Bug 6252 - create_local_private_krb5_conf_for_domain can fail if not root
create_local_private_krb5_conf_for_domain can fail if not root
Status: NEW
Product: Samba 3.3
Classification: Unclassified
Component: Client tools
3.3.2
x86 Linux
: P3 minor
: ---
Assigned To: Guenther Deschner
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-04-08 05:05 UTC by Blindauer Emmanuel
Modified: 2015-03-26 14:02 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Blindauer Emmanuel 2009-04-08 05:05:38 UTC
I use "net ads" often to get some informations against a 2003 AD. I use Kerberos mainly for such operations.
With 3.3 release, there are some warnings which come up, because the code think it is running as root, but in some situations, for example as user with admin ticket, or when no tickets are present, this isn't the case


$ LC_ALL=C net ads info
[2009/04/08 12:02:06,  0] libads/kerberos.c:create_local_private_krb5_conf_for_domain(914)
  create_local_private_krb5_conf_for_domain: smb_mkstemp failed, for file /var/cache/samba/smb_tmp_krb5.FBpr5C. Errno Permission denied
[2009/04/08 12:02:06,  0] libads/kerberos.c:create_local_private_krb5_conf_for_domain(914)
  create_local_private_krb5_conf_for_domain: smb_mkstemp failed, for file /var/cache/samba/smb_tmp_krb5.mWR6b1. Errno Permission denied
LDAP server: 130.......

If I add a stickybit on /var/cache/samba to allow the creation of the temporary file:

$ LC_ALL=C net ads info
[2009/04/08 12:03:15,  0] libads/kerberos.c:create_local_private_krb5_conf_for_domain(950)
  create_local_private_krb5_conf_for_domain: rename of /var/cache/samba/smb_tmp_krb5.5TA6ut to /var/cache/samba/smb_krb5/krb5.conf.DPTINFO failed. Errno Operation not permitted
[2009/04/08 12:03:15,  0] libads/kerberos.c:create_local_private_krb5_conf_for_domain(950)
  create_local_private_krb5_conf_for_domain: rename of /var/cache/samba/smb_tmp_krb5.NN4Peh to /var/cache/samba/smb_krb5/krb5.conf.DPTINFO failed. Errno Operation not permitted
LDAP server: 130....

 /var/cache/samba/smb_krb5/krb5.conf.DPTINFO belongs to root (and the content is up to date)
Comment 1 devurandom 2015-03-26 14:00:59 UTC
Same issue here. Is a workaround or fix for this known?

$ net user add test
create_local_private_krb5_conf_for_domain: smb_mkstemp failed, for file /var/run/samba/smb_tmp_krb5.pTujCV. Errno Permission denied
create_local_private_krb5_conf_for_domain: smb_mkstemp failed, for file /var/run/samba/smb_tmp_krb5.Csqnrk. Errno Permission denied
Could not add user test: No such object
Comment 2 devurandom 2015-03-26 14:02:48 UTC
(In reply to devurandom from comment #1)
> Could not add user test: No such object

This line was a mistake of mine. The rest is still valid.