@ldapvr1 ~]# ls /etc/samba/smb.*
/etc/samba/smb.conf /etc/samba/smb.giurisprudenza.conf
/etc/samba/smb.medicina.conf
/etc/samba/smb.economia.conf /etc/samba/smb.labfac.conf
/etc/samba/smb.motorie.conf
/etc/samba/smb.erasmus.conf /etc/samba/smb.lettere.conf
/etc/samba/smb.scienze.conf
/etc/samba/smb.formazione.conf /etc/samba/smb.lingue.conf
/etc/samba/smb.template.conf
[root@ldapvr1 ~]#
the problem is that sometimes we have one of the daemons running as the
'nobody' user ID or, worse, as normal user. Extract of a 'ps
uax' command:
root 6018 0.0 0.1 11416 2816 ? S 12:44 0:00
/usr/sbin/smbd_motorie -D -s /etc/samba/smb.motorie.conf -l
/var/log/samba/motorie
vr002419 6090 0.0 0.1 11820 2960 ? S 12:47 0:00
/usr/sbin/smbd_economia -D -s /etc/samba/smb.economia.conf -l
/var/log/samba/economia
root 6091 0.0 0.1 11556 2940 ? S 12:47 0:00
/usr/sbin/smbd_economia -D -s /etc/samba/smb.economia.conf -l
/var/log/samba/economia
nobody 6093 0.0 0.1 11412 2152 ? S 12:47 0:00
/usr/sbin/smbd_economia -D -s /etc/samba/smb.economia.conf -l
/var/log/samba/economia
root 6106 0.0 0.0 5628 632 pts/2 R+ 12:47 0:00 grep smb
as you can see, process 6090 runs as user ID vr002419, while process
6093 runs as 'nobody'. User IDs are provided by an external LDAP server.
I'm just a deputy sysadmin for this server (the Big Guy's on holiday),
and I must admit I don't have much experience with Samba. I searched the
docs but I didn't find any reference to this behaviour.
Any hints on how to fix this situation?
Thanks a lot,
Guido
--
Guido Gonzato, Ph.D. <guido dot gonzato at univr dot it> - Sysadmin
Universita' di Verona (Italy), Servizi Informatici di Ateneo
Via S. Francesco 22, 37129 Verona (Italy)
"If you think education is expensive, try ignorance."
-- Derek Bok
On Fri, 2008-02-15 at 13:42 +0100, Guido Gonzato wrote:> Hello, > > I have a strange problem affecting samba-3.0.10-1.4E.12.2 on a Red Hat > Enterprise Linux AS release 4 system. > > We have a multi-domain configuration here at University of Verona > (Italy). We use Samba as PDC for several faculties. Each faculty has its > own daemon instance and its own smb config file: > > [root@ldapvr1 ~]# ls /etc/samba/smb.* > /etc/samba/smb.conf /etc/samba/smb.giurisprudenza.conf > /etc/samba/smb.medicina.conf > /etc/samba/smb.economia.conf /etc/samba/smb.labfac.conf > /etc/samba/smb.motorie.conf > /etc/samba/smb.erasmus.conf /etc/samba/smb.lettere.conf > /etc/samba/smb.scienze.conf > /etc/samba/smb.formazione.conf /etc/samba/smb.lingue.conf > /etc/samba/smb.template.conf > [root@ldapvr1 ~]# > > the problem is that sometimes we have one of the daemons running as the > 'nobody' user ID or, worse, as normal user. Extract of a 'ps uax' command: > > root 6018 0.0 0.1 11416 2816 ? S 12:44 0:00 > /usr/sbin/smbd_motorie -D -s /etc/samba/smb.motorie.conf -l > /var/log/samba/motorie > vr002419 6090 0.0 0.1 11820 2960 ? S 12:47 0:00 > /usr/sbin/smbd_economia -D -s /etc/samba/smb.economia.conf -l > /var/log/samba/economia > root 6091 0.0 0.1 11556 2940 ? S 12:47 0:00 > /usr/sbin/smbd_economia -D -s /etc/samba/smb.economia.conf -l > /var/log/samba/economia > nobody 6093 0.0 0.1 11412 2152 ? S 12:47 0:00 > /usr/sbin/smbd_economia -D -s /etc/samba/smb.economia.conf -l > /var/log/samba/economia > root 6106 0.0 0.0 5628 632 pts/2 R+ 12:47 0:00 grep smb > > as you can see, process 6090 runs as user ID vr002419, while process > 6093 runs as 'nobody'. User IDs are provided by an external LDAP server. > > I'm just a deputy sysadmin for this server (the Big Guy's on holiday), > and I must admit I don't have much experience with Samba. I searched the > docs but I didn't find any reference to this behaviour. > > Any hints on how to fix this situation? > Thanks a lot, > GuidoSamba switches to the authenticated user to perform file system operations, so that the kernel can enforce the proper access control. Can you be more specific and tell what problem exactly you have? Ciao, Simo. -- Simo Sorce Samba Team GPL Compliance Officer <simo@samba.org> Senior Software Engineer at Red Hat Inc. <ssorce@redhat.com>
Possibly Parallel Threads
- Fwd: samba_dnsupdate failed with RuntimeError: kinit for SMB4ECONOMIA$@ECONOMIA failed (Cannot contact any KDC for requested realm)
- samba_dnsupdate failed with RuntimeError: kinit for SMB4ECONOMIA$@ECONOMIA failed (Cannot contact any KDC for requested realm)
- samba_dnsupdate failed with RuntimeError: kinit for SMB4ECONOMIA$@ECONOMIA failed (Cannot contact any KDC for requested realm)
- Fwd: Fwd: samba_dnsupdate failed with RuntimeError: kinit for SMB4ECONOMIA$@ECONOMIA failed (Cannot contact any KDC for requested realm)
- PreparaciĆ³n de datos