When sending a HUP signal isn't enough?

Volker Lendecke Volker.Lendecke at SerNet.DE
Wed May 2 07:37:06 GMT 2007

On Tue, May 01, 2007 at 10:30:42AM -0700, Tim Prouty wrote:
> sesssetup request.  If during this period of time smb.conf is changed  
> to "security = share", and smbd is sent a HUP signal, smbd will panic  
> due to this check in register_vuid():
> 	/* Paranoia check. */
> 	if(lp_security() == SEC_SHARE) {
> 		smb_panic("Tried to register uid in security=share\n");
> 	}
> Also, when joining a new domain and changing the realm in smb.conf,  
> winbindd does not appear to correctly pick up the changes with a HUP  
> signal.  Ideally, sending a HUP signal would always be sufficient,  
> but as a workaround, we send a TERM signal when changing the security  
> mode or realm.
> Does anyone know of any other smb.conf parameters that a HUP signal  
> won't safely pick up the changes for?

While not being aware about this particular one, there are
probably quite a few of those. For example "netbios name" in
domain mode will certainly not be picked up correctly, it
would require a change of our workstation name in the DC.

But when you think about the security=user -> security=share
one, there is exactly nothing we can do about that. If that
is caught between negprot (where we tell the client to do
sec=user) and the session setup (where we don't want it
anymore), then the only right thing is to panic or cleanly
exit. The only other option would be to ignore security=
changes in a child smbd.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20070502/4ecaa37e/attachment.bin

More information about the samba-technical mailing list