Upgrade Samba 4.2.3 to 4.3.0, smbd nmbd fail to start, invalid permissions '/var/cache/samba/msg': has 0700 should be 0755 https://bugs.archlinux.org/task/46240 [samba] invalid permissions on directory '/var/cache/samba/msg': has 0700 should be 0755 https://bbs.archlinux.org/viewtopic.php?id=202302 Samba doesn't start - Unregistered Authentication Agent f... # systemctl status smbd.service Sep 10 13:44:21 fujitsu systemd[1]: smbd.service: Control process exited, code=exited status=1 # systemctl status nmbd.service Sep 10 13:45:14 fujitsu nmbd[2169]: invalid permissions on directory '/var/cache/samba/msg': has 0700 should be 0755 Bug 1: smbd won't start but smdb doesn't report the problem. The problem is reported by nmdb. If smdb won't start because of nmbd, smdb needs to report the error. Blaming nmbd would be sufficient. Bug 2: nmbd 4.2.3 requires chmod 700 'msg'. nmbd 4.3.0 requires chmod 755 'msg'. Downgrading back to 4.2.3 requires chmod 700 'msg'. While this can be fixed in the Arch Linux installer, a deliberate change that shuts down Samba servers on upgrade and reboot needs to be handled transparently by nmbd. Bug 3: Why isn't this change in the Release Notes for Samba 4.3.0, September 8, 2015?
Ok, what happened is this: In 4.2 we used ${LOCKDIR}/lck (0755) for lock files and ${LOCKDIR}/msg (0700) for sockets In 4.3 and master we use ${LOCKDIR}/msg (0755) for lock files and ${PRIVATEDIR}/msg (0700) for sockets This can we fixed either in init scripts, with something like this: for 4.3: find "${SAMBA_LOCKDIR}/msg" -maxdepth 0 -type d -perm 0700 -exec rm -r {} + for 4.2: find "${SAMBA_LOCKDIR}/msg" -maxdepth 0 -type d -perm 0755 -exec rm -r {} + Or we change the source code to use ${LOCKDIR}/msg.lck (0755) for lock files in order to avoid the conflict with older versions. Volker, do you think a change from ${LOCKDIR}/msg to ${LOCKDIR}/msg.lck makes sense?
(In reply to Stefan Metzmacher from comment #1) It's ${PRIVATEDIR}/sock (0700) instead of ${PRIVATEDIR}/msg in 4.3 and master...
(In reply to Stefan Metzmacher from comment #2) So a change to ${LOCKDIR}/msg.lock and ${PRIVATEDIR}/msg.sock might more logical...
(In reply to Stefan Metzmacher from comment #3) Or ${LOCKDIR}/msg.pub and ${PRIVATEDIR}/msg.priv
(In reply to Stefan Metzmacher from comment #4) I like the msg.lock and msg.sock better, but I'm not fixed on the names at all. Whatever makes sense to you
(In reply to Volker Lendecke from comment #5) By the way, I'd rather keep them really short, we have a 108 char (or less) size limit
Created attachment 11443 [details] Possible patches for master This implements ${LOCKDIR}/msg.lock and ${PRIVATEDIR}/msg.sock
Created attachment 11447 [details] Patches for v4-3-test
(In reply to Stefan Metzmacher from comment #8) Pushed to autobuild-v4-3-test.
(In reply to Karolin Seeger from comment #9) Pushed to v4-3-test. Closing out bug report. Thanks!