[Samba] Permissions on rpcd_classic and missing logrotate config
Matthias Kühne | Ellerhold Aktiengesellschaft
matthias.kuehne at ellerhold.de
Mon Jan 23 08:27:31 UTC 2023
Hello fellow samba users,
we're using Samba 4.16 from corpit.ru/mjt/samba in debian 11 and having
some problems (I guess?).
Weve got two problems in that configuration that may be less samba
related but more packaging related. Nethertheless input is valuable from
samba itself.
Our first problem is the permissions for the log.rpcd_class file.
[2023/01/20 17:30:19.408261, 0] ../../lib/util/debug.c:1224(reopen_one_log)
Jan 20 17:30:19 fileserver rpcd_classic[497878]: reopen_one_log:
Unable to open new log file '/var/log/samba/log.rpcd_classic':
Permission denied
/var/log/samba has permission of 0750 and the log.rpcd_classic has 0644.
The process rpcd_classic is run as root but as soon as you connect it
seems to switch to the UID of the connecting user. And because the world
writable bit on the log file is missing and the execute bit on the
directory is missing.
What we've done is given the parent directory 0755 and 0666 to the log
file. Correct? Can this be done in either packaging or samba itself?
During debug we've discovered a second problem: the logrotate
configuration is incomplete. The following files are not rotated properly:
* /var/log/samba/log.rpcd_*
* /var/log/samba/log.samba-*
* /var/log/samba/log.wb-*
* /var/log/samba/log.winbindd-*
We've added a new logrotate config for that, but we're unsure which
services need to be reloaded in order for the daemons to open the new
files. Thats why we've used "smbcontrol winbindd reload-config" and
"smbcontrol smbd reload-config" together.
@Samba: Can you tell us which services needs to be reloaded for which
files?
@MJT: Can you add this logrotate config to the packages pls?
Thanks!
--
Senior Webentwickler
Datenschutzbeauftragter
Ellerhold Aktiengesellschaft
Friedrich-List-Str. 4
01445 Radebeul
Telefon: +49 (0) 351 83933-61
Web:www.ellerhold.de
Facebook:www.facebook.com/ellerhold.gruppe
Instagram:www.instagram.com/ellerhold.gruppe
Twitter:https://twitter.com/EllerholdGruppe
Amtsgericht Dresden / HRB 23769
Vorstand: Stephan Ellerhold, Maximilian Ellerhold
Vorsitzender des Aufsichtsrates: Frank Ellerhold
---Diese E-Mail und Ihre Anlagen enthalten vertrauliche Mitteilungen. Sollten Sie nicht der beabsichtigte Adressat sein, so bitten wir Sie um Mitteilung und um sofortiges löschen dieser E-Mail und der Anlagen.
Unsere Hinweise zum Datenschutz finden Sie hier: http://www.ellerhold.de/datenschutz/
This e-mail and its attachments are privileged and confidential. If you are not the intended recipient, please notify us and immediately delete this e-mail and its attachments.
You can find our privacy policy here: http://www.ellerhold.de/datenschutz/
More information about the samba
mailing list