When sending a HUP signal isn't enough?
Volker Lendecke
Volker.Lendecke at SerNet.DE
Wed May 2 07:37:06 GMT 2007
On Tue, May 01, 2007 at 10:30:42AM -0700, Tim Prouty wrote:
> sesssetup request. If during this period of time smb.conf is changed
> to "security = share", and smbd is sent a HUP signal, smbd will panic
> due to this check in register_vuid():
>
> /* Paranoia check. */
> if(lp_security() == SEC_SHARE) {
> smb_panic("Tried to register uid in security=share\n");
> }
>
> Also, when joining a new domain and changing the realm in smb.conf,
> winbindd does not appear to correctly pick up the changes with a HUP
> signal. Ideally, sending a HUP signal would always be sufficient,
> but as a workaround, we send a TERM signal when changing the security
> mode or realm.
>
> Does anyone know of any other smb.conf parameters that a HUP signal
> won't safely pick up the changes for?
While not being aware about this particular one, there are
probably quite a few of those. For example "netbios name" in
domain mode will certainly not be picked up correctly, it
would require a change of our workstation name in the DC.
But when you think about the security=user -> security=share
one, there is exactly nothing we can do about that. If that
is caught between negprot (where we tell the client to do
sec=user) and the session setup (where we don't want it
anymore), then the only right thing is to panic or cleanly
exit. The only other option would be to ignore security=
changes in a child smbd.
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20070502/4ecaa37e/attachment.bin
More information about the samba-technical
mailing list