acls and smb passwd file
system manager
system at niuhep.physics.niu.edu
Fri Jul 25 20:28:55 GMT 2003
On Fri, Jul 25, 2003 at 04:51:26PM +0200, COLLOT Jean-Yves wrote:
> The problem here is that, for performance reasons, some kernel locks are
> used by the SMBD process, and those locks are created when calling stat().
>
> Unfortunately, stat() is called by other Samba components (such as
> smbpasswd), and it takes (or tries to take) the same kernel locks, even if
> there is no performance issues.
>
> The result is that most, if not all, components of Samba/VMS does not work
> properly if the user has not the CMKRNL privilege (and probably a couple of
> other ones, such as SYSLCK).
>
> I am going to work on this, in order for the locks to be taken only by the
> SMBD processes.
>
> JY Collot
Thank you for the response and for your work on the program.
As an experiment I tried installing with priviledges but got an
error about smbpasswd being compiled with traceback.
Robert Morphis
> ---------
> Perhaps this is entirely unrelated but if I do
> $ mcr authorize sho system/all
> system has the following identifier
> SAMBA_ROOT %X80010017
> which I saw during the install process.
> When I do
> $ dir/secu samba_root:[000000...]*.dir
>
> I see something like the following (much edited)
>
> Directory SAMBA_ROOT:[000000]
>
> BIN.DIR;1 [SYSTEM] (RWE,RWE,RE,RE)
> (DEFAULT_PROTECTION,SYSTEM:RWED,OWNER:RWED,GROUP:RW,WORLD:RE)
> LIB.DIR;1 [SYSTEM] (RWE,RWE,RE,RE)
> (DEFAULT_PROTECTION,SYSTEM:RWED,OWNER:RWED,GROUP:RW,WORLD:RE)
> PRIVATE.DIR;1 [SYSTEM] (RWE,RWE,RE,RW)
> (DEFAULT_PROTECTION,SYSTEM:RWED,OWNER:RWED,GROUP:RW,WORLD:RW)
> SWAT.DIR;1 [SYSTEM] (RWE,RWE,RWE,)
> (DEFAULT_PROTECTION,SYSTEM:RWED,OWNER:RWED,GROUP:RW,WORLD:RE)
> TMP.DIR;1 [SYSTEM] (RWE,RWE,RE,RW)
> (DEFAULT_PROTECTION,SYSTEM:RWED,OWNER:RWED,GROUP:RW,WORLD:RW)
> VAR.DIR;1 [SYSTEM] (RWE,RWE,RE,RW)
> (IDENTIFIER=*,OPTIONS=DEFAULT,ACCESS=READ+WRITE+CONTROL)
> (DEFAULT_PROTECTION,SYSTEM:RWED,OWNER:RWED,GROUP:RW,WORLD:RW)
>
> The files in [var] have the same identifier. The files in [swat]
> look like:
>
> SAM.AA01_GIF;1 [SYSTEM] (RWED,RWED,RE,)
> (IDENTIFIER=%X80010031,ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)
>
> If I do
>
> UAF> sho /id/value=(id:%X10031)
> %UAF-E-SHOWERR, unable to complete SHOW command
> -SYSTEM-F-NOSUCHID, unknown rights identifier
>
> ------------------------------------
> smb.conf
>
> [global]
> workgroup = PHYSICS
> dead time = 10
> map archive = no
> printing = bsd
> printcap name = /samba_root/lib/dummyprintcap.dat
> load printers = yes
> print command = print %f/queue=%p/delete/passall/name="""""%s"""""
> lprm command = delete/entry=%j
> security = user
> smb passwd file = /samba_root/private/smbpasswd.dat
> encrypt passwords = yes
> default service = default
> create mode = 0777
>
> guest account = PCFS$ACCOUNT
> log file = /samba_log/log.%m
> socket options = TCP_NODELAY
>
> lock directory = /samba_root/var/locks
> share modes = yes
>
> [homes]
> comment = Home Directories
> browseable = yes
> read only = no
> create mode = 0750
> ; path = /user1/%U/
> [shr5]
> comment = Disk
> browseable = yes
> read only = no
> create mode = 0750
> path = /shr5/%U/
> [scr3]
> comment = Disk
> browseable = yes
> read only = no
> create mode = 0750
> path = /scr3/%U
> [printers]
> comment = All Printers
> browseable = no
> printable = yes
> public = yes
> writable = no
> create mode = 0700
More information about the samba-vms
mailing list