Bug 11515 - Upgrade Samba 4.2.3 to 4.3.0, smbd nmbd fail to start, invalid permissions '/var/cache/samba/msg': has 0700 should be 0755
Upgrade Samba 4.2.3 to 4.3.0, smbd nmbd fail to start, invalid permissions '/...
Status: RESOLVED FIXED
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services
4.3.0
x64 All
: P5 major
: ---
Assigned To: Karolin Seeger
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-09-13 02:51 UTC by Chris Severance
Modified: 2015-10-12 18:52 UTC (History)
5 users (show)

See Also:


Attachments
Possible patches for master (3.94 KB, patch)
2015-09-16 10:59 UTC, Stefan Metzmacher
vl: review+
Details
Patches for v4-3-test (4.40 KB, patch)
2015-09-17 14:43 UTC, Stefan Metzmacher
vl: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Chris Severance 2015-09-13 02:51:23 UTC
Upgrade Samba 4.2.3 to 4.3.0, smbd nmbd fail to start, invalid permissions '/var/cache/samba/msg': has 0700 should be 0755

https://bugs.archlinux.org/task/46240 [samba] invalid permissions on directory '/var/cache/samba/msg': has 0700 should be 0755 
https://bbs.archlinux.org/viewtopic.php?id=202302 Samba doesn't start - Unregistered Authentication Agent f...

# systemctl status smbd.service
Sep 10 13:44:21 fujitsu systemd[1]: smbd.service: Control process exited, code=exited status=1

# systemctl status nmbd.service
Sep 10 13:45:14 fujitsu nmbd[2169]: invalid permissions on directory '/var/cache/samba/msg': has 0700 should be 0755

Bug 1:
smbd won't start but smdb doesn't report the problem. The problem is reported by nmdb. If smdb won't start because of nmbd, smdb needs to report the error. Blaming nmbd would be sufficient.

Bug 2:
nmbd 4.2.3 requires chmod 700 'msg'. nmbd 4.3.0 requires chmod 755 'msg'. Downgrading back to 4.2.3 requires chmod 700 'msg'. While this can be fixed in the Arch Linux installer, a deliberate change that shuts down Samba servers on upgrade and reboot needs to be handled transparently by nmbd.

Bug 3:
Why isn't this change in the Release Notes for Samba 4.3.0, September 8, 2015?
Comment 1 Stefan Metzmacher 2015-09-16 10:29:13 UTC
Ok, what happened is this:

In 4.2 we used

${LOCKDIR}/lck (0755) for lock files
and 
${LOCKDIR}/msg (0700) for sockets

In 4.3 and master we use

${LOCKDIR}/msg (0755) for lock files
and
${PRIVATEDIR}/msg (0700) for sockets

This can we fixed either in init scripts, with something like this:
for 4.3:
find "${SAMBA_LOCKDIR}/msg" -maxdepth 0 -type d -perm 0700 -exec rm -r {}  +
for 4.2:
find "${SAMBA_LOCKDIR}/msg" -maxdepth 0 -type d -perm 0755 -exec rm -r {}  +

Or we change the source code to use ${LOCKDIR}/msg.lck (0755) for lock files
in order to avoid the conflict with older versions.

Volker, do you think a change from ${LOCKDIR}/msg to
${LOCKDIR}/msg.lck makes sense?
Comment 2 Stefan Metzmacher 2015-09-16 10:32:22 UTC
(In reply to Stefan Metzmacher from comment #1)

It's ${PRIVATEDIR}/sock (0700) instead of ${PRIVATEDIR}/msg in 4.3 and master...
Comment 3 Stefan Metzmacher 2015-09-16 10:37:07 UTC
(In reply to Stefan Metzmacher from comment #2)

So a change to ${LOCKDIR}/msg.lock and ${PRIVATEDIR}/msg.sock might
more logical...
Comment 4 Stefan Metzmacher 2015-09-16 10:38:50 UTC
(In reply to Stefan Metzmacher from comment #3)

Or ${LOCKDIR}/msg.pub and ${PRIVATEDIR}/msg.priv
Comment 5 Volker Lendecke 2015-09-16 10:42:45 UTC
(In reply to Stefan Metzmacher from comment #4)

I like the msg.lock and msg.sock better, but I'm not fixed on the names at all. Whatever makes sense to you
Comment 6 Volker Lendecke 2015-09-16 10:43:13 UTC
(In reply to Volker Lendecke from comment #5)

By the way, I'd rather keep them really short, we have a 108 char (or less) size limit
Comment 7 Stefan Metzmacher 2015-09-16 10:59:11 UTC
Created attachment 11443 [details]
Possible patches for master

This implements ${LOCKDIR}/msg.lock and ${PRIVATEDIR}/msg.sock
Comment 8 Stefan Metzmacher 2015-09-17 14:43:01 UTC
Created attachment 11447 [details]
Patches for v4-3-test
Comment 9 Karolin Seeger 2015-10-05 07:09:38 UTC
(In reply to Stefan Metzmacher from comment #8)
Pushed to autobuild-v4-3-test.
Comment 10 Karolin Seeger 2015-10-12 18:52:19 UTC
(In reply to Karolin Seeger from comment #9)
Pushed to v4-3-test.
Closing out bug report.

Thanks!