At 04:06 PM 2/15/2006, Craig White wrote:
On Wed, 2006-02-15 at 14:42 -0600, Gerald (Jerry) Carter wrote:
> Don Meyer wrote:
> > At 08:24 AM 2/15/2006, Gerald (Jerry) Carter wrote:
> >> Oliver Schulze L. wrote:
> >> > Hi,
> >> > I use CentOS4 (RHEL4) and it seems that I was using /var/lib/samba
> >> > for storing the .tdb files. Then I compilled the fedora .src.rpm from
> >> > samba.org
> >> > and it points now to /var/cache/samba
> >>
> >> This was a mistake introduced into the RPM specfile during a
> >> recent set of merges. When it was realized, the 3.0.21b-1 rpm was
> >> pulled from samba.org and a new set of RPMs posted. The tdb files
> >> should live in /var/lib/samba/
> >
> > Actually, stock RHEL4 rpms for their 3.0.10-1.4E.2 version use
> > /var/cache/samba/.
> >
> > Does this change in the packaging reflect a "sea change" towards use of
> > /var/lib/samba/ for the future? (I.E. Can we "expect" future
> > RHEL-distributed packagings to adopt use of /var/lib/samba/ as well?)
>
> IMO. They should have always been in /var/lib/samba/.
> I can't guess what RedHat would do, but SuSE and most other
> distros I can think of use /var/lib/samba/. You could
> probably check the stock Fedora RPMs and see what they use. IIRC
> they are using /var/lib/samba/ as well.
----
if this helps...
# ls -l /var/cache/samba/
total 72
-rw------- 1 root root 8192 Jun 8 2004 gencache.tdb
-rw------- 1 root root 696 Feb 14 2005 messages.tdb
-rw------- 1 root root 696 Feb 14 2005 netsamlogon_cache.tdb
-rw------- 1 root root 20172 Feb 14 2005 winbindd_cache.tdb
-rw-r--r-- 1 root root 8192 Feb 14 2005 winbindd_idmap.tdb
drwxr-x--- 2 root root 4096 May 2 2005 winbindd_privileged
# uname -a
Linux lin-workstation.azapple.com 2.6.15-1.1830_FC4 #1 Thu Feb 2
17:23:41 EST 2006 i686 athlon i386 GNU/Linux
# cat /etc/redhat-release
Fedora Core release 4 (Stentz)
Craig
FWIW:
To get winbind working under the base RHEL4 packages (3.0.10-1.4E.2),
I had to modify the SELinux configuration slightly:
with package "selinux-policy-targeted-sources" installed, add these
two lines to /etc/selinux/targeted/src/policy/domains/misc/local.te:
allow winbind_t etc_t:file write;
allow winbind_t samba_etc_t:file write;
followed by:
]# cd /etc/selinux/targeted/src/policy
]# make load
When I built and installed the 3.0.21b-3 packages under RHEL4, the
switch to using /var/lib/samba/ from /var/cache/samba/ resulted in a
whole mess of SELinux AVC errors. And a completely non-functional winbindd...
To fix, I had to to two things:
1) again modify the SELinux configuration by adding the following
lines to /etc/selinux/targeted/src/policy/domains/misc/local.te:
allow winbind_t etc_t:file write;
allow winbind_t samba_etc_t:file write;
allow winbind_t initrc_t:process { signal signull };
allow winbind_t initrc_var_run_t:file { lock read };
allow winbind_t var_lib_t: dir { search };
... and another "make load" like above...
(Not sure whether the /var/lib/samba/ change directly caused the need
for lines 3,4 -- could have been some other change that made that
necessary. Line 5, though, is obviously due to this change.)
2) I also needed to execute a chcon to change the SELinux labeling on
the /var/lib/samba/ directory that was created during the
installation. The installation picked up the default labeling of
"var_lib_t" from the parent /var/lib/ directory. To allow things to
work properly under SELinux enforcing, and without wholesale opening
of anything labeled "var_lib_t" to just about all forms of access
from winbind_t, I used chcon to relabel the /var/lib/samba/ directory
to use the same labeling as /var/cache/samba/ had:
]# chcon -R -t samba_var_t /var/lib/samba
I also needed to fix the labeling on /var/lib/samba/winbindd_privileged/ :
]# chcon -R -t winbind_var_run_t /var/lib/samba/winbindd_privileged
Given these necessary changes, perhaps changing back to
/var/cache/samba/ for RHEL4 builds might be prudent...
Cheers,
-D
Don Meyer <[EMAIL PROTECTED]>
Network Manager, ACES Academic Computing Facility
Technical System Manager, ACES TeleNet System
UIUC College of ACES, Information Technology and Communication Services
"They that can give up essential liberty to obtain a little
temporary safety,
deserve neither liberty or safety." -- Benjamin Franklin, 1759
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
