Change directory_create_or_exist()

Andrew Bartlett abartlet at
Wed May 18 16:19:50 MDT 2011

On Wed, 2011-05-18 at 14:17 -0400, simo wrote:
> On Wed, 2011-05-18 at 18:33 +0100, Jelmer Vernooij wrote:
> > On Tue, 2011-05-17 at 15:40 +0200, Andreas Schneider wrote:
> > > 
> > > on the buildfarm we see currently the error.
> > > 
> > > invalid permissions on directory 
> > > '/memdisk/build/samba_4_0_test/st/client/ncalrpcdir': has 0700 should be 0755
> > > ../source4/smbd/service_named_pipe.c:206: Failed to create ncalrpc pipe 
> > > directory '/memdisk/build/samba_4_0_test/st/client/ncalrpcdir' - 
> > > 
> > > Wouldn't it make sense that we try a chmod() to fix the permissions on the 
> > > directory before we fail?
> > That directory can be one that's specified by the user; I'm not sure if
> > it's a good idea to automatically change the permissions of a user
> > directory, especially making it more public than it was before.
> > 
> > In this case, perhaps we should just do the right thing when we create
> > it?
> What is the right thing ?
> The problem here is that abartlet changed the previous default, it was
> 700 and now it is 755, this means that on upgrade we just fail as the
> permissions will be wrong.
> I guess an alternative approach is to not change the permissions, but
> instead change directory_create_or_exist() to consider valid any
> permissions that are equal OR stricter than the ones passed in ?
> And just emit a loud warning at level 0 about them not matching the
> requested permission set ?

The difficulty here is that for a combined Samba 4.0, ncaclrpc is a
shared directory that both parts of the codebase (and independent
servers) can install listeners in, and previously we had two different
sets of permissions on that directory, so a merged 'Franky' like setup
would not start.

Now it's quite clear that changing the 'this set or die' permissions in
the way I did hasn't worked out as well as I expected, but I'm
dumbfounded as to what the right thing to do here is.  I am sorry for
not being more proactive in fixing the mess I created, but we seem to
quite truly be in a difficult spot. 

Away from 4.0, we also have the question of 'do we want to expose
ncaclrpc for non-root users in 3.6' - if we don't, then what is the
point of ncalcrpc at all, and if we do then the same quandary applies

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 

More information about the samba-technical mailing list