chdir as root

psz at maths.usyd.edu.au psz at maths.usyd.edu.au
Wed Apr 6 04:14:59 GMT 2005 

Earlier I wrote:

> We are using Samba version 3.0.9 (about to upgade to 3.0.12) as a PDC with
> Win2k and WinXP clients. Our logs always show something like
> 
> Apr  5 10:45:26 rome smbd[10892]: [2005/04/05 10:45:26, 0, pid=10892, effective(0, 0), real(0, 0)] smbd/service.c:set_current_service(51)  
> Apr  5 10:45:26 rome smbd[10892]:   chdir (/users/psz) failed  
> 
> (In my limited testing of 3.0.12 I also got such messages.) I suspect the
> explanation is that our home directories are NFS-mounted on the Samba
> server, exported with default root_squash from a file server. The
> directories mostly have mode 700, no "squashed root" (world) access.
> 
> I would like to suggest a patch along the following lines. ...

That patch was wrong; I think the following (against 3.0.12) really fixes
the problem. 

Thanks,

Paul Szabo   psz at maths.usyd.edu.au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia



--- smbd/conn.c.orig	Sat Feb 26 04:59:26 2005
+++ smbd/conn.c	Wed Apr  6 07:14:04 2005
@@ -161,7 +161,14 @@
 	connection_struct *conn, *next;
 	for (conn=Connections;conn;conn=next) {
 		next=conn->next;
-		set_current_service(conn, 0, True);
+/* PSz  6 Apr 05 */
+/*
+ * We are dropping connections, do not care about the return status of
+ * set_current_service: should not bother with do_chdir.
+ * (Often we do this with EUID=0, the user directories are NFS-mounted,
+ * so the chdir cannot succeed.)
+ */
+		set_current_service(conn, 0, False);
 		close_cnum(conn, conn->vuid);
 	}
 }
--- smbd/process.c.orig	Sat Feb 26 04:59:26 2005
+++ smbd/process.c	Wed Apr  6 08:13:04 2005
@@ -954,8 +954,30 @@
 		if (IS_IPC(conn) && (flags & AS_USER) && !(flags & CAN_IPC))
 			return(ERROR_DOS(ERRSRV,ERRaccess));	    
 
+/* PSz  6 Apr 05 */
+/*
+ * Hmm:
+ *   if !(flags & AS_USER) then we done change_to_root_user();
+ *   if (flags & DO_CHDIR) then we will use do_chdir on set_current_service().
+ * This is likely to fail: the directory may be NFS-mounted and exported
+ * with root_squash (so has no root access).
+ * Fail it here and now, not going through the shame of a possibly failed
+ * chdir? The failed chdirs did not seem to affect any functionality (?!),
+ * so this should not either.
+ * In fact failing now seems to cause shares never to disconnect and smbd
+ * processes to "linger" forever. Do not fail, but do not use do_chdir.
+ * Use do_chdir only with AS_USER, ignore DO_CHDIR: I would not expect it
+ * to be needed for SMBexit and SMBtdis.
+ */
+/*
+*if (conn && (!(flags & AS_USER)) && (flags & DO_CHDIR)) {
+*DEBUG(1,("PSz: Fail now, not in chdir(%s) within set_current_service (EUID is %d)\n", conn->connectpath, (int)geteuid() ));
+*			return(ERROR_DOS(ERRSRV,ERRaccess));
+*}
+*/
 		/* load service specific parameters */
-		if (conn && !set_current_service(conn,SVAL(inbuf,smb_flg),(flags & (AS_USER|DO_CHDIR)?True:False)))
+/*		if (conn && !set_current_service(conn,SVAL(inbuf,smb_flg),(flags & (AS_USER|DO_CHDIR)?True:False))) */
+		if (conn && !set_current_service(conn,SVAL(inbuf,smb_flg),(flags & AS_USER?True:False)))
 			return(ERROR_DOS(ERRSRV,ERRaccess));
 
 		/* does this protocol need to be run as guest? */

More information about the samba-technical mailing list