On 05/07/2013 03:25 PM, Andrew Bartlett wrote: > On Mon, 2013-05-06 at 17:15 +0200, Michael De Groote wrote: >> Hi all >> >> Recently i noticed that upon starting the samba4 'samba' daemon, that it >> changes the group ownership of the socket for ntpd to *staff* >> >> $ls -l /usr/local/samba/var/lib/ntp_signd/ >> total 0 >> srwxrwxrwx 1 root *staff* 0 May 6 16:35 socket >> >> >> The documentation says it needs to be *ntp*.... >> >> (FYI: i'm running this on debian wheezy) >> >> I have just added ntp to group staff, but that seems like a workaround... > > I don't know why this is happening. I've examined the code, and it does > not change the group ID, it only creates the directory, forcing the uid. > > Indeed, the same code is using for the winbind privileged pipe, which is > likewise deliberately designed so that you can set the group to a > specific group for use by squid et al. In this case the group is meant > to be 'ntp' to allow only NTP access to the pipe.
Could this be a namespace overlap? Perhaps the directory has the correct GID, but when Samba spins up the lookup for GID->name goes through it, and something samba is attached to already has a mapping for that GID. (I find it very odd to see asterisks around the group name in ls's output, too...)
signature.asc
Description: OpenPGP digital signature
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba