UNIX File Ownership with Samba preexec

Doug VanLeuven ldx at ibm.net
Thu Sep 2 23:03:00 GMT 1999 

I have AIX 4.2.1 running samba 2.05a
I added this line to profile share
 root preexec = echo \"%U %a\">/tmp/smb.root
and got this when I connected
-rw-rw-rw-   1 root     system         3 Sep 02 15:18 smb.root
contents:
"doug WinNT"
nobody is special user in AIX that has really no priviliges
nobody:!:4294967294:4294967294::/:

We don't serve 95 profiles on the AIX, but another network does.
Linux 2.0.36, Redhat 5.2, samba 2.0.5a
added to profile share
 root preexec = echo \"%U %a\">/tmp/smb.root
got
-rw-rw-rw-   1 root     root           13 Sep  2 15:37 smb.root
contents:
"doug Win95"

I'm sorry I can't be more help than to show non-NIS results.  We don't use NIS.
But if %U is being passed as nobody, then it probably is NIS at fault.

Burt Avery wrote:

> Hi:
>
> On our AIX 4.2.1 server we are running the two daemons that constitute
> Samba 2.0.5a, smbd and nmbd. As I understand the situation the smbd daemon
> is expected to run a UNIX script for the user when user makes an attachment
> to the Samba server, ie, establishes an SMB session with the Samba server
> from the user's Win 98 station and attempts to login to the domain. There
> is a statement in smb.conf such as:
>
>    root preexec = /usr/local/samba/bin/buildprofiles %U %a
>
> Using this root preexec command, I attempt to build the necessary profile
> directories for the user in /lv6/users/samba_profiles/<username>/Win95,
> assign ownership to the user, and assign the dir and file permissions that
> will allow the user to store Win profiles and registry. The directories are
> built but they are owned by user nobody and group sys.
>
> In my humble experience using Digital UNIX i never encountered a username
> nobody. Does it have a special significance to the way AIX controls Samba?
>
> I guess my "root" question is:  should the smbd daemon be running as root
> and should it be able to assign ownership of the directory
> /lv6/users/samba_profiles/<username> to <username>?
>
> Have I run afoul of NIS security in some fashion?
>
> Any help GREATLY appreciated,
> -ba-
>
> Burt Avery
> Computer Systems Engineer
> LSP
> Department of Biomedical Engineering
> University of Virginia
> Charlottesville, VA 22908
> 804-924-9813

-- Doug VanLeuven - 707-545-6933 (voice) 707-545-6945 (fax)
Chief Engineer, USMM roamdad at ibm.net
Programmer/Analyst, SCWA doug at scwa.ca.gov

More information about the samba-ntdom mailing list