abartlet at samba.org
Wed May 18 16:19:50 MDT 2011
On Wed, 2011-05-18 at 14:17 -0400, simo wrote:
> On Wed, 2011-05-18 at 18:33 +0100, Jelmer Vernooij wrote:
> > On Tue, 2011-05-17 at 15:40 +0200, Andreas Schneider wrote:
> > >
> > > on the buildfarm we see currently the error.
> > >
> > > invalid permissions on directory
> > > '/memdisk/build/samba_4_0_test/st/client/ncalrpcdir': has 0700 should be 0755
> > > ../source4/smbd/service_named_pipe.c:206: Failed to create ncalrpc pipe
> > > directory '/memdisk/build/samba_4_0_test/st/client/ncalrpcdir' -
> > > NT_STATUS_OBJECT_NAME_NOT_FOUND
> > >
> > > Wouldn't it make sense that we try a chmod() to fix the permissions on the
> > > directory before we fail?
> > That directory can be one that's specified by the user; I'm not sure if
> > it's a good idea to automatically change the permissions of a user
> > directory, especially making it more public than it was before.
> > In this case, perhaps we should just do the right thing when we create
> > it?
> What is the right thing ?
> The problem here is that abartlet changed the previous default, it was
> 700 and now it is 755, this means that on upgrade we just fail as the
> permissions will be wrong.
> I guess an alternative approach is to not change the permissions, but
> instead change directory_create_or_exist() to consider valid any
> permissions that are equal OR stricter than the ones passed in ?
> And just emit a loud warning at level 0 about them not matching the
> requested permission set ?
The difficulty here is that for a combined Samba 4.0, ncaclrpc is a
shared directory that both parts of the codebase (and independent
servers) can install listeners in, and previously we had two different
sets of permissions on that directory, so a merged 'Franky' like setup
would not start.
Now it's quite clear that changing the 'this set or die' permissions in
the way I did hasn't worked out as well as I expected, but I'm
dumbfounded as to what the right thing to do here is. I am sorry for
not being more proactive in fixing the mess I created, but we seem to
quite truly be in a difficult spot.
Away from 4.0, we also have the question of 'do we want to expose
ncaclrpc for non-root users in 3.6' - if we don't, then what is the
point of ncalcrpc at all, and if we do then the same quandary applies
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical