Re: [squid-users] winbind directories permissions issue from Amos Jeffries on 2008-12-15 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 16 Dec 2008 01:31:45 +1300

vincent.blondel_at_ing.be wrote:
> ...
> Amos
>
> I made some cut from our previous posts to avoid any confusion.
>
>>
>> Sorry I haven't had much to do with winbind than we have already tried.
>> you are the first I've seen where these fixes have not worked.
>>
>> Can you get a full "ls -la" trace of the directory content and
> permissions
>> at a time where it's working, and one where its not? Also a list of the
>> squid user name and the groups names it belongs to.
>>
>
> $ egrep 'squid|winbin' /etc/passwd /etc/group
> /etc/passwd:squid:x:1560:1560:SQUID user:/home/SQUID:/bin/ksh
> /etc/group:squidg::1560:
> /etc/group:winbind::2222:squid
>
> Below what happended on one of my machine .. sbepskdd.
>
> some minutes before the bug occured ..
>
> $ ls -nai /var/lib/samba
> total 121612
> 162445 drwxr-x--- 5 0 2222 512 Dec 15 04:14 .
> 330886 drwxr-xr-x 5 0 0 512 Nov 17 19:39 ..
> 162448 -rw-r----- 1 0 2222 8192 Dec 15 04:14
> gencache.tdb
> 162450 -rw-r----- 1 0 2222 696 Nov 17 19:39
> idmap_cache.tdb
> 168469 drwxr-x--- 4 0 2222 512 Nov 17 19:39 locks
> 162451 -rw-r----- 1 0 2222 8192 Dec 14 22:06
> messages.tdb
> 162454 -rw-r----- 1 0 2222 62144512 Dec 15 08:41
> netsamlogon_cache.tdb
> 54155 drwxr-x--- 2 0 2222 512 Dec 15 04:14
> smb_krb5
> 162453 -rw------- 1 0 0 57344 Nov 25 06:49
> winbindd_cache.tdb
> 451222 drwxr-x--- 2 0 2222 512 Nov 25 06:47
> winbindd_privileged
>
> $ ls -nai /var/lib/samba/winbindd_privileged
> total 4
> 451222 drwxr-x--- 2 0 2222 512 Nov 25 06:47 .
> 162445 drwxr-x--- 5 0 2222 512 Dec 15 04:14 ..
> 451223 srwxrwxrwx 1 0 0 0 Nov 25 06:47 pipe
>
> when SQUID is still running but the bug is happening ..
>
> $ ls -nai /var/lib/samba
> total 122140
> 162445 drwxr-x--- 5 0 2222 512 Dec 15 04:14 .
> 330886 drwxr-xr-x 5 0 0 512 Nov 17 19:39 ..
> 162448 -rw-r----- 1 0 2222 8192 Dec 15 04:14
> gencache.tdb
> 162450 -rw-r----- 1 0 2222 696 Nov 17 19:39
> idmap_cache.tdb
> 168469 drwxr-x--- 4 0 2222 512 Nov 17 19:39 locks
> 162451 -rw-r----- 1 0 2222 8192 Dec 14 22:06
> messages.tdb
> 162454 -rw-r----- 1 0 2222 62414848 Dec 15 10:04
> netsamlogon_cache.tdb
> 54155 drwxr-x--- 2 0 2222 512 Dec 15 04:14
> smb_krb5
> 162453 -rw------- 1 0 0 57344 Nov 25 06:49
> winbindd_cache.tdb
> 451222 drwxr-x--- 2 0 2222 512 Nov 25 06:47
> winbindd_privileged
>
> $ ls -nai /var/lib/samba/winbindd_privileged
> total 4
> 451222 drwxr-x--- 2 0 2222 512 Nov 25 06:47 .
> 162445 drwxr-x--- 5 0 2222 512 Dec 15 04:14 ..
> 451223 srwxrwxrwx 1 0 0 0 Nov 25 06:47 pipe
>
> just after restart of SQUID process ..
>
> $ ls -nai /var/lib/samba
> total 122140
> 162445 drwxr-x--- 5 0 2222 512 Dec 15 04:14 .
> 330886 drwxr-xr-x 5 0 0 512 Nov 17 19:39 ..
> 162448 -rw-r----- 1 0 2222 8192 Dec 15 04:14
> gencache.tdb
> 162450 -rw-r----- 1 0 2222 696 Nov 17 19:39
> idmap_cache.tdb
> 168469 drwxr-x--- 4 0 2222 512 Nov 17 19:39 locks
> 162451 -rw-r----- 1 0 2222 8192 Dec 14 22:06
> messages.tdb
> 162454 -rw-r----- 1 0 2222 62414848 Dec 15 10:04
> netsamlogon_cache.tdb
> 54155 drwxr-x--- 2 0 2222 512 Dec 15 04:14
> smb_krb5
> 162453 -rw------- 1 0 0 57344 Nov 25 06:49
> winbindd_cache.tdb
> 451222 drwxr-x--- 2 0 2222 512 Nov 25 06:47
> winbindd_privileged
>
> $ ls -nai /var/lib/samba/winbindd_privileged
> total 4
> 451222 drwxr-x--- 2 0 2222 512 Nov 25 06:47 .
> 162445 drwxr-x--- 5 0 2222 512 Dec 15 04:14 ..
> 451223 srwxrwxrwx 1 0 0 0 Nov 25 06:47 pipe
>
> Now another notice, I made a change last tuesday on another SQUID server
> and this seems working almost one week ..
>
> $ ls -nai /var/lib/samba
> total 78156
> 342924 drwxr-xr-x 5 0 2222 512 Dec 15 04:22 .
> 66177 drwxr-xr-x 5 0 0 512 Nov 18 01:34 ..
> 342930 -rw-r--r-- 1 0 2222 8192 Dec 15 04:22
> gencache.tdb
> 342932 -rw-r--r-- 1 0 2222 696 Nov 18 01:34
> idmap_cache.tdb
> 354946 drwxr-xr-x 4 0 2222 512 Nov 18 01:34 locks
> 342933 -rw-r--r-- 1 0 2222 8192 Dec 13 22:06
> messages.tdb
> 342936 -rw-r--r-- 1 0 2222 39903232 Dec 15 10:20
> netsamlogon_cache.tdb
> 222599 drwxr-xr-x 2 0 2222 512 Dec 15 04:22
> smb_krb5
> 342934 -rw------- 1 0 0 57344 Dec 9 10:44
> winbindd_cache.tdb
> 138380 drwxr-x--- 2 0 2222 512 Dec 9 10:39
> winbindd_privileged
>
> $ ls -nai /var/lib/samba/winbindd_privileged
> total 4
> 138380 drwxr-x--- 2 0 2222 512 Dec 9 10:39 .
> 342924 drwxr-xr-x 5 0 2222 512 Dec 15 04:22 ..
> 138381 srwxrwxrwx 1 0 0 0 Dec 9 10:39 pipe
>
> I do not understand anything, maybe situation is more clear for you ..
>
> Hope some good news from you ..
>

Sigh, oh dear. sorry no good news. Nothing visible in that trace. I was
hoping it would be clear like squid or winbind setting one of the
privileges to root when it shouldn't.

You said earlier "process squid is running as user squid and group
squidg so afaik permissions below are correct .."

You did mean squid starts as root and then sets itself to
"cache_effective_user squid" and user squid is a member of group squidg,
right?

>
>> This will be needed by anyone who may be more able to help.
>>
>>

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10
   Current Beta Squid 3.1.0.3 or 3.0.STABLE11-RC1

Received on Mon Dec 15 2008 - 12:31:49 MST

This archive was generated by hypermail 2.2.0 : Tue Dec 16 2008 - 12:00:01 MST