acls and smb passwd file

system manager system at niuhep.physics.niu.edu
Fri Jul 25 05:33:58 GMT 2003 

Hello,

    If I try to run samba_root:[bin]smbpasswd as a non-priv.ed user I get :

 Error Lock Volume F11B$vUSER1     : insufficient privilege or object protection violation

repeated ten times and then

 Old SMB password:
 New SMB password:
 Retype new SMB password:
                        machine 127.0.0.1 rejected the session setup. Error was
 : Call returned zero bytes (EOF)
 .
 Failed to change password for MORPHIS

where it doesn't matter what I put in for the passwords, except that
if the two new passwords don't match it rejects me for that.

USER1 is the label of the disk that happens to be my default and of course
MORPHIS is my username.

This appears to occur in [.SOURCE.VMS]VMS_SUPPORT.C
in 
char *getpass(char *prompt)
[big snip]
        new_cache->label[volnamsize] = 0;
        strcpy (new_cache->resname,"F11B$v");
        strcat (new_cache->resname,new_cache->label);
        for (i=0;i<18;i++) {
            if (new_cache->resname[i] == 0)
                new_cache->resname[i] = ' ';
        }

    /* Put this new cache in the list */
        if (first_cache == NULL)
            first_cache = new_cache;
        else
        {
            cur_cache = first_cache;
            while (cur_cache->next != NULL)
                cur_cache = cur_cache -> next;
            cur_cache->next = new_cache;
        }
    /* Get infos about the RSB of the volume lock */
        cur_cache = new_cache;
    }

   sts = sys$cmkrnl (update_lock,0);
   if ((sts & 1) != 1)
                DEBUG(0,("  Error Lock Volume %s : %s\n",cur_cache->resname, 
                       str_cache->resname, strerror(EVMSERR,sts)));   


OTOH if I set proc/priv=nocmkrnl I get the same error messages
but the password successfully changes.

Changing permissions on the directory and teh file with passwords
doesn't seem to do any good.

Why is it trying to lock a volume? 

Why is it trying to create cache based on where the user is sitting?

---------
when I run testparm I get:
WARNING: lock directory /samba_root/var/locks should have permissions 0755 
for browsing to work

SAMBA_ROOT:[VAR]LOCKS.DIR;1          (RWE,RWE,RE,RW)

I tried changing it to w:re but no change.

---------
    Perhaps this is entirely unrelated but if I do 
$ mcr authorize sho system/all 
system has the following identifier
 SAMBA_ROOT                       %X80010017
which I saw during the install process.
When I do
$ dir/secu samba_root:[000000...]*.dir

I see something like the following (much edited)

Directory SAMBA_ROOT:[000000]

BIN.DIR;1            [SYSTEM]                         (RWE,RWE,RE,RE)
          (DEFAULT_PROTECTION,SYSTEM:RWED,OWNER:RWED,GROUP:RW,WORLD:RE)
LIB.DIR;1            [SYSTEM]                         (RWE,RWE,RE,RE)
          (DEFAULT_PROTECTION,SYSTEM:RWED,OWNER:RWED,GROUP:RW,WORLD:RE)
PRIVATE.DIR;1        [SYSTEM]                         (RWE,RWE,RE,RW)
          (DEFAULT_PROTECTION,SYSTEM:RWED,OWNER:RWED,GROUP:RW,WORLD:RW)
SWAT.DIR;1           [SYSTEM]                         (RWE,RWE,RWE,)
          (DEFAULT_PROTECTION,SYSTEM:RWED,OWNER:RWED,GROUP:RW,WORLD:RE)
TMP.DIR;1            [SYSTEM]                         (RWE,RWE,RE,RW)
          (DEFAULT_PROTECTION,SYSTEM:RWED,OWNER:RWED,GROUP:RW,WORLD:RW)
VAR.DIR;1            [SYSTEM]                         (RWE,RWE,RE,RW)
          (IDENTIFIER=*,OPTIONS=DEFAULT,ACCESS=READ+WRITE+CONTROL)
          (DEFAULT_PROTECTION,SYSTEM:RWED,OWNER:RWED,GROUP:RW,WORLD:RW)

The files in [var] have the same identifier.  The files in [swat]
look like:

SAM.AA01_GIF;1       [SYSTEM]                         (RWED,RWED,RE,)
          (IDENTIFIER=%X80010031,ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)

If I  do

UAF> sho /id/value=(id:%X10031)
%UAF-E-SHOWERR, unable to complete SHOW command
-SYSTEM-F-NOSUCHID, unknown rights identifier

------------------------------------
smb.conf

[global]
   workgroup = PHYSICS
   dead time = 10
   map archive = no
   printing = bsd
   printcap name = /samba_root/lib/dummyprintcap.dat
   load printers = yes
   print command = print %f/queue=%p/delete/passall/name="""""%s"""""
   lprm command = delete/entry=%j
   security = user
   smb passwd file = /samba_root/private/smbpasswd.dat
   encrypt passwords = yes
   default service = default
   create mode = 0777

   guest account = PCFS$ACCOUNT
   log file = /samba_log/log.%m
   socket options = TCP_NODELAY

  lock directory = /samba_root/var/locks
  share modes = yes

[homes]
   comment = Home Directories
   browseable = yes
   read only = no
   create mode = 0750
;   path = /user1/%U/
[shr5]
   comment = Disk
   browseable = yes
   read only = no
   create mode = 0750
   path = /shr5/%U/
[scr3]
   comment = Disk
   browseable = yes
   read only = no
   create mode = 0750
   path = /scr3/%U
[printers]
   comment = All Printers
   browseable = no
   printable = yes
   public = yes
   writable = no
   create mode = 0700

More information about the samba-vms mailing list