[Samba] Mac OS X -- Unable to initgroups. on every anonymous

Jay Ts jay at metran.cx
Fri Jul 26 21:00:02 GMT 2002


My guess is that either something is wrong with the way
Samba was ported to OS X, or the way Apple have set it
up to run on OS X.

In any case, the code in question is in source/smbd/set_ctx.c, and
looks like this:

/****************************************************************************
 Initialize the groups a user belongs to.
****************************************************************************/

BOOL initialise_groups(char *user, uid_t uid, gid_t gid)
{
        struct sec_ctx *prev_ctx_p;
        BOOL result = True;

        if (non_root_mode()) {
                return True;
        }

        become_root();

        /* Call initgroups() to get user groups */

        if (initgroups(user,gid) == -1) {
                DEBUG(0,("Unable to initgroups. Error was %s\n", strerror(errno) ));

Notice the code before initgroups().  Samba either realizes it can't
become root and returns, or sets its UID to root, which is required for
initgroups() to succeed.  Perhaps initgroups() fails because the
smbd daemon is somehow not able to set its UID to root.(?)  Just a guess.

IIRC, the smbd daemon normally runs with the UID of the connected
client. In this case, the user may have effectively no permissions.
(E.g., the "nobody" user.) This is a conjecture, but maybe somehow
 it's having trouble switching from this "peon" user back to superuser.

Try checking the smbd executable, and how it's started up.  This is
done starting with the /System/Library/StartupItems/Samba/Samba
script. What I am wondering here is is this script running as
root, or some other admin user?

Next, try a long ps listing (is that ps -al?  I forget BSD! :)
and check the UID that the copy of smbd associated with the
connection to the share is running with.

If you end up getting stuck on this, and you suspect a problem
with the Samba code (rather than Apple's configuration), you might
try asking on the samba-technical list, with something like
"attn: Tim Potter" (the maintainer of that source file) in the
Subject line.

Jay Ts

----------------------------------------------------------------
> Hi Jay, thanks so much for your answer.
> 
> Mac OS X/Darwin is indeed different in that although it has an 
> /etc/group file that file is only used when the machine is in 
> single-user mode. Otherwise all the system routines that read user 
> and group info end up reading the netinfo database.
> 
> However, I believe that the kernel returns the proper answer for all 
> the group and user routines so the problem is not actually with 
> /etc/group or /etc/passwd (which do exist in any case and have the 
> entries needed for this user.)
> 
> So first let me say where everything works properly:
> 
> If I connect to a users' home directory share for example using:
> 	smbclient //localhost/howard -U howard
> Then everything works correctly. I've had people test this remotely 
> using Windows and it worked for them as well.
> 
> Here's where things do not work: Only when I access the 'public' share.
> 
>  From smb.conf:
> 
> [public]
>          path = /tmp
>          read only = no
>          comment = Guest Area
>          guest ok = yes
> 
> (in the [global] section I have         null passwords = yes
> and I have tried various guest accounts)
> 
> 
> Further more, no matter which user I connect to the 'public' share as 
> (even a user with a real password and using their password) when I 
> transfer a file to the Samba server the group ownership of the file 
> is not set properly, although no error appears in the log. (The files 
> are set owned by group 'wheel', presumably because smbd is running as 
> group wheel.)
> 
> So any access to the 'public' share works, but the group ownership of 
> uploaded files is always wrong, and, if you connect anonymously (by 
> not supplying a password) you get in, but there is an error message 
> in the log.
> 
> So all three of these get you in:
> # smbclient //localhost/public password  -U howard
> # smbclient //localhost/public -U howard
>    (no password)
> # smbclient //localhost/public
>    (no password)
> 
> The first one gives no error in the log file, the second do give the error
> [2002/07/26 20:00:29, 0] smbd/sec_ctx.c:initialise_groups(229)
>    Unable to initgroups. Error was Input/output error
> 
> 
> 
> 
> At 6:07 PM -0700 2002/07/26, Jay Ts wrote:
> >  >
> >>  I'm using Samba 2.2.5 on Mac OS X 10.1.5
> >>  Connecting to the share "public" with no username or password works
> >>  fine, but, this error message appears in the log every time:
> >>
> >>  [2002/07/26 15:15:54, 0] smbd/sec_ctx.c:initialise_groups(229)
> >>     Unable to initgroups. Error was Input/output error
> >>
> >>  What am I doing wrong?
> >
> >The error is caused when Samba calls the C library's initgroups()
> >function, and it runs into some kind of trouble.  initgroups()
> >needs to read /etc/group.  Did you make sure the account you are
> >using as your guest account exists? And is in a group that exists
> >in the system?
> >
> >Make sure you have a /etc/group file and that it is non-corrupt,
> >and readable. The "Input/output error" suggests (?) that there might
> >be something wrong with the file.
> >
> >(BTW, I'm using Linux here, so I hope OS X isn't too far different.
> >Try reading the initgroups(3) manual page on your system to check.)
> >
> >Jay Ts
> >author, Using Samba, 2nd edition
> 
> 
> -- 
> -------------------------------------------
> Matisse Enzer
> matisse at matisse.net
> http://www.matisse.net/




More information about the samba mailing list