Hi all Recently i noticed that upon starting the samba4 'samba' daemon, that it changes the group ownership of the socket for ntpd to *staff* $ls -l /usr/local/samba/var/lib/ntp_signd/ total 0 srwxrwxrwx 1 root *staff* 0 May 6 16:35 socket The documentation says it needs to be *ntp*.... (FYI: i'm running this on debian wheezy) I have just added ntp to group staff, but that seems like a workaround... -- Michael De Groote ICT-coordinator Sint-Pietersschool Korbeek-Lo ICT-support Sancta Maria Basisschool Leuven
Hi Michael,> > Recently i noticed that upon starting the samba4 'samba' daemon, that it > changes the group ownership of the socket for ntpd to *staff* > > $ls -l /usr/local/samba/var/lib/ntp_signd/ > total 0 > srwxrwxrwx 1 root *staff* 0 May 6 16:35 socket > > > The documentation says it needs to be *ntp*.... > > (FYI: i'm running this on debian wheezy) > > I have just added ntp to group staff, but that seems like a workaround...I had to do the same on each new install for some time. I guess that it must work out of the box on some other distrib than debian. It is a pitty that samba4 didn't make it in the wheezy release. Fortunatly the build system is very neat and compilation is quite easy anyway. Cheers, Denis>-- Denis Cardon Tranquil IT Systems Les Espaces Jules Verne, b?timent A 12 avenue Jules Verne 44230 Saint S?bastien sur Loire tel : +33 (0) 2.40.97.57.55 http://www.tranquil-it-systems.fr
On Mon, 2013-05-06 at 17:15 +0200, Michael De Groote wrote:> Hi all > > Recently i noticed that upon starting the samba4 'samba' daemon, that it > changes the group ownership of the socket for ntpd to *staff* > > $ls -l /usr/local/samba/var/lib/ntp_signd/ > total 0 > srwxrwxrwx 1 root *staff* 0 May 6 16:35 socket > > > The documentation says it needs to be *ntp*.... > > (FYI: i'm running this on debian wheezy) > > I have just added ntp to group staff, but that seems like a workaround...I don't know why this is happening. I've examined the code, and it does not change the group ID, it only creates the directory, forcing the uid. Indeed, the same code is using for the winbind privileged pipe, which is likewise deliberately designed so that you can set the group to a specific group for use by squid et al. In this case the group is meant to be 'ntp' to allow only NTP access to the pipe. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org