[Samba] ntp and samba4

Michael Mol mikemol at gmail.com
Tue May 7 13:43:07 MDT 2013

On 05/07/2013 03:25 PM, Andrew Bartlett wrote:
> On Mon, 2013-05-06 at 17:15 +0200, Michael De Groote wrote:
>> Hi all
>> Recently i noticed that upon starting the samba4 'samba' daemon, that it
>> changes the group ownership of the socket for ntpd to *staff*
>> $ls -l /usr/local/samba/var/lib/ntp_signd/
>> total 0
>> srwxrwxrwx 1 root *staff* 0 May  6 16:35 socket
>> The documentation says it needs to be *ntp*....
>> (FYI: i'm running this on debian wheezy)
>> I have just added ntp to group staff, but that seems like a workaround...
> I don't know why this is happening.  I've examined the code, and it does
> not change the group ID, it only creates the directory, forcing the uid.
> Indeed, the same code is using for the winbind privileged pipe, which is
> likewise deliberately designed so that you can set the group to a
> specific group for use by squid et al.  In this case the group is meant
> to be 'ntp' to allow only NTP access to the pipe.

Could this be a namespace overlap? Perhaps the directory has the correct
GID, but when Samba spins up the lookup for GID->name goes through it,
and something samba is attached to already has a mapping for that GID.

(I find it very odd to see asterisks around the group name in ls's
output, too...)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 555 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20130507/6ef72f46/attachment.pgp>

More information about the samba mailing list