Re: [zones-discuss] Starting Samba in Open Solaris Non Global Zone

Mon, 17 Aug 2009 19:48:01 -0700 

Wes Mauer wrote:

OpenSolaris 0609.
I've managed to get Samba installed in a non global zone, but it will not start. 

If you truss smbd, I expect that this is failing due to a
missing privilege:


# truss -f /usr/sfw/sbin/smbd
...
15231:  so_socket(PF_INET, SOCK_STREAM, IPPROTO_IP, 0x00000000,
SOV_DEFAULT) = 1
9
15231:  setsockopt(19, SOL_SOCKET, SO_REUSEADDR, 0xFFBFE86C, 4,
SOV_DEFAULT) = 0
15231:  bind(19, 0xFFBFE870, 16, SOV_SOCKBSD)           Err#13 EACCES
[sys_smb]


The integrated CIFS server project made running a server
on port 445 (which CIFS uses) a privileged operation - the
process needs to have PRIV_SYS_SMB (see privileges(5)).
Samba knows how to operate with this privilege, but the
privilege is not in the default set that is considered
safe in a zone.  You can adjust the zone config to get
this to work - here's an example:


# zonecfg -z internal
zonecfg:internal> info limitpriv
limitpriv:
default,file_downgrade_sl,file_upgrade_sl,sys_trans_label,win_colormap,win_config,win_dac_read,win_dac_write,win_devices,win_fontpath,win_mac_read,win_mac_write,win_selection
zonecfg:internal> set
limitpriv=default,file_downgrade_sl,file_upgrade_sl,sys_trans_label,win_colormap,win_config,win_dac_read,win_dac_write,win_devices,win_fontpath,win_mac_read,win_mac_write,win_selection,sys_smb
zonecfg:internal> info limitpriv
limitpriv:
default,file_downgrade_sl,file_upgrade_sl,sys_trans_label,win_colormap,win_config,win_dac_read,win_dac_write,win_devices,win_fontpath,win_mac_read,win_mac_write,win_selection,sys_smb


Rob T
_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org






















					Reply via email to