asai at globalchangemusic.org
2015-Jan-27 17:13 UTC
[Samba] Permissions Changing on BIND, Causing Samba Trouble
Greetings, For whatever reason, the BIND server running on our Samba AD instance changes permissions on /var/lib/samba/private/ldapi and /var/lib/samba/private to root:root, and causes all kinds of trouble. If I change the permissions back to named:root, it works fine. But after about 3 or 4 weeks it will revert back to root:root. How do I prevent this from happening in the future? Thanks. Asai
L.P.H. van Belle
2015-Jan-28 08:20 UTC
[Samba] Permissions Changing on BIND, Causing Samba Trouble
your permissions are set wrong.
I dont know your OS, but this is what i use on debian.
read this part of my script and adapt what you need for your OS.
for debian user "named" = bind
permdir=$(stat -c %a "/var/lib/samba/private")
if [ "$permdir" = "755" ]; then
echo "/var/lib/samba/private permissions are 755, which is
ok."
else
echo "enable-ing access for bind in /var/lib/samba/private"
chmod 755 /var/lib/samba/private
fi
permfile=$(stat -c %G "/var/lib/samba/private/dns.keytab")
if [ "$permdir" = "bind" ]; then
echo "Group bind is already set on
/var/lib/samba/private/dns.keytab"
else
echo "enable-ing access for bind in /var/lib/samba/private"
chown root:bind /var/lib/samba/private/dns.keytab
fi
and for debian :
dpkg-statoverride --add root bind 755 /var/lib/samba/private
dpkg-statoverride --add root bind 640 /var/lib/samba/private/dns.keytab
and your set.
Greetz,
Louis
>-----Oorspronkelijk bericht-----
>Van: asai at globalchangemusic.org
>[mailto:samba-bounces at lists.samba.org] Namens
>asai at globalchangemusic.org
>Verzonden: dinsdag 27 januari 2015 18:14
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] Permissions Changing on BIND, Causing Samba Trouble
>
>
>
>Greetings,
>
>For whatever reason, the BIND server running on our Samba AD instance
>changes permissions on /var/lib/samba/private/ldapi and
>/var/lib/samba/private to root:root, and causes all kinds of
>trouble. If
>I change the permissions back to named:root, it works fine. But after
>about 3 or 4 weeks it will revert back to root:root. How do I prevent
>this from happening in the future?
>
>Thanks.
>
>Asai
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/options/samba
>
>
Thank you, I have changed permissions on them and hopefully that will help, but in my experience, even if I have permissions set to 777 it still will change ownership and stop working. How can this happen with 777 permissions? On 1/28/15 1:20 AM, L.P.H. van Belle wrote:> your permissions are set wrong. > > I dont know your OS, but this is what i use on debian. > read this part of my script and adapt what you need for your OS. > > for debian user "named" = bind > > > permdir=$(stat -c %a "/var/lib/samba/private") > if [ "$permdir" = "755" ]; then > echo "/var/lib/samba/private permissions are 755, which is ok." > else > echo "enable-ing access for bind in /var/lib/samba/private" > chmod 755 /var/lib/samba/private > fi > > permfile=$(stat -c %G "/var/lib/samba/private/dns.keytab") > if [ "$permdir" = "bind" ]; then > echo "Group bind is already set on /var/lib/samba/private/dns.keytab" > else > echo "enable-ing access for bind in /var/lib/samba/private" > chown root:bind /var/lib/samba/private/dns.keytab > fi > > > and for debian : > dpkg-statoverride --add root bind 755 /var/lib/samba/private > dpkg-statoverride --add root bind 640 /var/lib/samba/private/dns.keytab > > and your set. > > > Greetz, > > Louis > > > >> -----Oorspronkelijk bericht----- >> Van: asai at globalchangemusic.org >> [mailto:samba-bounces at lists.samba.org] Namens >> asai at globalchangemusic.org >> Verzonden: dinsdag 27 januari 2015 18:14 >> Aan: samba at lists.samba.org >> Onderwerp: [Samba] Permissions Changing on BIND, Causing Samba Trouble >> >> >> >> Greetings, >> >> For whatever reason, the BIND server running on our Samba AD instance >> changes permissions on /var/lib/samba/private/ldapi and >> /var/lib/samba/private to root:root, and causes all kinds of >> trouble. If >> I change the permissions back to named:root, it works fine. But after >> about 3 or 4 weeks it will revert back to root:root. How do I prevent >> this from happening in the future? >> >> Thanks. >> >> Asai >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> >>-- --asai