Bug 8511 - net usershare tries to access the registry tdb and must fail
net usershare tries to access the registry tdb and must fail
Status: ASSIGNED
Product: Samba 3.6
Classification: Unclassified
Component: Client Tools
3.6.0
All All
: P5 normal
: ---
Assigned To: Jeremy Allison
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-10-07 13:32 UTC by Lars Müller
Modified: 2011-10-07 19:12 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Lars Müller 2011-10-07 13:32:58 UTC
This fails as registry.tdb is created with 0600 permissions.

lmuelle@giles:~> net usershare list 
Failed to initialize the registry: WERR_ACCESS_DENIED
lmuelle@giles:~> echo $?
0

giles:~ # net usershare list
fonts
Comment 1 Lars Müller 2011-10-07 14:06:02 UTC
The first net call is performed as non root user while the second as root.
Comment 2 Jeremy Allison 2011-10-07 19:05:07 UTC
It's not just "net usershare list", as soon as "registry shares = yes" is set in the smb.conf, commands like bin/testparm -s -v fail also :

bin/testparm -s -v | grep registry
Load smb config files from /usr/local/samba3.6/lib/smb.conf
Processing section "[forcesec]"
Processing section "[homes]"
Processing section "[jeremy]"
Processing section "[space]"
Processing section "[space1]"
Processing section "[tmp]"
Processing section "[tmp1]"
Processing section "[printers]"
Processing section "[print$]"
tdb(unnamed): tdb_open_ex: could not open file /usr/local/samba3.6/var/locks/registry.tdb: Permission denied
tdb(unnamed): tdb_open_ex: could not open file /usr/local/samba3.6/var/locks/registry.tdb: Permission denied
regdb_init: Failed to open registry /usr/local/samba3.6/var/locks/registry.tdb (Permission denied)
Failed to initialize the registry: WERR_ACCESS_DENIED
error initializing registry configuration: SBC_ERR_BADFILE
Error loading services.
Comment 3 Jeremy Allison 2011-10-07 19:12:44 UTC
Adding Michael Adams - we need to discuss the correct fix for this.

We need read-only access to parts of the registry, but not all I think (aren't there some secrets stored in registry.tdb ?).

Jeremy.