[Samba] Permissions on rpcd_classic and missing logrotate config

Matthias Kühne | Ellerhold Aktiengesellschaft matthias.kuehne at ellerhold.de
Mon Jan 23 08:27:31 UTC 2023 

Hello fellow samba users,

we're using Samba 4.16 from corpit.ru/mjt/samba in debian 11 and having 
some problems (I guess?).

Weve got two problems in that configuration that may be less samba 
related but more packaging related. Nethertheless input is valuable from 
samba itself.

Our first problem is the permissions for the log.rpcd_class file.

[2023/01/20 17:30:19.408261,  0] ../../lib/util/debug.c:1224(reopen_one_log)
Jan 20 17:30:19 fileserver rpcd_classic[497878]:   reopen_one_log: 
Unable to open new log file '/var/log/samba/log.rpcd_classic': 
Permission denied

/var/log/samba has permission of 0750 and the log.rpcd_classic has 0644. 
The process rpcd_classic is run as root but as soon as you connect it 
seems to switch to the UID of the connecting user. And because the world 
writable bit on the log file is missing and the execute bit on the 
directory is missing.

What we've done is given the parent directory 0755 and 0666 to the log 
file. Correct? Can this be done in either packaging or samba itself?


During debug we've discovered a second problem: the logrotate 
configuration is incomplete. The following files are not rotated properly:

  * /var/log/samba/log.rpcd_*
  * /var/log/samba/log.samba-*
  * /var/log/samba/log.wb-*
  * /var/log/samba/log.winbindd-*

We've added a new logrotate config for that, but we're unsure which 
services need to be reloaded in order for the daemons to open the new 
files. Thats why we've used "smbcontrol winbindd reload-config" and 
"smbcontrol smbd reload-config" together.

@Samba: Can you tell us which services needs to be reloaded for which 
files?

@MJT: Can you add this logrotate config to the packages pls?

Thanks!

-- 
Senior Webentwickler
Datenschutzbeauftragter

Ellerhold Aktiengesellschaft
Friedrich-List-Str. 4
01445 Radebeul

Telefon: +49 (0) 351 83933-61
Web:www.ellerhold.de
Facebook:www.facebook.com/ellerhold.gruppe
Instagram:www.instagram.com/ellerhold.gruppe
Twitter:https://twitter.com/EllerholdGruppe

Amtsgericht Dresden / HRB 23769
Vorstand: Stephan Ellerhold, Maximilian Ellerhold
Vorsitzender des Aufsichtsrates: Frank Ellerhold


---Diese E-Mail und Ihre Anlagen enthalten vertrauliche Mitteilungen. Sollten Sie nicht der beabsichtigte Adressat sein, so bitten wir Sie um Mitteilung und um sofortiges löschen dieser E-Mail und der Anlagen.

Unsere Hinweise zum Datenschutz finden Sie hier: http://www.ellerhold.de/datenschutz/

This e-mail and its attachments are privileged and confidential. If you are not the intended recipient, please notify us and immediately delete this e-mail and its attachments.

You can find our privacy policy here: http://www.ellerhold.de/datenschutz/

More information about the samba mailing list