Re: [zones-discuss] Starting Samba in Open Solaris Non Global Zone
>The integrated CIFS server project made running a server >on port 445 (which CIFS uses) a privileged operation - the >process needs to have PRIV_SYS_SMB (see privileges(5)). >Samba knows how to operate with this privilege, but the >privilege is not in the default set that is considered >safe in a zone. You can adjust the zone config to get >this to work - here's an example: Unfortunately, that change was made incompatibly. Whenever you change the privilege needed for a particular operation, you generally should check for the old privilege also. PRIV_SYS_SMB is also used to allow starting the in-kernel CIFS server but the kernel should allow processes with PRIV_NET_PRIVADDR to bind to the CIFS ports. The code says: /* * NBT and SMB ports, these are extra privileged ports, * allow bind only if the SYS_SMB privilege is present. */ but clearly the NBT and SMB ports are NOT extra privileged ports as they're all < 1024. Casper ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Starting Samba in Open Solaris Non Global Zone
Wes Mauer wrote: OpenSolaris 0609. I've managed to get Samba installed in a non global zone, but it will not start. If you truss smbd, I expect that this is failing due to a missing privilege: # truss -f /usr/sfw/sbin/smbd ... 15231: so_socket(PF_INET, SOCK_STREAM, IPPROTO_IP, 0x, SOV_DEFAULT) = 1 9 15231: setsockopt(19, SOL_SOCKET, SO_REUSEADDR, 0xFFBFE86C, 4, SOV_DEFAULT) = 0 15231: bind(19, 0xFFBFE870, 16, SOV_SOCKBSD) Err#13 EACCES [sys_smb] The integrated CIFS server project made running a server on port 445 (which CIFS uses) a privileged operation - the process needs to have PRIV_SYS_SMB (see privileges(5)). Samba knows how to operate with this privilege, but the privilege is not in the default set that is considered safe in a zone. You can adjust the zone config to get this to work - here's an example: # zonecfg -z internal zonecfg:internal> info limitpriv limitpriv: default,file_downgrade_sl,file_upgrade_sl,sys_trans_label,win_colormap,win_config,win_dac_read,win_dac_write,win_devices,win_fontpath,win_mac_read,win_mac_write,win_selection zonecfg:internal> set limitpriv=default,file_downgrade_sl,file_upgrade_sl,sys_trans_label,win_colormap,win_config,win_dac_read,win_dac_write,win_devices,win_fontpath,win_mac_read,win_mac_write,win_selection,sys_smb zonecfg:internal> info limitpriv limitpriv: default,file_downgrade_sl,file_upgrade_sl,sys_trans_label,win_colormap,win_config,win_dac_read,win_dac_write,win_devices,win_fontpath,win_mac_read,win_mac_write,win_selection,sys_smb Rob T ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Starting Samba in Open Solaris Non Global Zone
Wes Do you have /var (or some part of the /var/samba/locks/s... tree) mounted read only? Trevor Wes Mauer wrote: OpenSolaris 0609. I've managed to get Samba installed in a non global zone, but it will not start. When I run svcadm enable samba, I get the following message: r...@zone1:~# Aug 15 00:37:09 zone1 svc.startd[2938]: network/samba:default failed: transitioned to maintenance (see 'svcs -xv' for details) Here is the output of svcs -xv: svc:/network/samba:default (SMB file server) State: maintenance since Sat Aug 15 00:37:09 2009 Reason: Method failed repeatedly. See: http://sun.com/msg/SMF-8000-8Q See: man -M /usr/sfw/man -s 1m smbd See: man -M /usr/sfw/man -s 4 smb.conf See: /var/svc/log/network-samba:default.log Impact: This service is not running. Here is /var/svc/log/network-samba:default.log: [ Aug 15 00:03:08 Enabled. ] [ Aug 15 00:03:25 Executing start method ("/usr/sfw/sbin/smbd -D"). ] [ Aug 15 00:03:29 Method "start" exited with status 0. ] [ Aug 15 00:03:29 Stopping because all processes in service exited. ] bd.pid`"). ]03:29 Executing stop method ("/usr/bin/kill `cat /var/samba/locks/sm kill: 3038: no such process [ Aug 15 00:03:30 Method "stop" exited with status 1. ] bd.pid`"). ]03:31 Executing stop method ("/usr/bin/kill `cat /var/samba/locks/sm kill: 3038: no such process [ Aug 15 00:03:32 Method "stop" exited with status 1. ] Any help would be greatly appreciated. === www.eagle.co.nz This email is confidential and may be legally privileged. If received in error please destroy and immediately notify us. ___ zones-discuss mailing list zones-discuss@opensolaris.org
[zones-discuss] Starting Samba in Open Solaris Non Global Zone
OpenSolaris 0609. I've managed to get Samba installed in a non global zone, but it will not start. When I run svcadm enable samba, I get the following message: r...@zone1:~# Aug 15 00:37:09 zone1 svc.startd[2938]: network/samba:default failed: transitioned to maintenance (see 'svcs -xv' for details) Here is the output of svcs -xv: svc:/network/samba:default (SMB file server) State: maintenance since Sat Aug 15 00:37:09 2009 Reason: Method failed repeatedly. See: http://sun.com/msg/SMF-8000-8Q See: man -M /usr/sfw/man -s 1m smbd See: man -M /usr/sfw/man -s 4 smb.conf See: /var/svc/log/network-samba:default.log Impact: This service is not running. Here is /var/svc/log/network-samba:default.log: [ Aug 15 00:03:08 Enabled. ] [ Aug 15 00:03:25 Executing start method ("/usr/sfw/sbin/smbd -D"). ] [ Aug 15 00:03:29 Method "start" exited with status 0. ] [ Aug 15 00:03:29 Stopping because all processes in service exited. ] bd.pid`"). ]03:29 Executing stop method ("/usr/bin/kill `cat /var/samba/locks/sm kill: 3038: no such process [ Aug 15 00:03:30 Method "stop" exited with status 1. ] bd.pid`"). ]03:31 Executing stop method ("/usr/bin/kill `cat /var/samba/locks/sm kill: 3038: no such process [ Aug 15 00:03:32 Method "stop" exited with status 1. ] Any help would be greatly appreciated. -- This message posted from opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org