Bug 10328 - smbpasswd from 4.1.2 cannot delete root from smbpasswd file
Summary: smbpasswd from 4.1.2 cannot delete root from smbpasswd file
Status: ASSIGNED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Tools (show other bugs)
Version: 4.13.3
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Jeremy Allison
QA Contact: Samba QA Contact
URL:
Keywords:
: 9981 (view as bug list)
Depends on:
Blocks:
 
Reported: 2013-12-16 12:30 UTC by Thomas Bork
Modified: 2020-12-19 15:35 UTC (History)
2 users (show)

See Also:


Attachments
Test patch. (1.60 KB, patch)
2014-03-19 00:03 UTC, Jeremy Allison
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Bork 2013-12-16 12:30:15 UTC
Trying to delete user root from /etc/passdb.tdb with smbpasswd fails (no PDC, no
winbind).

test # smbd -V
Version 4.1.2-for-eisfair-1-patch-1
test # grep ^root /etc/passwd
root:x:0:0:root:/root:/bin/bash
test # pdbedit -Lw root
root:0:C2265B23734E0DACAAD3B435B51404EE:69943C5E63B4D2C104DBBCC15138B72B:[U          ]:LCT-52AEF04A:
test # smbpasswd -D 10 -x root
INFO: Current debug levels:
  all: 10
  tdb: 10
  printdrivers: 10
  lanman: 10
  smb: 10
  rpc_parse: 10
  rpc_srv: 10
  rpc_cli: 10
  passdb: 10
  sam: 10
  auth: 10
  winbind: 10
  vfs: 10
  idmap: 10
  quota: 10
  acls: 10
  locking: 10
  msdfs: 10
  dmapi: 10
  registry: 10
  scavenger: 10
  dns: 10
  ldb: 10
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
  all: 10
  tdb: 10
  printdrivers: 10
  lanman: 10
  smb: 10
  rpc_parse: 10
  rpc_srv: 10
  rpc_cli: 10
  passdb: 10
  sam: 10
  auth: 10
  winbind: 10
  vfs: 10
  idmap: 10
  quota: 10
  acls: 10
  locking: 10
  msdfs: 10
  dmapi: 10
  registry: 10
  scavenger: 10
  dns: 10
  ldb: 10
params.c:pm_process() - Processing configuration file "/etc/smb.conf"
Processing section "[global]"
doing parameter dos charset = CP850
doing parameter unix charset = UTF-8
doing parameter workgroup = TOMMAIK
doing parameter serverstring =
doing parameter interfaces = 127.0.0.1/8 192.168.0.8/255.255.255.0
doing parameter bind interfaces only = yes
doing parameter security = user
doing parameter password server =
doing parameter passwd program = /usr/bin/passwd %u
doing parameter passwd chat = *New*Password:* %n\n *Reenter*New*Password:* %n\n *Password*changed*
doing parameter username map = /etc/user.map
doing parameter username level = 2
doing parameter unix password sync = yes
doing parameter debug level = 0
doing parameter max log size = 10000
doing parameter nameresolveorder = lmhosts host wins bcast
doing parameter time server = yes
doing parameter deadtime = 60
doing parameter printing = lprng
doing parameter printcap name = /etc/printcap
doing parameter printcap cache time = 0
doing parameter load printers = no
doing parameter mangling method = hash2
doing parameter domain logons = no
doing parameter add user script = /usr/sbin/useradd -m '%u' -c '%u'
doing parameter add machine script =
doing parameter delete user script =
doing parameter add group script = /var/install/bin/add-group '%g'
doing parameter delete group script = /var/install/bin/remove-group '%g'
doing parameter add user to group script = /usr/sbin/usermod -G '%g' '%u'
doing parameter delete user from group script = /usr/sbin/userdel '%g' '%u'
doing parameter set primary group script = /var/install/bin/modify-user -g '%u' '%g'
doing parameter os level = 0
doing parameter preferred master = no
doing parameter local master = no
doing parameter domain master = no
doing parameter wins support = no
doing parameter wins hook =
doing parameter wins server =
doing parameter wins proxy = no
doing parameter kernel oplocks = no
doing parameter utmp = yes
doing parameter message command = /var/install/bin/samba-netbios-mail '%f' '%s'
doing parameter admin users = root
doing parameter hosts allow = 127.0.0. 192.168.0.0/255.255.255.0
doing parameter dos filetime resolution = yes
doing parameter use sendfile = yes
doing parameter unix extensions = no
doing parameter wide links = yes
doing parameter enable core files = no
doing parameter max mux = 10000
doing parameter dos filemode = yes
doing parameter acl group control = yes
doing parameter force unknown acl user = yes
doing parameter inherit acls = yes
doing parameter map acl inherit = yes
doing parameter map hidden = no
doing parameter map system = no
doing parameter map archive = no
doing parameter map read only = no
doing parameter store dos attributes = yes
doing parameter ea support = yes
doing parameter oplocks = no
doing parameter level2 oplocks = no
doing parameter blocking locks = no
doing parameter hide files = /desktop.ini/Thumbs.db/
doing parameter dos filemode = yes
doing parameter passdb backend = tdbsam
doing parameter lanman auth = yes
doing parameter client lanman auth = yes
doing parameter client plaintext auth = yes
doing parameter client ntlmv2 auth = no
doing parameter max protocol = SMB3
doing parameter min receivefile size = 16384
doing parameter aio read size = 16384
doing parameter aio write size = 16384
doing parameter client max protocol = SMB3
doing parameter acl allow execute always = yes
doing parameter socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
pm_process() returned Yes
lp_servicenumber: couldn't find homes
Netbios name list:-
my_netbios_names[0]="TEST"
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend wbc_sam
Successfully added passdb backend 'wbc_sam'
Attempting to find a passdb backend to match tdbsam (tdbsam)
Found pdb backend tdbsam
pdb backend tdbsam has a valid init
tdbsam_open: successfully opened /etc/passdb.tdb
pdb_set_username: setting username root, was
pdb_set_domain: setting domain TEST, was
pdb_set_nt_username: setting nt username , was
pdb_set_full_name: setting full name root, was
Home server: test
pdb_set_homedir: setting home dir \\test\root, was
pdb_set_dir_drive: setting dir drive , was NULL
pdb_set_logon_script: setting logon script , was
Home server: test
pdb_set_profile_path: setting profile path \\test\root\profile, was
pdb_set_workstations: setting workstations , was
account_policy_get: name: password history, val: 0
pdb_set_user_sid: setting user sid S-1-5-21-4093749324-3310999274-4195910024-1003
pdb_set_user_sid_from_rid:
        setting user sid S-1-5-21-4093749324-3310999274-4195910024-1003 from rid 1003
account_policy_get: name: maximum password age, val: -1
Finding user root
Trying _Get_Pwnam(), username as lowercase is root
Get_Pwnam_internals did find user [root]!
Opening cache file at /var/lock/samba/gencache.tdb
Opening cache file at /var/lock/samba/gencache_notrans.tdb
gid_to_sid: winbind failed to find a sid for gid 0
LEGACY: gid 0 -> sid S-1-22-2-0
Forcing Primary Group to 'Domain Users' for root
account_policy_get: name: password history, val: 0
pdb_set_username: setting username root, was
pdb_set_domain: setting domain TEST, was
pdb_set_nt_username: setting nt username , was
pdb_set_full_name: setting full name root, was
Home server: test
pdb_set_homedir: setting home dir \\test\root, was
pdb_set_dir_drive: setting dir drive , was NULL
pdb_set_logon_script: setting logon script , was
Home server: test
pdb_set_profile_path: setting profile path \\test\root\profile, was
pdb_set_workstations: setting workstations , was
account_policy_get: name: password history, val: 0
pdb_set_user_sid: setting user sid S-1-5-21-4093749324-3310999274-4195910024-1003
pdb_set_user_sid_from_rid:
        setting user sid S-1-5-21-4093749324-3310999274-4195910024-1003 from rid 1003
pdb_set_group_sid: setting group sid S-1-5-21-4093749324-3310999274-4195910024-513
winbind failed to find a uid for sid S-1-5-21-4093749324-3310999274-4195910024-1003
lookup_global_sam_rid: looking up RID 1003.
pdb_set_username: setting username root, was
pdb_set_domain: setting domain TEST, was
pdb_set_nt_username: setting nt username , was
pdb_set_full_name: setting full name root, was
Home server: test
pdb_set_homedir: setting home dir \\test\root, was
pdb_set_dir_drive: setting dir drive , was NULL
pdb_set_logon_script: setting logon script , was
Home server: test
pdb_set_profile_path: setting profile path \\test\root\profile, was
pdb_set_workstations: setting workstations , was
account_policy_get: name: password history, val: 0
pdb_set_user_sid: setting user sid S-1-5-21-4093749324-3310999274-4195910024-1003
pdb_set_user_sid_from_rid:
        setting user sid S-1-5-21-4093749324-3310999274-4195910024-1003 from rid 1003
Finding user root
Trying _Get_Pwnam(), username as lowercase is root
Get_Pwnam_internals did find user [root]!
Failed to delete entry for user root.


I _can_ delete normal users with smbpasswd:
-------------------------------------------

test # smbpasswd -D 10 -x tb
INFO: Current debug levels:
  all: 10
  tdb: 10
  printdrivers: 10
  lanman: 10
  smb: 10
  rpc_parse: 10
  rpc_srv: 10
  rpc_cli: 10
  passdb: 10
  sam: 10
  auth: 10
  winbind: 10
  vfs: 10
  idmap: 10
  quota: 10
  acls: 10
  locking: 10
  msdfs: 10
  dmapi: 10
  registry: 10
  scavenger: 10
  dns: 10
  ldb: 10
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
  all: 10
  tdb: 10
  printdrivers: 10
  lanman: 10
  smb: 10
  rpc_parse: 10
  rpc_srv: 10
  rpc_cli: 10
  passdb: 10
  sam: 10
  auth: 10
  winbind: 10
  vfs: 10
  idmap: 10
  quota: 10
  acls: 10
  locking: 10
  msdfs: 10
  dmapi: 10
  registry: 10
  scavenger: 10
  dns: 10
  ldb: 10
params.c:pm_process() - Processing configuration file "/etc/smb.conf"
Processing section "[global]"
doing parameter dos charset = CP850
doing parameter unix charset = UTF-8
doing parameter workgroup = TOMMAIK
doing parameter serverstring =
doing parameter interfaces = 127.0.0.1/8 192.168.0.8/255.255.255.0
doing parameter bind interfaces only = yes
doing parameter security = user
doing parameter password server =
doing parameter passwd program = /usr/bin/passwd %u
doing parameter passwd chat = *New*Password:* %n\n *Reenter*New*Password:* %n\n *Password*changed*
doing parameter username map = /etc/user.map
doing parameter username level = 2
doing parameter unix password sync = yes
doing parameter debug level = 0
doing parameter max log size = 10000
doing parameter nameresolveorder = lmhosts host wins bcast
doing parameter time server = yes
doing parameter deadtime = 60
doing parameter printing = lprng
doing parameter printcap name = /etc/printcap
doing parameter printcap cache time = 0
doing parameter load printers = no
doing parameter mangling method = hash2
doing parameter domain logons = no
doing parameter add user script = /usr/sbin/useradd -m '%u' -c '%u'
doing parameter add machine script =
doing parameter delete user script =
doing parameter add group script = /var/install/bin/add-group '%g'
doing parameter delete group script = /var/install/bin/remove-group '%g'
doing parameter add user to group script = /usr/sbin/usermod -G '%g' '%u'
doing parameter delete user from group script = /usr/sbin/userdel '%g' '%u'
doing parameter set primary group script = /var/install/bin/modify-user -g '%u' '%g'
doing parameter os level = 0
doing parameter preferred master = no
doing parameter local master = no
doing parameter domain master = no
doing parameter wins support = no
doing parameter wins hook =
doing parameter wins server =
doing parameter wins proxy = no
doing parameter kernel oplocks = no
doing parameter utmp = yes
doing parameter message command = /var/install/bin/samba-netbios-mail '%f' '%s'
doing parameter admin users = root
doing parameter hosts allow = 127.0.0. 192.168.0.0/255.255.255.0
doing parameter dos filetime resolution = yes
doing parameter use sendfile = yes
doing parameter unix extensions = no
doing parameter wide links = yes
doing parameter enable core files = no
doing parameter max mux = 10000
doing parameter dos filemode = yes
doing parameter acl group control = yes
doing parameter force unknown acl user = yes
doing parameter inherit acls = yes
doing parameter map acl inherit = yes
doing parameter map hidden = no
doing parameter map system = no
doing parameter map archive = no
doing parameter map read only = no
doing parameter store dos attributes = yes
doing parameter ea support = yes
doing parameter oplocks = no
doing parameter level2 oplocks = no
doing parameter blocking locks = no
doing parameter hide files = /desktop.ini/Thumbs.db/
doing parameter dos filemode = yes
doing parameter passdb backend = tdbsam
doing parameter lanman auth = yes
doing parameter client lanman auth = yes
doing parameter client plaintext auth = yes
doing parameter client ntlmv2 auth = no
doing parameter max protocol = SMB3
doing parameter min receivefile size = 16384
doing parameter aio read size = 16384
doing parameter aio write size = 16384
doing parameter client max protocol = SMB3
doing parameter acl allow execute always = yes
doing parameter socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
pm_process() returned Yes
lp_servicenumber: couldn't find homes
Netbios name list:-
my_netbios_names[0]="TEST"
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend wbc_sam
Successfully added passdb backend 'wbc_sam'
Attempting to find a passdb backend to match tdbsam (tdbsam)
Found pdb backend tdbsam
pdb backend tdbsam has a valid init
tdbsam_open: successfully opened /etc/passdb.tdb
pdb_set_username: setting username tb, was
pdb_set_domain: setting domain TEST, was
pdb_set_nt_username: setting nt username , was
pdb_set_full_name: setting full name tb, was
Home server: test
pdb_set_homedir: setting home dir \\test\tb, was
pdb_set_dir_drive: setting dir drive , was NULL
pdb_set_logon_script: setting logon script , was
Home server: test
pdb_set_profile_path: setting profile path \\test\tb\profile, was
pdb_set_workstations: setting workstations , was
account_policy_get: name: password history, val: 0
pdb_set_user_sid: setting user sid S-1-5-21-4093749324-3310999274-4195910024-1004
pdb_set_user_sid_from_rid:
        setting user sid S-1-5-21-4093749324-3310999274-4195910024-1004 from rid 1004
account_policy_get: name: maximum password age, val: -1
Finding user tb
Trying _Get_Pwnam(), username as lowercase is tb
Get_Pwnam_internals did find user [tb]!
Opening cache file at /var/lock/samba/gencache.tdb
Opening cache file at /var/lock/samba/gencache_notrans.tdb
gid_to_sid: winbind failed to find a sid for gid 100
LEGACY: gid 100 -> sid S-1-22-2-100
Forcing Primary Group to 'Domain Users' for tb
account_policy_get: name: password history, val: 0
pdb_set_username: setting username tb, was
pdb_set_domain: setting domain TEST, was
pdb_set_nt_username: setting nt username , was
pdb_set_full_name: setting full name tb, was
Home server: test
pdb_set_homedir: setting home dir \\test\tb, was
pdb_set_dir_drive: setting dir drive , was NULL
pdb_set_logon_script: setting logon script , was
Home server: test
pdb_set_profile_path: setting profile path \\test\tb\profile, was
pdb_set_workstations: setting workstations , was
account_policy_get: name: password history, val: 0
pdb_set_user_sid: setting user sid S-1-5-21-4093749324-3310999274-4195910024-1004
pdb_set_user_sid_from_rid:
        setting user sid S-1-5-21-4093749324-3310999274-4195910024-1004 from rid 1004
pdb_set_group_sid: setting group sid S-1-5-21-4093749324-3310999274-4195910024-513
winbind failed to find a uid for sid S-1-5-21-4093749324-3310999274-4195910024-1004
lookup_global_sam_rid: looking up RID 1004.
pdb_set_username: setting username tb, was
pdb_set_domain: setting domain TEST, was
pdb_set_nt_username: setting nt username , was
pdb_set_full_name: setting full name tb, was
Home server: test
pdb_set_homedir: setting home dir \\test\tb, was
pdb_set_dir_drive: setting dir drive , was NULL
pdb_set_logon_script: setting logon script , was
Home server: test
pdb_set_profile_path: setting profile path \\test\tb\profile, was
pdb_set_workstations: setting workstations , was
account_policy_get: name: password history, val: 0
pdb_set_user_sid: setting user sid S-1-5-21-4093749324-3310999274-4195910024-1004
pdb_set_user_sid_from_rid:
        setting user sid S-1-5-21-4093749324-3310999274-4195910024-1004 from rid 1004
Finding user tb
Trying _Get_Pwnam(), username as lowercase is tb
Get_Pwnam_internals did find user [tb]!
check lock order 1 for /etc/passdb.tdb
lock order:  1:/etc/passdb.tdb 2:<none> 3:<none>
Locking key 555345525F746200
Allocated locked data 0x0xb77c81b8
Unlocking key 555345525F746200
release lock order 1 for /etc/passdb.tdb
lock order:  1:<none> 2:<none> 3:<none>
check lock order 1 for /etc/passdb.tdb
lock order:  1:/etc/passdb.tdb 2:<none> 3:<none>
Locking key 5249445F303030303033
Allocated locked data 0x0xb77c85b0
Unlocking key 5249445F303030303033
release lock order 1 for /etc/passdb.tdb
lock order:  1:<none> 2:<none> 3:<none>
Registering messaging pointer for type 2 - private_data=(nil)
Registering messaging pointer for type 9 - private_data=(nil)
Registered MSG_REQ_POOL_USAGE
Registering messaging pointer for type 11 - private_data=(nil)
Registering messaging pointer for type 12 - private_data=(nil)
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Registering messaging pointer for type 1 - private_data=(nil)
Registering messaging pointer for type 5 - private_data=(nil)
messaging_tdb_store:
     array: struct messaging_array
        num_messages             : 0x00000001 (1)
        messages: ARRAY(1)
            messages: struct messaging_rec
                msg_version              : 0x00000002 (2)
                msg_type                 : ID_CACHE_DELETE (15)
                dest: struct server_id
                    pid                      : 0x000000000000099b (2459)
                    task_id                  : 0x00000000 (0)
                    vnn                      : 0xffffffff (4294967295)
                    unique_id                : 0x87067c7443d60582 (-8717143189932866174)
                src: struct server_id
                    pid                      : 0x00000000000009cf (2511)
                    task_id                  : 0x00000000 (0)
                    vnn                      : 0xffffffff (4294967295)
                    unique_id                : 0x0000000000000000 (0)
                buf                      : DATA_BLOB length=8
[0000] 55 53 45 52 20 74 62 00                            USER tb.
messaging_tdb_store:
     array: struct messaging_array
        num_messages             : 0x00000001 (1)
        messages: ARRAY(1)
            messages: struct messaging_rec
                msg_version              : 0x00000002 (2)
                msg_type                 : ID_CACHE_DELETE (15)
                dest: struct server_id
                    pid                      : 0x0000000000000999 (2457)
                    task_id                  : 0x00000000 (0)
                    vnn                      : 0xffffffff (4294967295)
                    unique_id                : 0x0000000000000000 (0)
                src: struct server_id
                    pid                      : 0x00000000000009cf (2511)
                    task_id                  : 0x00000000 (0)
                    vnn                      : 0xffffffff (4294967295)
                    unique_id                : 0x0000000000000000 (0)
                buf                      : DATA_BLOB length=8
[0000] 55 53 45 52 20 74 62 00                            USER tb.
messaging_tdb_store:
     array: struct messaging_array
        num_messages             : 0x00000001 (1)
        messages: ARRAY(1)
            messages: struct messaging_rec
                msg_version              : 0x00000002 (2)
                msg_type                 : ID_CACHE_DELETE (15)
                dest: struct server_id
                    pid                      : 0x000000000000099e (2462)
                    task_id                  : 0x00000000 (0)
                    vnn                      : 0xffffffff (4294967295)
                    unique_id                : 0x87067c7443d60582 (-8717143189932866174)
                src: struct server_id
                    pid                      : 0x00000000000009cf (2511)
                    task_id                  : 0x00000000 (0)
                    vnn                      : 0xffffffff (4294967295)
                    unique_id                : 0x0000000000000000 (0)
                buf                      : DATA_BLOB length=8
[0000] 55 53 45 52 20 74 62 00                            USER tb.
Deleted user tb.


Deleting root with pdbedit is possible:
---------------------------------------

test # pdbedit -d 10 -x root
INFO: Current debug levels:
  all: 10
  tdb: 10
  printdrivers: 10
  lanman: 10
  smb: 10
  rpc_parse: 10
  rpc_srv: 10
  rpc_cli: 10
  passdb: 10
  sam: 10
  auth: 10
  winbind: 10
  vfs: 10
  idmap: 10
  quota: 10
  acls: 10
  locking: 10
  msdfs: 10
  dmapi: 10
  registry: 10
  scavenger: 10
  dns: 10
  ldb: 10
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
  all: 10
  tdb: 10
  printdrivers: 10
  lanman: 10
  smb: 10
  rpc_parse: 10
  rpc_srv: 10
  rpc_cli: 10
  passdb: 10
  sam: 10
  auth: 10
  winbind: 10
  vfs: 10
  idmap: 10
  quota: 10
  acls: 10
  locking: 10
  msdfs: 10
  dmapi: 10
  registry: 10
  scavenger: 10
  dns: 10
  ldb: 10
params.c:pm_process() - Processing configuration file "/etc/smb.conf"
Processing section "[global]"
doing parameter dos charset = CP850
doing parameter unix charset = UTF-8
doing parameter workgroup = TOMMAIK
doing parameter serverstring =
doing parameter interfaces = 127.0.0.1/8 192.168.0.8/255.255.255.0
doing parameter bind interfaces only = yes
doing parameter security = user
doing parameter password server =
doing parameter passwd program = /usr/bin/passwd %u
doing parameter passwd chat = *New*Password:* %n\n *Reenter*New*Password:* %n\n *Password*changed*
doing parameter username map = /etc/user.map
doing parameter username level = 2
doing parameter unix password sync = yes
doing parameter debug level = 0
doing parameter max log size = 10000
doing parameter nameresolveorder = lmhosts host wins bcast
doing parameter time server = yes
doing parameter deadtime = 60
doing parameter printing = lprng
doing parameter printcap name = /etc/printcap
doing parameter printcap cache time = 0
doing parameter load printers = no
doing parameter mangling method = hash2
doing parameter domain logons = no
doing parameter add user script = /usr/sbin/useradd -m '%u' -c '%u'
doing parameter add machine script =
doing parameter delete user script =
doing parameter add group script = /var/install/bin/add-group '%g'
doing parameter delete group script = /var/install/bin/remove-group '%g'
doing parameter add user to group script = /usr/sbin/usermod -G '%g' '%u'
doing parameter delete user from group script = /usr/sbin/userdel '%g' '%u'
doing parameter set primary group script = /var/install/bin/modify-user -g '%u' '%g'
doing parameter os level = 0
doing parameter preferred master = no
doing parameter local master = no
doing parameter domain master = no
doing parameter wins support = no
doing parameter wins hook =
doing parameter wins server =
doing parameter wins proxy = no
doing parameter kernel oplocks = no
doing parameter utmp = yes
doing parameter message command = /var/install/bin/samba-netbios-mail '%f' '%s'
doing parameter admin users = root
doing parameter hosts allow = 127.0.0. 192.168.0.0/255.255.255.0
doing parameter dos filetime resolution = yes
doing parameter use sendfile = yes
doing parameter unix extensions = no
doing parameter wide links = yes
doing parameter enable core files = no
doing parameter max mux = 10000
doing parameter dos filemode = yes
doing parameter acl group control = yes
doing parameter force unknown acl user = yes
doing parameter inherit acls = yes
doing parameter map acl inherit = yes
doing parameter map hidden = no
doing parameter map system = no
doing parameter map archive = no
doing parameter map read only = no
doing parameter store dos attributes = yes
doing parameter ea support = yes
doing parameter oplocks = no
doing parameter level2 oplocks = no
doing parameter blocking locks = no
doing parameter hide files = /desktop.ini/Thumbs.db/
doing parameter dos filemode = yes
doing parameter passdb backend = tdbsam
doing parameter lanman auth = yes
doing parameter client lanman auth = yes
doing parameter client plaintext auth = yes
doing parameter client ntlmv2 auth = no
doing parameter max protocol = SMB3
doing parameter min receivefile size = 16384
doing parameter aio read size = 16384
doing parameter aio write size = 16384
doing parameter client max protocol = SMB3
doing parameter acl allow execute always = yes
doing parameter socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
pm_process() returned Yes
lp_servicenumber: couldn't find homes
Netbios name list:-
my_netbios_names[0]="TEST"
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend wbc_sam
Successfully added passdb backend 'wbc_sam'
Attempting to find a passdb backend to match tdbsam (tdbsam)
Found pdb backend tdbsam
pdb backend tdbsam has a valid init
tdbsam_open: successfully opened /etc/passdb.tdb
pdb_set_username: setting username root, was
pdb_set_domain: setting domain TEST, was
pdb_set_nt_username: setting nt username , was
pdb_set_full_name: setting full name root, was
Home server: test
pdb_set_homedir: setting home dir \\test\root, was
pdb_set_dir_drive: setting dir drive , was NULL
pdb_set_logon_script: setting logon script , was
Home server: test
pdb_set_profile_path: setting profile path \\test\root\profile, was
pdb_set_workstations: setting workstations , was
account_policy_get: name: password history, val: 0
pdb_set_user_sid: setting user sid S-1-5-21-4093749324-3310999274-4195910024-1003
pdb_set_user_sid_from_rid:
        setting user sid S-1-5-21-4093749324-3310999274-4195910024-1003 from rid 1003
account_policy_get: name: maximum password age, val: -1
Finding user root
Trying _Get_Pwnam(), username as lowercase is root
Get_Pwnam_internals did find user [root]!
Opening cache file at /var/lock/samba/gencache.tdb
Opening cache file at /var/lock/samba/gencache_notrans.tdb
gid_to_sid: winbind failed to find a sid for gid 0
LEGACY: gid 0 -> sid S-1-22-2-0
Forcing Primary Group to 'Domain Users' for root
account_policy_get: name: password history, val: 0
pdb_set_username: setting username root, was
pdb_set_domain: setting domain TEST, was
pdb_set_nt_username: setting nt username , was
pdb_set_full_name: setting full name root, was
Home server: test
pdb_set_homedir: setting home dir \\test\root, was
pdb_set_dir_drive: setting dir drive , was NULL
pdb_set_logon_script: setting logon script , was
Home server: test
pdb_set_profile_path: setting profile path \\test\root\profile, was
pdb_set_workstations: setting workstations , was
account_policy_get: name: password history, val: 0
pdb_set_user_sid: setting user sid S-1-5-21-4093749324-3310999274-4195910024-1003
pdb_set_user_sid_from_rid:
        setting user sid S-1-5-21-4093749324-3310999274-4195910024-1003 from rid 1003
pdb_set_group_sid: setting group sid S-1-5-21-4093749324-3310999274-4195910024-513
check lock order 1 for /etc/passdb.tdb
lock order:  1:/etc/passdb.tdb 2:<none> 3:<none>
Locking key 555345525F726F6F7400
Allocated locked data 0x0xb774e278
Unlocking key 555345525F726F6F7400
release lock order 1 for /etc/passdb.tdb
lock order:  1:<none> 2:<none> 3:<none>
check lock order 1 for /etc/passdb.tdb
lock order:  1:/etc/passdb.tdb 2:<none> 3:<none>
Locking key 5249445F303030303033
Allocated locked data 0x0xb774d520
Unlocking key 5249445F303030303033
release lock order 1 for /etc/passdb.tdb
lock order:  1:<none> 2:<none> 3:<none>
test # pdbedit -Lw root
Username not found!


This is a regression to old samba versions. We are using scripts to add and
delete samba users via smbpasswd.

See also the same bug report for Samba 3.6.x:

https://bugzilla.samba.org/show_bug.cgi?id=9981

der tom
Comment 1 Thomas Bork 2014-03-15 18:50:18 UTC
Also occuring with 4.1.5 and 4.1.6.
Comment 2 Jeremy Allison 2014-03-18 22:51:17 UTC
It's deliberate... We have:

NTSTATUS pdb_delete_user(TALLOC_CTX *mem_ctx, struct samu *sam_acct)
{
        struct pdb_methods *pdb = pdb_get_methods();
        uid_t uid = -1;
        NTSTATUS status;
        const struct dom_sid *user_sid;
        char *msg_data;

        user_sid = pdb_get_user_sid(sam_acct);

        /* sanity check to make sure we don't delete root */

        if ( !sid_to_uid(user_sid, &uid ) ) {
                return NT_STATUS_NO_SUCH_USER;
        }

        if ( uid == 0 ) {
                return NT_STATUS_ACCESS_DENIED;
        }

Now for a git-blame to see why this was added (and why pdbedit gets around it :-).
Comment 3 Jeremy Allison 2014-03-18 22:54:00 UTC
Ok, pdbedit uses pdb_delete_sam_account().
smbpasswd uses pdb_delete_user().

What's the difference and why ? :-).
Comment 4 Jeremy Allison 2014-03-18 22:59:10 UTC
Oh, I get it. pdb_delete_user() can shell out to the UNIX side to delete the *actual* user. We really don't want to do that for root :-).

But the check is in the wrong place.

Fix to follow.
Comment 5 Jeremy Allison 2014-03-19 00:03:10 UTC
Created attachment 9789 [details]
Test patch.

Ok, so here is a test patch. I moves the "don't delete root" check from pdb_delete_user() to pdb_default_delete_user().

I think this is the right way to fix this, but please test first and let me know :-).

Cheers,

Jeremy.
Comment 6 Thomas Bork 2014-03-19 08:43:42 UTC
Am 19.03.2014 01:03, schrieb samba-bugs@samba.org:

> Ok, so here is a test patch. I moves the "don't delete root" check from
> pdb_delete_user() to pdb_default_delete_user().
>
> I think this is the right way to fix this, but please test first and let me
> know :-).

Looks good:

samba # smbd -V
Version 4.1.6-for-eisfair-1-patch-2
samba # grep ^root /etc/passwd
root:x:0:0:root:/root:/bin/bash
samba # pdbedit -Lw root
root:0:C2265B23734E0DACAAD3B435B51404EE:69943C5E63B4D2C104DBBCC15138B72B:[U 
          ]:LCT-53178DB3:
samba # smbpasswd -D 10 -x root
INFO: Current debug levels:
   all: 10
   tdb: 10
   printdrivers: 10
   lanman: 10
   smb: 10
   rpc_parse: 10
   rpc_srv: 10
   rpc_cli: 10
   passdb: 10
   sam: 10
   auth: 10
   winbind: 10
   vfs: 10
   idmap: 10
   quota: 10
   acls: 10
   locking: 10
   msdfs: 10
   dmapi: 10
   registry: 10
   scavenger: 10
   dns: 10
   ldb: 10
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
   all: 10
   tdb: 10
   printdrivers: 10
   lanman: 10
   smb: 10
   rpc_parse: 10
   rpc_srv: 10
   rpc_cli: 10
   passdb: 10
   sam: 10
   auth: 10
   winbind: 10
   vfs: 10
   idmap: 10
   quota: 10
   acls: 10
   locking: 10
   msdfs: 10
   dmapi: 10
   registry: 10
   scavenger: 10
   dns: 10
   ldb: 10
params.c:pm_process() - Processing configuration file "/etc/smb.conf"
Processing section "[global]"
doing parameter dos charset = CP850
doing parameter unix charset = UTF-8
doing parameter workgroup = TOMMAIK
doing parameter serverstring =
doing parameter interfaces = 127.0.0.1/8 192.168.0.33/255.255.255.0
doing parameter bind interfaces only = yes
doing parameter security = user
doing parameter password server =
doing parameter passwd program = /usr/bin/passwd %u
doing parameter passwd chat = *New*Password:* %n\n 
*Reenter*New*Password:* %n\n *Password*changed*
doing parameter username map = /etc/user.map
doing parameter username level = 2
doing parameter unix password sync = yes
doing parameter debug level = 0
doing parameter max log size = 10000
doing parameter nameresolveorder = lmhosts host wins bcast
doing parameter time server = yes
doing parameter deadtime = 60
doing parameter printing = lprng
doing parameter printcap name = /etc/printcap
doing parameter printcap cache time = 0
doing parameter load printers = no
doing parameter mangling method = hash2
doing parameter domain logons = no
doing parameter add user script = /usr/sbin/useradd -m '%u' -c '%u'
doing parameter add machine script =
doing parameter delete user script =
doing parameter add group script = /var/install/bin/add-group '%g'
doing parameter delete group script = /var/install/bin/remove-group '%g'
doing parameter add user to group script = /usr/sbin/usermod -G '%g' '%u'
doing parameter delete user from group script = /usr/sbin/userdel '%g' '%u'
doing parameter set primary group script = /var/install/bin/modify-user 
-g '%u' '%g'
doing parameter os level = 0
doing parameter preferred master = no
doing parameter local master = no
doing parameter domain master = no
doing parameter wins support = no
doing parameter wins hook =
doing parameter wins server =
doing parameter wins proxy = no
doing parameter kernel oplocks = no
doing parameter utmp = yes
doing parameter message command = /var/install/bin/samba-netbios-mail 
'%f' '%s'
doing parameter admin users = root
doing parameter hosts allow = 127.0.0. 192.168.0.0/255.255.255.0
doing parameter dos filetime resolution = yes
doing parameter use sendfile = yes
doing parameter unix extensions = no
doing parameter wide links = yes
doing parameter enable core files = no
doing parameter max mux = 10000
doing parameter dos filemode = yes
doing parameter acl group control = yes
doing parameter force unknown acl user = yes
doing parameter inherit acls = yes
doing parameter map acl inherit = yes
doing parameter map hidden = no
doing parameter map system = no
doing parameter map archive = no
doing parameter map read only = no
doing parameter store dos attributes = yes
doing parameter ea support = yes
doing parameter oplocks = no
doing parameter level2 oplocks = no
doing parameter blocking locks = no
doing parameter hide files = /desktop.ini/Thumbs.db/
doing parameter dos filemode = yes
doing parameter passdb backend = tdbsam
doing parameter lanman auth = yes
doing parameter client lanman auth = yes
doing parameter client plaintext auth = yes
doing parameter client ntlmv2 auth = no
doing parameter max protocol = SMB3
doing parameter min receivefile size = 16384
doing parameter aio read size = 16384
doing parameter aio write size = 16384
doing parameter client max protocol = SMB3
doing parameter acl allow execute always = yes
doing parameter print notify backchannel = no
doing parameter socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
pm_process() returned Yes
lp_servicenumber: couldn't find homes
Netbios name list:-
my_netbios_names[0]="SAMBA"
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend wbc_sam
Successfully added passdb backend 'wbc_sam'
Attempting to find a passdb backend to match tdbsam (tdbsam)
Found pdb backend tdbsam
pdb backend tdbsam has a valid init
tdbsam_open: successfully opened /etc/passdb.tdb
pdb_set_username: setting username root, was
pdb_set_domain: setting domain SAMBA, was
pdb_set_nt_username: setting nt username , was
pdb_set_full_name: setting full name root, was
Home server: samba
pdb_set_homedir: setting home dir \\samba\root, was
pdb_set_dir_drive: setting dir drive , was NULL
pdb_set_logon_script: setting logon script , was
Home server: samba
pdb_set_profile_path: setting profile path \\samba\root\profile, was
pdb_set_workstations: setting workstations , was
account_policy_get: name: password history, val: 0
pdb_set_user_sid: setting user sid 
S-1-5-21-4119069296-3092739579-1781507130-1000
pdb_set_user_sid_from_rid:
         setting user sid S-1-5-21-4119069296-3092739579-1781507130-1000 
from rid 1000
account_policy_get: name: maximum password age, val: -1
Finding user root
Trying _Get_Pwnam(), username as lowercase is root
Get_Pwnam_internals did find user [root]!
Opening cache file at /var/lock/samba/gencache.tdb
Opening cache file at /var/lock/samba/gencache_notrans.tdb
gid_to_sid: winbind failed to find a sid for gid 0
LEGACY: gid 0 -> sid S-1-22-2-0
Forcing Primary Group to 'Domain Users' for root
account_policy_get: name: password history, val: 0
pdb_set_username: setting username root, was
pdb_set_domain: setting domain SAMBA, was
pdb_set_nt_username: setting nt username , was
pdb_set_full_name: setting full name root, was
Home server: samba
pdb_set_homedir: setting home dir \\samba\root, was
pdb_set_dir_drive: setting dir drive , was NULL
pdb_set_logon_script: setting logon script , was
Home server: samba
pdb_set_profile_path: setting profile path \\samba\root\profile, was
pdb_set_workstations: setting workstations , was
account_policy_get: name: password history, val: 0
pdb_set_user_sid: setting user sid 
S-1-5-21-4119069296-3092739579-1781507130-1000
pdb_set_user_sid_from_rid:
         setting user sid S-1-5-21-4119069296-3092739579-1781507130-1000 
from rid 1000
pdb_set_group_sid: setting group sid 
S-1-5-21-4119069296-3092739579-1781507130-513
winbind failed to find a uid for sid 
S-1-5-21-4119069296-3092739579-1781507130-1000
lookup_global_sam_rid: looking up RID 1000.
pdb_set_username: setting username root, was
pdb_set_domain: setting domain SAMBA, was
pdb_set_nt_username: setting nt username , was
pdb_set_full_name: setting full name root, was
Home server: samba
pdb_set_homedir: setting home dir \\samba\root, was
pdb_set_dir_drive: setting dir drive , was NULL
pdb_set_logon_script: setting logon script , was
Home server: samba
pdb_set_profile_path: setting profile path \\samba\root\profile, was
pdb_set_workstations: setting workstations , was
account_policy_get: name: password history, val: 0
pdb_set_user_sid: setting user sid 
S-1-5-21-4119069296-3092739579-1781507130-1000
pdb_set_user_sid_from_rid:
         setting user sid S-1-5-21-4119069296-3092739579-1781507130-1000 
from rid 1000
Finding user root
Trying _Get_Pwnam(), username as lowercase is root
Get_Pwnam_internals did find user [root]!
check lock order 1 for /etc/passdb.tdb
lock order:  1:/etc/passdb.tdb 2:<none> 3:<none>
Locking key 555345525F726F6F7400
Allocated locked data 0x0xb77b81d0
Unlocking key 555345525F726F6F7400
release lock order 1 for /etc/passdb.tdb
lock order:  1:<none> 2:<none> 3:<none>
check lock order 1 for /etc/passdb.tdb
lock order:  1:/etc/passdb.tdb 2:<none> 3:<none>
Locking key 5249445F303030303033
Allocated locked data 0x0xb77b7ff8
Unlocking key 5249445F303030303033
release lock order 1 for /etc/passdb.tdb
lock order:  1:<none> 2:<none> 3:<none>
Registering messaging pointer for type 2 - private_data=(nil)
Registering messaging pointer for type 9 - private_data=(nil)
Registered MSG_REQ_POOL_USAGE
Registering messaging pointer for type 11 - private_data=(nil)
Registering messaging pointer for type 12 - private_data=(nil)
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Registering messaging pointer for type 1 - private_data=(nil)
Registering messaging pointer for type 5 - private_data=(nil)
messaging_tdb_store:
      array: struct messaging_array
         num_messages             : 0x00000001 (1)
         messages: ARRAY(1)
             messages: struct messaging_rec
                 msg_version              : 0x00000002 (2)
                 msg_type                 : ID_CACHE_DELETE (15)
                 dest: struct server_id
                     pid                      : 0x000000000000163e (5694)
                     task_id                  : 0x00000000 (0)
                     vnn                      : 0xffffffff (4294967295)
                     unique_id                : 0x0000000000000000 (0)
                 src: struct server_id
                     pid                      : 0x0000000000001886 (6278)
                     task_id                  : 0x00000000 (0)
                     vnn                      : 0xffffffff (4294967295)
                     unique_id                : 0x0000000000000000 (0)
                 buf                      : DATA_BLOB length=10
[0000] 55 53 45 52 20 72 6F 6F   74 00                    USER roo t.
messaging_tdb_store:
      array: struct messaging_array
         num_messages             : 0x00000001 (1)
         messages: ARRAY(1)
             messages: struct messaging_rec
                 msg_version              : 0x00000002 (2)
                 msg_type                 : ID_CACHE_DELETE (15)
                 dest: struct server_id
                     pid                      : 0x0000000000001640 (5696)
                     task_id                  : 0x00000000 (0)
                     vnn                      : 0xffffffff (4294967295)
                     unique_id                : 0x2bfc0d5878a1bb00 
(3169422911394134784)
                 src: struct server_id
                     pid                      : 0x0000000000001886 (6278)
                     task_id                  : 0x00000000 (0)
                     vnn                      : 0xffffffff (4294967295)
                     unique_id                : 0x0000000000000000 (0)
                 buf                      : DATA_BLOB length=10
[0000] 55 53 45 52 20 72 6F 6F   74 00                    USER roo t.
messaging_tdb_store:
      array: struct messaging_array
         num_messages             : 0x00000001 (1)
         messages: ARRAY(1)
             messages: struct messaging_rec
                 msg_version              : 0x00000002 (2)
                 msg_type                 : ID_CACHE_DELETE (15)
                 dest: struct server_id
                     pid                      : 0x0000000000001643 (5699)
                     task_id                  : 0x00000000 (0)
                     vnn                      : 0xffffffff (4294967295)
                     unique_id                : 0x2bfc0d5878a1bb00 
(3169422911394134784)
                 src: struct server_id
                     pid                      : 0x0000000000001886 (6278)
                     task_id                  : 0x00000000 (0)
                     vnn                      : 0xffffffff (4294967295)
                     unique_id                : 0x0000000000000000 (0)
                 buf                      : DATA_BLOB length=10
[0000] 55 53 45 52 20 72 6F 6F   74 00                    USER roo t.
Deleted user root.
samba # grep ^root /etc/passwd
root:x:0:0:root:/root:/bin/bash
samba # pdbedit -Lw root
Username not found!

Thanks a lot!
Comment 7 Jeremy Allison 2014-03-21 17:53:32 UTC
The only issue with this is that moving the check from pdb_delete_user() to pdb_default_delete_user() means that backends that don't have this check (the LDAP backend and the Novell directory backend) need it adding to avoid changing behavior. I'll add a secondary patch that restores it for these backends.

Jeremy.
Comment 8 Thomas Bork 2014-04-04 20:12:55 UTC
Can your patch go into 4.1.x? It fixes the error for us.
Comment 9 Jeremy Allison 2014-04-04 20:14:10 UTC
Trouble is it changes the semantics on the LDAP backend, so I need to fix that up first.

Jeremy.
Comment 10 Stefan Metzmacher 2014-07-17 07:37:50 UTC
*** Bug 9981 has been marked as a duplicate of this bug. ***
Comment 11 Björn Jacke 2020-12-19 15:34:25 UTC
Jeremy, it looks like this "delete root" issue is still open, right?