Winbind upstart script uses incorrect path to winbindd_privileged

Bug #1330220 reported by Arran Cudbard-bell on 2014-06-15
24
This bug affects 5 people
Affects Status Importance Assigned to Milestone
samba (Ubuntu)
Undecided
Unassigned

Bug Description

Description: Ubuntu 14.04 LTS
Release: 14.04

winbind:
  Installed: 2:4.1.6+dfsg-1ubuntu2.14.04.1
  Candidate: 2:4.1.6+dfsg-1ubuntu2.14.04.1
  Version table:
 *** 2:4.1.6+dfsg-1ubuntu2.14.04.1 0
        500 http://be.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages
        100 /var/lib/dpkg/status
     2:4.1.6+dfsg-1ubuntu2 0
        500 http://be.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages

Upstart script seems to think winbindd_privileged lives in /var/run/samba, but it in fact lives in /var/lib/samba by default.

This may have changed in an upstream samba release.

Error in upstart script masks issue by creating winbindd_privileged directory in the wrong place, and then fails to correct the permissions on the actual winbindd_privileged directory, so users that are members of winbindd_priv can't access the socket.

/etc/init/samba:
pre-start script
        test -x /usr/sbin/winbindd || exit 0
        mkdir -p /var/run/samba/winbindd_privileged
        chgrp winbindd_priv /var/run/samba/winbindd_privileged
        chmod 0750 /var/run/samba/winbindd_privileged
end script

should be changed to

pre-start script
        test -x /usr/sbin/winbindd || exit 0
        mkdir -p /var/lib/samba/winbindd_privileged
        chgrp winbindd_priv /var/lib/samba/winbindd_privileged
        chmod 0750 /var/lib/samba/winbindd_privileged
end script

Official documentation states http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html:
winbindd privileged socket directory (G)

This setting controls the location of the winbind daemon's privileged socket.

Default: winbindd privileged socket directory = $prefix/lib/winbindd_privileged

Default is definitely /var/lib.

Package's smb.conf does not set winbindd privileged socket directory nor has it ever AFAIK.

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in samba (Ubuntu):
status: New → Confirmed
Martin Vogt (dekkart) wrote :

bug still valid for
2:4.1.6+dfsg-1ubuntu2.14.04.2

Philippe Clérié (pclerie) wrote :

Still valid for Xenial.

I lost several hours chasing ghosts before I found that little problem.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers