[Samba] smbd daemon running as wrong user ID

simo idra at samba.org
Fri Feb 15 14:27:08 GMT 2008 

On Fri, 2008-02-15 at 13:42 +0100, Guido Gonzato wrote:
> Hello,
> 
> I have a strange problem affecting samba-3.0.10-1.4E.12.2 on a Red Hat 
> Enterprise Linux AS release 4 system.
> 
> We have a multi-domain configuration here at University of Verona 
> (Italy). We use Samba as PDC for several faculties. Each faculty has its 
> own daemon instance and its own smb config file:
> 
> [root at ldapvr1 ~]# ls /etc/samba/smb.*
> /etc/samba/smb.conf             /etc/samba/smb.giurisprudenza.conf 
> /etc/samba/smb.medicina.conf
> /etc/samba/smb.economia.conf    /etc/samba/smb.labfac.conf 
> /etc/samba/smb.motorie.conf
> /etc/samba/smb.erasmus.conf     /etc/samba/smb.lettere.conf 
> /etc/samba/smb.scienze.conf
> /etc/samba/smb.formazione.conf  /etc/samba/smb.lingue.conf 
> /etc/samba/smb.template.conf
> [root at ldapvr1 ~]#
> 
> the problem is that sometimes we have one of the daemons running as the 
> 'nobody' user ID or, worse, as normal user. Extract of a 'ps uax' command:
> 
> root      6018  0.0  0.1 11416 2816 ?        S    12:44   0:00 
> /usr/sbin/smbd_motorie -D -s /etc/samba/smb.motorie.conf -l 
> /var/log/samba/motorie
> vr002419  6090  0.0  0.1 11820 2960 ?        S    12:47   0:00 
> /usr/sbin/smbd_economia -D -s /etc/samba/smb.economia.conf -l 
> /var/log/samba/economia
> root      6091  0.0  0.1 11556 2940 ?        S    12:47   0:00 
> /usr/sbin/smbd_economia -D -s /etc/samba/smb.economia.conf -l 
> /var/log/samba/economia
> nobody    6093  0.0  0.1 11412 2152 ?        S    12:47   0:00 
> /usr/sbin/smbd_economia -D -s /etc/samba/smb.economia.conf -l 
> /var/log/samba/economia
> root      6106  0.0  0.0  5628  632 pts/2    R+   12:47   0:00 grep smb
> 
> as you can see, process 6090 runs as user ID vr002419, while process 
> 6093 runs as 'nobody'. User IDs are provided by an external LDAP server.
> 
> I'm just a deputy sysadmin for this server (the Big Guy's on holiday), 
> and I must admit I don't have much experience with Samba. I searched the 
> docs but I didn't find any reference to this behaviour.
> 
> Any hints on how to fix this situation?
> Thanks a lot,
>       Guido

Samba switches to the authenticated user to perform file system
operations, so that the kernel can enforce the proper access control.

Can you be more specific and tell what problem exactly you have?

Ciao,
Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Senior Software Engineer at Red Hat Inc. <ssorce at redhat.com>

More information about the samba mailing list