Fix for Samba server masking world writeable perm off

Rowland Penny rpenny at samba.org
Tue Feb 26 16:44:21 UTC 2019 

On Tue, 26 Feb 2019 18:31:55 +0200
Alexander Bokovoy via samba-technical <samba-technical at lists.samba.org>
wrote:

> On ti, 26 helmi 2019, Jeremy Allison via samba-technical wrote:
> > On Tue, Feb 26, 2019 at 06:11:20PM +0200, Alexander Bokovoy wrote:
> > > > 
> > > > Is it possible some of the pam calls are setting a
> > > > umask internally ?
> > > Yes, most likely session phase is setting them -- either in
> > > pam_limits or in pam_systemd.
> > 
> > Hmmm. Should we then explicitly set umask(0) after
> > making the pam session calls ? It's setting the
> > umask for smbd which is unwanted.
> My understanding is that this is indeed a valid approach. At least,
> manual page daemon(7) (from systemd suite) states for SysV daemons:
> 
>        10. In the daemon process, reset the umask to 0, so that the
> file modes passed to open(), mkdir() and suchlike directly control the
>            access mode of the created files and directories.
> 
> Further, it states for new-style daemons (integrated with systemd):
> 
>        Note that new-style init systems guarantee execution of daemon
>        processes in a clean process context: it is guaranteed that the
>        environment block is sanitized, that the signal handlers and
> mask is reset and that no left-over file descriptors are passed.
> 
>        Daemons will be executed in their own session, with standard
>        input connected to /dev/null and standard output/error
> connected to the systemd-journald.service(8) logging service, unless
>        otherwise configured. The umask is reset.
> 
> So, the expectation is that a daemon has umask reset to 0. However,
> neither case accounts for interaction with PAM stack. In PAM
> documentation there is no explanation what to expect from session
> stack either, while side effects are kind of covered (in
> pam_open_session(3)) by claiming that application should have enough
> privileges to perform those operations that, for example, create
> directories.
> 
> I suspect we should treat each PAM session as kind of a separate
> instance launch in terms of our environment being clobbered. So
> resetting umask to 0 is probably a valid thing.
> 
> 

What happens if you do not use systemd ?

Rowland

More information about the samba-technical mailing list