Samba behavior differences between base system and NanoBSD

G

GrosMatou

Hello,
I have a NanoBSD server (compiled with 12.2 sources) with samba410.
I cannot connect as non root user on the shares. It throws the following error
Code: 
[2020/11/04 15:43:37.679714,  0] ../../source3/smbd/uid.c:448(change_to_user_internal)
  change_to_user_internal: chdir_current_service() failed!

User as been added to samba database using smbpasswd.

Config is as follow:
Code: 
[global]
        workgroup = WORKGROUP
        netbios name = NAS
        map to guest = Bad User

[tank]
        path = /tank
        read only = yes
        guest ok = yes

However, when making a jail on the same machine, and installing samba in said jail, it actually IS working.
It is also working when adding root user to samba database on the nanobsd machine; while it "solve" the problem, i would rather avoid doing that.
There should be no difference between the 2 setups (except the obvious IP address).

Any idea on how to debug/solve this problem ?
Thanks
 
Code: 
root@birmanfraisier:/bin # cd /
root@birmanfraisier:/ # find {bin,sbin,lib,usr/bin,usr/sbin,usr/lib} -exec stat -f "%Sp %Su %Sg %N" {} \; | sort > /tmp/orig
root@birmanfraisier:/ # cd /tank/jails/tesuto/
root@birmanfraisier:/tank/jails/tesuto # find {bin,sbin,lib,usr/bin,usr/sbin,usr/lib} -exec stat -f "%Sp %Su %Sg %N" {} \; | sort > /tmp/jail
root@birmanfraisier:/ # diff /tmp/orig /tmp/jail
This reveal that the base system has:
- Extra debug lib (Trimmed in the output)
- Some links have perm 700 on base sys, 755 in jail (see attached document)

What should be the correct perms on these files ? Please do note that they have been created with these perms by the nanobsd build script, so i assume there is a reason for that ?
I'll try to rebuild/edit the second image of the install to see if this changes anything.
 

Attachments

I didn't look into the samba source itself, just guessing on "change_to_user_internal: chdir_current_service() failed!" error message you get that samba can't chdir into the /tank itself, so what are the permissions on /tank and is it ok to use as a share root? What is the share root in jail and what are the permissions on it?
 
User is owner of /tank, with perm 755, so it should be ok. Changing the path to a user:nogroup 777 dir lead to the same consequences.

What do you mean by the share root ? Using the root user as a samba user ? It's absolutely not ok, that's why I'm trying to make it work as regular user. It's just extra information, with that we know that the binaries are (partially at least) functional.

I rebuilded the OS and upgraded samba410 to samba413 (410 end of life is in 3 days...). No changes whatsoever.
 
Ok I managed to "solve" the problem. The missing permission was on /, which was 700. Setting it to 755 changes the error message from samba to a more intelligible one :
Code: 
[2020/11/12 14:58:09.707764,  0] ../../source3/smbd/service.c:169(chdir_current_service)
  chdir_current_service: vfs_ChDir(/var/tmp) failed: Permission denied. Current token: uid=1001, gid=0, 1 groups:
Then, changing the permissions on /var to 755 (700 prior) solve the problem.

The question now is "why ?". Why is the system generated with such permissions ? Is it expected ? Can anyone using nanobsd confirm that this is the normal beahavior ?
If this is the normal behavior, what is the reason for this change, compared to base system ?
 
You must log in or register to reply here.
Back
Top