smbwall

David Lee t.d.lee at durham.ac.uk
Mon Feb 4 16:37:33 GMT 2002 

On Sun, 3 Feb 2002, Andrew Bartlett wrote:

> Scott Gifford wrote:
> > [...]
> > Also, hasn't the Samba Team expressed a reluctance to have samba going
> > around creating things in /dev?  I seem to remember this, although
> > looking around I can't find any messages to reference.
> 
> Its not reluctance, it simply won't happen.  But I don't mind assisting
> this (very neat) concept by providing the requisite hooks for some
> external program/module to do the dirty work.  I think that PAM modules
> provide a nice way to do this, without needing to modify anything in
> smbd *at all*, and I'm willing to provide 'exec' hooks as described in
> earlier e-mails.  (People use pre/postexec for much of this stuff
> already).

To clarify, because I think Andrew and I are more closely in agreement
than might appear to be the case at first sight(!).

Let's keep two things separate, as they are reasonably independent:

1. Whether the basic functionality (text->Popup->transmission) is within
   smbd or in a separate daemon.

2. Manipulating (creating) "/dev" entries.

Looking first at the latter issue of creating "/dev" entries.

Let's accept the Team view that smbd should not create things in "/dev",
even in a self-contained area such as "/dev/smb".  That is, there is an
absolute veto against smbd doing the latter.  Fair enough.  I understand
(and indeed sympathise and share the concerns).

I think Andrew is suggesting (correct me if I'm wrong!) that an acceptable
way forward is for Samba to invoke PAM (routinely, irrespective of our
message/Popup stuff).  Then the site admin configures PAM to call a PAM
module which creates the "/dev/smb" entry.  (Thus, if nasty things then
happen in "/dev", smbd is innocent.) 

My PAM knowledge has faded considerably over the last couple of years. 
Does the PAM structure allow smbd to specify the name of the particular
"/dev/smb/XXX" (or whatever) so that "our" PAM module can pick it up?
Perhaps one of:
   pam_putenv(...)
   pam set_data(...)
   pam_set_item(..., PAM_TTY, ...)

To me, that sounds promising.  Thanks.



Now switching briefly to the former issue (who/what implements basic Popup
functionality).  There is still some debate, but I think (hope!) this
isn't at "veto" level.  I put much of this in a message earlier today
(although some of that message covered different views of the "/dev/" 
issue, probably now superceded (even nullified?) by the above). 

Hope that helps.

Andrew: a personal note of thanks for making us think this through.  I
appreciate it! 

-- 

:  David Lee                                I.T. Service          :
:  Systems Programmer                       Computer Centre       :
:                                           University of Durham  :
:  http://www.dur.ac.uk/t.d.lee/            South Road            :
:                                           Durham                :
:  Phone: +44 191 374 2882                  U.K.                  :

More information about the samba-technical mailing list