Bug 5987 - smbd refuses connection when abiding to pam_mktemp
Summary: smbd refuses connection when abiding to pam_mktemp
Status: RESOLVED INVALID
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: File Services (show other bugs)
Version: 3.0.14a
Hardware: Other Linux
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-12-21 20:01 UTC by Diego Pettenò
Modified: 2021-01-04 17:01 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Diego Pettenò 2008-12-21 20:01:46 UTC 
In Gentoo there's optional support for using pam_mktemp[1] to restrict access to the per-user temporary files; this module sets TMPDIR to a private /tmp/.private/$USER directory which is not accessible by other users.

Unfortunately this seems to clash with samba since after setting it up it does not respond to connections any longer, and instead logs this:

Dec 21 23:37:03 [smbd] [2008/12/21 23:37:03, 0] smbd/service.c:set_current_service(184)_
Dec 21 23:37:03 [smbd] chdir (/tmp/.private/nobody) failed_

I'm not sure where to start to debug, but if somebody can at least give me some pointers I can try to do my best to arrive at a solution.

[1] http://www.openwall.com/pam/
Comment 1 Diego Pettenò 2008-12-23 11:03:46 UTC 
Seems like looking a bit further into this the problem is that the PAM session chain is not fully executed (and the environment set) when the user is switched during authentication.

Without this, TMPDIR still refers to nobody's user rather than the current logged-in user, which will fail since the private temporary directories are not accessible by other users (this is where the mitigation enters the game).
Comment 2 Björn Jacke 2021-01-04 17:01:38 UTC 
this doesn't look like a samba issue but more like a pam setup problem, did you manage to solve it?