Re: [Samba] ntp and samba4
On Tue, 2013-05-07 at 15:43 -0400, Michael Mol wrote: > On 05/07/2013 03:25 PM, Andrew Bartlett wrote: > > On Mon, 2013-05-06 at 17:15 +0200, Michael De Groote wrote: > >> Hi all > >> > >> Recently i noticed that upon starting the samba4 'samba' daemon, that it > >> changes the group ownership of the socket for ntpd to *staff* > >> > >> $ls -l /usr/local/samba/var/lib/ntp_signd/ > >> total 0 > >> srwxrwxrwx 1 root *staff* 0 May 6 16:35 socket > >> > >> > >> The documentation says it needs to be *ntp* > >> > >> (FYI: i'm running this on debian wheezy) > >> > >> I have just added ntp to group staff, but that seems like a workaround... > > > > I don't know why this is happening. I've examined the code, and it does > > not change the group ID, it only creates the directory, forcing the uid. > > > > Indeed, the same code is using for the winbind privileged pipe, which is > > likewise deliberately designed so that you can set the group to a > > specific group for use by squid et al. In this case the group is meant > > to be 'ntp' to allow only NTP access to the pipe. > > Could this be a namespace overlap? Perhaps the directory has the correct > GID, but when Samba spins up the lookup for GID->name goes through it, > and something samba is attached to already has a mapping for that GID. > > (I find it very odd to see asterisks around the group name in ls's > output, too...) Samba never sets the GID explicitly, but should be gid 0 at this point, so should be creating gid 0 files. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ntp and samba4
On 05/07/2013 03:25 PM, Andrew Bartlett wrote: > On Mon, 2013-05-06 at 17:15 +0200, Michael De Groote wrote: >> Hi all >> >> Recently i noticed that upon starting the samba4 'samba' daemon, that it >> changes the group ownership of the socket for ntpd to *staff* >> >> $ls -l /usr/local/samba/var/lib/ntp_signd/ >> total 0 >> srwxrwxrwx 1 root *staff* 0 May 6 16:35 socket >> >> >> The documentation says it needs to be *ntp* >> >> (FYI: i'm running this on debian wheezy) >> >> I have just added ntp to group staff, but that seems like a workaround... > > I don't know why this is happening. I've examined the code, and it does > not change the group ID, it only creates the directory, forcing the uid. > > Indeed, the same code is using for the winbind privileged pipe, which is > likewise deliberately designed so that you can set the group to a > specific group for use by squid et al. In this case the group is meant > to be 'ntp' to allow only NTP access to the pipe. Could this be a namespace overlap? Perhaps the directory has the correct GID, but when Samba spins up the lookup for GID->name goes through it, and something samba is attached to already has a mapping for that GID. (I find it very odd to see asterisks around the group name in ls's output, too...) signature.asc Description: OpenPGP digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ntp and samba4
On Mon, 2013-05-06 at 17:15 +0200, Michael De Groote wrote: > Hi all > > Recently i noticed that upon starting the samba4 'samba' daemon, that it > changes the group ownership of the socket for ntpd to *staff* > > $ls -l /usr/local/samba/var/lib/ntp_signd/ > total 0 > srwxrwxrwx 1 root *staff* 0 May 6 16:35 socket > > > The documentation says it needs to be *ntp* > > (FYI: i'm running this on debian wheezy) > > I have just added ntp to group staff, but that seems like a workaround... I don't know why this is happening. I've examined the code, and it does not change the group ID, it only creates the directory, forcing the uid. Indeed, the same code is using for the winbind privileged pipe, which is likewise deliberately designed so that you can set the group to a specific group for use by squid et al. In this case the group is meant to be 'ntp' to allow only NTP access to the pipe. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ntp and samba4
Hi Michael, Recently i noticed that upon starting the samba4 'samba' daemon, that it changes the group ownership of the socket for ntpd to *staff* $ls -l /usr/local/samba/var/lib/ntp_signd/ total 0 srwxrwxrwx 1 root *staff* 0 May 6 16:35 socket The documentation says it needs to be *ntp* (FYI: i'm running this on debian wheezy) I have just added ntp to group staff, but that seems like a workaround... I had to do the same on each new install for some time. I guess that it must work out of the box on some other distrib than debian. It is a pitty that samba4 didn't make it in the wheezy release. Fortunatly the build system is very neat and compilation is quite easy anyway. Cheers, Denis -- Denis Cardon Tranquil IT Systems Les Espaces Jules Verne, bâtiment A 12 avenue Jules Verne 44230 Saint Sébastien sur Loire tel : +33 (0) 2.40.97.57.55 http://www.tranquil-it-systems.fr -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
