Bug 757 - compound root preexec generates error log loop
compound root preexec generates error log loop
Product: Samba 2.2
Classification: Unclassified
Component: Config Files
All Linux
: P3 normal
: ---
Assigned To: Gerald (Jerry) Carter
Depends on:
  Show dependency treegraph
Reported: 2003-11-11 14:48 UTC by Chris Cowsley
Modified: 2005-11-14 09:27 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Chris Cowsley 2003-11-11 14:48:46 UTC
A large compound root preexec command successfully used for some years caused 
an 'instant' lockup on a new Mandrake 9.2RC2 server build.

The problem was traced to no free space in the 5Gb /var partition, with the 
SAMBA client's error log and a couple of other logs each at 1.6Gb.  Deleting 
the three logs resulted in a df report of a few hundred k of genuine log, but  
zero free space, total 5Gb(!)  (File system problem, Samba log writing, or 

As a non-guru I could only release the system by causing an 'unexpected' power 
down followed by a file system repair at boot-up.  This restored the free space.

Putting the complex command into its own shell script and using root preexec to 
call it solved the problem.

The offending preexex (and its coplementary postexec, also now in a script of 
its own) follow:

   root preexec = \
   (grep ", %U, %G, o" /home/supervisors/samba.csv | tail -1 | grep ", on-," \
&& (echo %U is already logged on $'\15'> /home/%U/log.bat     \
 &  echo %T, %I, %m, %d, %U, %G, no-, %a $'\15' \
>> /home/supervisors/samba.csv))\
 || (echo $'\15' > /home/%U/log.bat   \
 &  echo %T, %I, %m, %d, %U, %G, on-, %a $'\15' >> /home/supervisors/samba.csv)

   root postexec = \
   (grep ", %d, %U, %G, o" /home/supervisors/samba.csv \
 |  tail -1 | grep ", on-," \
 &&  echo %T, %I, %m, %d, %U, %G, off, %a $'\15' \
 >>  /home/supervisors/samba.csv) \
 ||  echo %T, %I, %m, %d, %U, %G, ffo, %a $'\15' \
 >>  /home/supervisors/samba.csv
Comment 1 Gerald (Jerry) Carter 2003-11-13 06:42:18 UTC
Comments from mbp:

At first glance, you have DOS'd yourself, since the two commands you
quote have the potential to go into an infinite loop appending to and
reading from the file.  I'm not sure if that is what happened; I'd
need to see an excerpt from your logs.

The administrator being able to crash their own machine is not
normally a security bug.  (Or possibly not a bug at all.)
Comment 2 Gerald (Jerry) Carter 2003-11-13 06:42:45 UTC
Log excerpt from my test runs:

cmd=   (grep ", jerry, users, o" /tmp/samba.csv | tail -1 | grep ", on-," &&
(echo jerry is already logged on $'\15'> /home/queso/jerry/log.bat      &  echo
2003/11/13 08:37:17,, queso, 3368, jerry, users, no-, Samba $'\15'
>> /tmp/samba.csv)) || (echo $'\15' > /home/queso/jerry/log.bat    &  echo
2003/11/13 08:37:17,, queso, 3368, jerry, users, on-, Samba $'\15'
>> /tmp/samba.csv)
Comment 3 Gerald (Jerry) Carter 2005-11-14 09:27:26 UTC
database cleanup