[Samba] Mac OS X -- Unable to initgroups. on every anonymous

Matisse Enzer matisse at matisse.net
Sun Jul 28 10:16:02 GMT 2002


Thanks Jay,

I had indeed looked at the source code, and saw that initgroups(3) is 
being used, and probably is returning a failure, but i don't know why.

My smbd is running as user root, group wheel, which probably explains 
while files were showing up owned by group wheel, but doesn't explain 
exactly what was going on.

I'm writing a book on "Unix for OS X", and was working on the sectio 
on installing and configuring Samba. It took me much longer than i 
though to write that part - Samba has so many options!! :-)
But, I have basically finished that section - 20 pages that walk a 
user through downloading, compiling, installing, configuring Samba, 
including creating the darwin/Mac OS X system StartupItem script (as 
well as using inetd if you want that.)

I decided to not describe setting up a "guest" share, but i do have a 
sidebar telling the reader what to look for in the documentation 
(which I praise - it very nice that so much documentation is 
included.)

If you are interested I can send you folks the Mac OS X startup 
script information, you might want to include it in a future release. 
(Darwin/Mac O S X use a different kind of startup process that 
traditional BSD/SysV)


At 8:57 PM -0700 2002/07/26, Jay Ts wrote:
>My guess is that either something is wrong with the way
>Samba was ported to OS X, or the way Apple have set it
>up to run on OS X.
>
>In any case, the code in question is in source/smbd/set_ctx.c, and
>looks like this:
>
>/****************************************************************************
>  Initialize the groups a user belongs to.
>****************************************************************************/
>
>BOOL initialise_groups(char *user, uid_t uid, gid_t gid)
>{
>         struct sec_ctx *prev_ctx_p;
>         BOOL result = True;
>
>         if (non_root_mode()) {
>                 return True;
>         }
>
>         become_root();
>
>         /* Call initgroups() to get user groups */
>
>         if (initgroups(user,gid) == -1) {
>                 DEBUG(0,("Unable to initgroups. Error was %s\n", 
>strerror(errno) ));
>
>Notice the code before initgroups().  Samba either realizes it can't
>become root and returns, or sets its UID to root, which is required for
>initgroups() to succeed.  Perhaps initgroups() fails because the
>smbd daemon is somehow not able to set its UID to root.(?)  Just a guess.
>
>IIRC, the smbd daemon normally runs with the UID of the connected
>client. In this case, the user may have effectively no permissions.
>(E.g., the "nobody" user.) This is a conjecture, but maybe somehow
>  it's having trouble switching from this "peon" user back to superuser.
>
>Try checking the smbd executable, and how it's started up.  This is
>done starting with the /System/Library/StartupItems/Samba/Samba
>script. What I am wondering here is is this script running as
>root, or some other admin user?
>
>Next, try a long ps listing (is that ps -al?  I forget BSD! :)
>and check the UID that the copy of smbd associated with the
>connection to the share is running with.
>
>If you end up getting stuck on this, and you suspect a problem
>with the Samba code (rather than Apple's configuration), you might
>try asking on the samba-technical list, with something like
>"attn: Tim Potter" (the maintainer of that source file) in the
>Subject line.
>
>Jay Ts
>
>----------------------------------------------------------------
>>  Hi Jay, thanks so much for your answer.
>>
>>  Mac OS X/Darwin is indeed different in that although it has an
>>  /etc/group file that file is only used when the machine is in
>>  single-user mode. Otherwise all the system routines that read user
>>  and group info end up reading the netinfo database.
>>
>>  However, I believe that the kernel returns the proper answer for all
>>  the group and user routines so the problem is not actually with
>>  /etc/group or /etc/passwd (which do exist in any case and have the
>>  entries needed for this user.)
>  >
>  > So first let me say where everything works properly:
>  >
>  > If I connect to a users' home directory share for example using:
>  >	smbclient //localhost/howard -U howard
>>  Then everything works correctly. I've had people test this remotely
>>  using Windows and it worked for them as well.
>>
>>  Here's where things do not work: Only when I access the 'public' share.
>>
>>   From smb.conf:
>>
>>  [public]
>>           path = /tmp
>>           read only = no
>>           comment = Guest Area
>>           guest ok = yes
>>
>>  (in the [global] section I have         null passwords = yes
>>  and I have tried various guest accounts)
>>
>>
>>  Further more, no matter which user I connect to the 'public' share as
>>  (even a user with a real password and using their password) when I
>>  transfer a file to the Samba server the group ownership of the file
>>  is not set properly, although no error appears in the log. (The files
>>  are set owned by group 'wheel', presumably because smbd is running as
>>  group wheel.)
>>
>>  So any access to the 'public' share works, but the group ownership of
>>  uploaded files is always wrong, and, if you connect anonymously (by
>>  not supplying a password) you get in, but there is an error message
>>  in the log.
>>
>>  So all three of these get you in:
>>  # smbclient //localhost/public password  -U howard
>>  # smbclient //localhost/public -U howard
>>     (no password)
>>  # smbclient //localhost/public
>>     (no password)
>>
>>  The first one gives no error in the log file, the second do give the error
>>  [2002/07/26 20:00:29, 0] smbd/sec_ctx.c:initialise_groups(229)
>>     Unable to initgroups. Error was Input/output error
>>
>>
>>
>>
>>  At 6:07 PM -0700 2002/07/26, Jay Ts wrote:
>>  >  >
>>  >>  I'm using Samba 2.2.5 on Mac OS X 10.1.5
>>  >>  Connecting to the share "public" with no username or password works
>>  >>  fine, but, this error message appears in the log every time:
>>  >>
>>  >>  [2002/07/26 15:15:54, 0] smbd/sec_ctx.c:initialise_groups(229)
>>  >>     Unable to initgroups. Error was Input/output error
>>  >>
>>  >>  What am I doing wrong?
>>  >
>>  >The error is caused when Samba calls the C library's initgroups()
>>  >function, and it runs into some kind of trouble.  initgroups()
>>  >needs to read /etc/group.  Did you make sure the account you are
>>  >using as your guest account exists? And is in a group that exists
>>  >in the system?
>>  >
>>  >Make sure you have a /etc/group file and that it is non-corrupt,
>>  >and readable. The "Input/output error" suggests (?) that there might
>>  >be something wrong with the file.
>>  >
>>  >(BTW, I'm using Linux here, so I hope OS X isn't too far different.
>>  >Try reading the initgroups(3) manual page on your system to check.)
>>  >
>>  >Jay Ts
>>  >author, Using Samba, 2nd edition
>>
>>
>>  --
>>  -------------------------------------------
>>  Matisse Enzer
>>  matisse at matisse.net
>>  http://www.matisse.net/


-- 
-------------------------------------------
Matisse Enzer
matisse at matisse.net
http://www.matisse.net/




More information about the samba mailing list