Bug 1037 - the script of "add script user" run as "nobody"
Summary: the script of "add script user" run as "nobody"
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts (show other bugs)
Version: 3.0.2
Hardware: All Linux
: P3 normal
Target Milestone: none
Assignee: Gerald (Jerry) Carter (dead mail address)
QA Contact:
Depends on:
Reported: 2004-02-04 10:37 UTC by Nahuel Greco
Modified: 2005-11-14 09:27 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Nahuel Greco 2004-02-04 10:37:29 UTC
the script of "add script user" run as "nobody" (Slackware 9.1), when the 
documentation says that it must run as root.
Comment 1 Gerald (Jerry) Carter (dead mail address) 2004-02-09 09:12:11 UTC
are you connected as root ?  Doesn't sound like it.  The script 
runs under the context of the connected user.
Comment 2 Nahuel Greco 2004-02-09 10:16:19 UTC
No, I'm not connected as root, but the documentation explicitly says that the
script will run as root. Note that this is required because the functionality
of the script depends on that. Usually the "add script user" script will
change /etc/passwd to add the user, etc, and it must be done from an non-root 
user connection but with the script running as root. 

Comment 3 Gerald (Jerry) Carter (dead mail address) 2004-02-10 14:35:26 UTC
The add user script is used for 2 things.  

(a) The samr_create_user call which is done under the 
    context of the connected user, and 
(b) one behalf of a user when security = domain and 
    you are not running winbindd.

which case are you talking about ?
Comment 4 Nahuel Greco 2004-02-11 07:16:30 UTC
The (a) option can't be possible because the user doesn't exist in the 
system yet (because that, the "add user script" must be runned).

I don't really understand you about (b), but i'm using security=user, so
probably is not my case, but note that the user also doesn't exist yet.

From the smb.conf manpage under the "add user script" section:
 "This is the full pathname to a script that will be run AS ROOT by smbd(8) 
under special circumstances described below."
 "This option allows smbd to create the required UNIX users ON DEMAND when a 
  user accesses the Samba server."

Note, I found this bug using Samba 3.0.2rc2, I didn't checked again with
3.0.2, and now I'm using winbind, so this bug doesn't affect me anymore.

Comment 5 goverdier 2004-02-15 10:05:42 UTC
I've had the same problem on both 3.0.0 and 3.0.2

When creating a user calling the add user script via smb.conf from User 
Manager, I get an access denied error.

Other scripts called from smb.conf seem to be working OK.

The log file shows the user being created and then immediately deleted, but no 
changes to the passwd files, altough the same command string works fine from 
the console.

It appears to a problem unlocking and writing to the passwd files, which would 
happen if the script is executed from a non-root account.

I am connecting as root, which indicates to me the context of the connected 
user is not the issue here, but who the script gets called as from the smbd.
Comment 6 Gerald (Jerry) Carter (dead mail address) 2004-03-16 11:28:58 UTC
closing out.  If there is a problem specifically 
with user manager support, plezse open a different bug.  Thanks.
Comment 7 Gerald (Jerry) Carter (dead mail address) 2005-11-14 09:27:31 UTC
database cleanup