[Samba] ntp and samba4

Tue May 7 13:25:08 MDT 2013

On Mon, 2013-05-06 at 17:15 +0200, Michael De Groote wrote:
> Hi all
> 
> Recently i noticed that upon starting the samba4 'samba' daemon, that it
> changes the group ownership of the socket for ntpd to *staff*
> 
> $ls -l /usr/local/samba/var/lib/ntp_signd/
> total 0
> srwxrwxrwx 1 root *staff* 0 May  6 16:35 socket
> 
> 
> The documentation says it needs to be *ntp*....
> 
> (FYI: i'm running this on debian wheezy)
> 
> I have just added ntp to group staff, but that seems like a workaround...

I don't know why this is happening.  I've examined the code, and it does
not change the group ID, it only creates the directory, forcing the uid.

Indeed, the same code is using for the winbind privileged pipe, which is
likewise deliberately designed so that you can set the group to a
specific group for use by squid et al.  In this case the group is meant
to be 'ntp' to allow only NTP access to the pipe.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org