Samba via inetd, not a good idea?

To: debian-user@lists.debian.org
Subject: Samba via inetd, not a good idea?
From: Olaf Meeuwissen <olaf@epkowa.co.jp>
Date: 24 Aug 2000 12:38:56 +0900
Message-id: <87d7iz5nvz.fsf@epkowa.co.jp>

Dear all,

I set up Samba to run via inetd (and through tcpd) so I coud easily
control host access (default deny-all policy). This sounds worse than
it actually is: all you have to do is run `sambaconfig' and hit `i'.
Everything will be taken care of except the deny-all policy. This is
trivial: just put `ALL : ALL' in `/etc/hosts.deny' and you're done.

This setup works fine except for the fact that `nmbd' has a tendency
to start looping which creates tons of messages in `/var/log/nmb',
`/var/log/daemon.log*' and `/var/log/syslog*'. Typical entries look
like

Aug 23 16:03:08 bilbo nmbd[5346]: connect from 172.16.x.y
Aug 23 16:03:08 bilbo inetd[5328]: /usr/sbin/tcpd: exit status 0x1

for daemon.log and syslog.

This repeats for a bit with only the `nmbd' process ID changing until
`inetd' gets sick of it and says

Aug 23 16:03:08 bilbo inetd[5328]: netbios-ns/udp server failing (looping), service terminated

The entries in `/var/log/nmb' say

[2000/08/23 16:03:08, 1] nmbd/nmbd.c: main(757)
Netbios nameserver version 2.0.7 started.
Copyright Andrew Tridgell 1994-1998
[2000/08/23 16:03:08, 0] lib/pidfile.c:pidfile_create(86)
ERROR: nmbd is already running. File /var/samba/nmbd.pid exists and process id 5346 is running.

This happens for a variety of IP addresses and some of these have at
some points in time successfully established connections via `smbd'.

Apparently, `nmbd' stays around for a bit after `inetd' starts it, but
I don't quite understand why the looping occurs. Anyways, I found
that `smb.conf' supports `hosts deny' and `hosts allow' keywords with
the same syntax as used for `/etc/hosts.deny' and `/etc/hosts.allow'.

So I figured I'd better run as daemons instead of from `inetd' and
added something like this to the `[global]' section of my `smb.conf'

hosts deny = ALL EXCEPT localhost # deny-all policy
hosts allow = 172.16. # private class B network

and ran `sambaconfig' again. So far, so good. I haven't seen any
looping in the last few hours. Uh, after starting it with the `-a'
flag (already filed a bug report about this).

All in all, it looks like running Samba from `inetd' is not such a
good idea.
--
Olaf Meeuwissen Epson Kowa Corporation, Research and Development

Reply to:

Prev by Date: Re: xconsole
Next by Date: Re: PLEASE: standard package README file/orientation
Previous by thread: RE: Latop to Desktop ethernet
Next by thread: Blew my /etc/xmcd dir
Index(es):
- Date
- Thread