TNG "no locking available" error, HP/UX

nazard at dragoninc.on.ca nazard at dragoninc.on.ca
Thu Mar 30 05:42:41 GMT 2000


On 30 Mar, Luke Kenneth Casson Leighton wrote:
> hi gregory,
> 
> regarding the requirement to run ./configure on a local filesystem, to
> check locking, that's just the way it is.  it's that way in cvs main, it's
> that way in 2_0.
> 
> this makes it clear that you cannot expect to run samba off of a non-local
> file system, for example putting var/locks/ or private/ on a non-local
> file system, i'm sorry: that is just a really dumb thing to do.
> 
> have samba accessing private/smbpasswd over nfs???
> 
> apart from the security implications, it will also result in
> inconsistencies in the smbpasswd file because locking over nfs may not
> work correctly.
> 
> i've seen it happen... :)
> 
> now, as for installing the binaries on a non-root file system, that's
> different.

That's just silly. The whole point of the test is to determine if the
system supports a functional locking system. The filesystem you are
compiling on (even the machine) has no bearing on where the software is
actually installed/run. At minimum there should be a configure option
on where to run the tests.

Some people do have fully functional NFS locking. If they want to share
some files over NFS that's fine. Of course some of us use LDAP which is
even more insecure (all information in plaintext, including bind
password).

If there are security concerns, they need to be documented because they
extend beyond the compilation stage. If someone wants a spare project,
they should write a util to look for potential security issues in an
installation. Some common protocol issues are solved simply by having a
secured network.

Of course, everyone's needs differ :-)

-- 
Doug Nazar
Dragon Computer Consultants Inc.
Tel: (416) 708-1578     Fax: (416) 708-8081



More information about the samba-ntdom mailing list