[Pkg-samba-maint] r1778 - in branches/samba/experimental: . debian debian/patches
vorlon at alioth.debian.org
vorlon at alioth.debian.org
Mon Mar 24 08:07:33 UTC 2008
tags 451273 pending
tags 451385 pending
tags 346547 pending
tags 450738 pending
tags 443230 pending
tags 451272 pending
tags 451270 pending
tags 444054 pending
tags 449422 pending
thanks
Author: vorlon
Date: 2008-03-24 08:07:33 +0000 (Mon, 24 Mar 2008)
New Revision: 1778
Added:
branches/samba/experimental/debian/NEWS
branches/samba/experimental/debian/patches/chgpasswd.patch
branches/samba/experimental/debian/patches/get_global_sam_sid-non-root.patch
branches/samba/experimental/debian/patches/usershare.patch
Removed:
branches/samba/experimental/debian/patches/cups.patch
Modified:
branches/samba/experimental/
branches/samba/experimental/debian/
branches/samba/experimental/debian/changelog
branches/samba/experimental/debian/control
branches/samba/experimental/debian/control.in
branches/samba/experimental/debian/patches/series
branches/samba/experimental/debian/patches/smbstatus-locking.patch
branches/samba/experimental/debian/rules
branches/samba/experimental/debian/samba.init
branches/samba/experimental/debian/samba.postinst
branches/samba/experimental/debian/smb.conf
Log:
merge revisions 1529, 1546-1581 from trunk
Property changes on: branches/samba/experimental
___________________________________________________________________
Name: bzr:revision-info
+ timestamp: 2007-11-12 13:56:56.803999901 -0800
committer: Steve Langasek <steve.langasek at canonical.com>
properties:
branch-nick: samba.deb
Name: bzr:file-ids
+ debian/patches/usershare.patch usershare.patch-20071111022404-m4t5puq5wxrkqa1p-1
debian/patches/get_global_sam_sid-non-root.patch get_global_sam_sidno-20071111002251-yyz8h314qolu25gg-1
Name: bzr:ancestry:v3-single-trunk/samba
+ steve.langasek at canonical.com-20071112215434-sokj606u77gydqrn
Name: bzr:revision-id:v3-single-trunk/samba
+ 200 steve.langasek at canonical.com-20071112215656-njamfcu7ysajgohs
Property changes on: branches/samba/experimental/debian
___________________________________________________________________
Name: mergeWithUpstream
+ 1
Copied: branches/samba/experimental/debian/NEWS (from rev 1581, trunk/samba/debian/NEWS)
===================================================================
--- branches/samba/experimental/debian/NEWS (rev 0)
+++ branches/samba/experimental/debian/NEWS 2008-03-24 08:07:33 UTC (rev 1778)
@@ -0,0 +1,18 @@
+samba (3.0.26a-2) unstable; urgency=low
+
+ * Default printing system has changed from BSD to CUPS
+
+ Previous versions of this package were configured to use BSD lpr as the
+ default printing system. With this version of Samba, the default has
+ been changed to CUPS for consistency with the current default printer
+ handling in the rest of the system.
+
+ If you wish to continue using the BSD printing interface from Samba, you
+ will need to set "printing = bsd" manually in /etc/samba/smb.conf. If
+ you wish to use CUPS printing but have previously set any of the
+ "print command", "lpq command", or "lprm command" options in smb.conf,
+ you will want to remove these settings from your config. Otherwise, if
+ you have the cupsys package installed, Samba should begin to use it
+ automatically with no action on your part.
+
+ -- Steve Langasek <vorlon at debian.org> Wed, 14 Nov 2007 17:19:36 -0800
Modified: branches/samba/experimental/debian/changelog
===================================================================
--- branches/samba/experimental/debian/changelog 2008-03-24 04:07:52 UTC (rev 1777)
+++ branches/samba/experimental/debian/changelog 2008-03-24 08:07:33 UTC (rev 1778)
@@ -22,6 +22,61 @@
-- Christian Perrier <bubulle at debian.org> Wed, 05 Mar 2008 22:45:28 +0100
+samba (3.0.27-2) UNRELEASED; urgency=low
+
+ * Drop the deprecated "printer admin" example from the default smb.conf.
+ Closes: #451273.
+
+ -- Steve Langasek <vorlon at debian.org> Mon, 19 Nov 2007 12:57:26 -0800
+
+samba (3.0.27-1) unstable; urgency=low
+
+ * New upstream version
+ - fixes a remote code execution vulnerability when running nmbd as a
+ WINS server. (CVE-2007-5398; closes: #451385)
+ - fixes a buffer overflow in nmbd when running as a domain controller
+ during processing of GETDC logon server requests. (CVE-2007-4572)
+
+ [ Steve Langasek ]
+ * fhs.patch: net usershares should also be stored under /var/lib, not under
+ /var/run. No transition handling in maintainer scripts, since this
+ feature is not activated by default.
+ * get_global_sam_sid-non-root.patch: avoid calling get_global_sam_sid()
+ from smbpasswd -L or pam_smbpass when running as non-root, to avoid a
+ foreseeable panic. Closes: #346547, #450738.
+ * usershare.patch: enable "user shares" by default in the server with a
+ default limit of 100, to support user shares on both upgrades and new
+ installs with no need to munge config files. Thanks to Mathias Gug
+ <mathiaz at ubuntu.com> for the patch. Closes: #443230.
+ * On Ubuntu, support autopopulating the sambashare group using the existing
+ members of the admin group; no equivalent handling is done on Debian,
+ because there doesn't seem to be an appropriate template group we can use
+ that wouldn't be considered a privilege escalation for those users.
+ * Update Samba to explicitly use the C locale when doing password changes,
+ to account for Linux-PAM's recently adopted i18n support.
+ Closes: #451272.
+ * Enforce creation of the pid directory (/var/run/samba) in the samba
+ init script, for compatibility with systems that use a tmpfs for
+ /var/run. Closes: #451270.
+ * debian/patches/cups.patch, debian/NEWS: drop the patch to force bsd
+ as the default printing system, as CUPS is now the dominant/default
+ printing system for Linux.
+
+ [ Debconf translations ]
+ * Hebrew added. Closes: #444054
+
+ [ Christian Perrier ]
+ * Split fhs.patch into 3 separate patches to make upstream integration
+ easier:
+ - fhs-newpaths.patch: introduce new paths
+ - fhs-filespaths.patch: assign files to new paths
+ - fhs-assignpaths.patch: assign paths to FHS-compatible locations
+ * Compile with DNS update support. Thanks to Matthias Gug for
+ reporting and contributions from Launchpad's #156686
+ Closes: #449422
+
+ -- Steve Langasek <vorlon at debian.org> Thu, 15 Nov 2007 11:46:17 -0800
+
samba (3.2.0~pre1-1) experimental; urgency=low
* New upstream (pre-)release
Modified: branches/samba/experimental/debian/control
===================================================================
--- branches/samba/experimental/debian/control 2008-03-24 04:07:52 UTC (rev 1777)
+++ branches/samba/experimental/debian/control 2008-03-24 08:07:33 UTC (rev 1778)
@@ -3,13 +3,13 @@
Priority: optional
Maintainer: Debian Samba Maintainers <pkg-samba-maint at lists.alioth.debian.org>
Uploaders: Eloy A. Paris <peloy at debian.org>, Steve Langasek <vorlon at debian.org>, Christian Perrier <bubulle at debian.org>, Noèl Köthe <noel at debian.org>, Adam Conrad <adconrad at 0c3.net>, Peter Eisentraut <petere at debian.org>
-Build-Depends: debhelper (>= 5.0.37.2), libpam0g-dev, libreadline5-dev, libcupsys2-dev (>=1.1.20final+cvs20040330-4), libacl1-dev (>= 2.2.11-1) [alpha amd64 arm armeb armel hppa i386 ia64 lpia m32r m68k mips mipsel powerpc ppc64 s390 s390x sh3 sh3eb sh4 sh4eb sparc], libkrb5-dev, libldap2-dev, po-debconf, binutils (>= 2.14.90.0.7), type-handling (>= 0.2.1), libpopt-dev, dpkg-dev (>= 1.13.9), quilt (>= 0.40)
+Build-Depends: debhelper (>= 5.0.37.2), libpam0g-dev, libreadline5-dev, libcupsys2-dev (>=1.1.20final+cvs20040330-4), libacl1-dev (>= 2.2.11-1) [alpha amd64 arm armeb armel hppa i386 ia64 lpia m32r m68k mips mipsel powerpc ppc64 s390 s390x sh3 sh3eb sh4 sh4eb sparc], libkrb5-dev, libldap2-dev, po-debconf, binutils (>= 2.14.90.0.7), type-handling (>= 0.2.1), libpopt-dev, dpkg-dev (>= 1.13.9), quilt (>= 0.40), uuid-dev
Build-Conflicts: libfam-dev
Standards-Version: 3.7.2
Package: samba
Architecture: any
-Depends: samba-common (= ${binary:Version}), logrotate, ${shlibs:Depends}, ${misc:Depends}, libpam-runtime (>= 0.76-13.1), libpam-modules, lsb-base (>= 3.0-6), procps, update-inetd
+Depends: samba-common (= ${binary:Version}), logrotate, ${shlibs:Depends}, ${misc:Depends}, libpam-runtime (>= 0.76-13.1), libpam-modules, lsb-base (>= 3.0-6), procps, update-inetd, adduser
Recommends: smbldap-tools
Suggests: openbsd-inetd | inet-superserver
Replaces: samba-common (<= 2.0.5a-2)
Modified: branches/samba/experimental/debian/control.in
===================================================================
--- branches/samba/experimental/debian/control.in 2008-03-24 04:07:52 UTC (rev 1777)
+++ branches/samba/experimental/debian/control.in 2008-03-24 08:07:33 UTC (rev 1778)
@@ -3,13 +3,13 @@
Priority: optional
Maintainer: Debian Samba Maintainers <pkg-samba-maint at lists.alioth.debian.org>
Uploaders: Eloy A. Paris <peloy at debian.org>, Steve Langasek <vorlon at debian.org>, Christian Perrier <bubulle at debian.org>, Noèl Köthe <noel at debian.org>, Adam Conrad <adconrad at 0c3.net>, Peter Eisentraut <petere at debian.org>
-Build-Depends: debhelper (>= 5.0.37.2), libpam0g-dev, libreadline5-dev, libcupsys2-dev (>=1.1.20final+cvs20040330-4), libacl1-dev (>= 2.2.11-1) [@libacl@], libkrb5-dev, libldap2-dev, po-debconf, binutils (>= 2.14.90.0.7), type-handling (>= 0.2.1), libpopt-dev, dpkg-dev (>= 1.13.9), quilt (>= 0.40)
+Build-Depends: debhelper (>= 5.0.37.2), libpam0g-dev, libreadline5-dev, libcupsys2-dev (>=1.1.20final+cvs20040330-4), libacl1-dev (>= 2.2.11-1) [@libacl@], libkrb5-dev, libldap2-dev, po-debconf, binutils (>= 2.14.90.0.7), type-handling (>= 0.2.1), libpopt-dev, dpkg-dev (>= 1.13.9), quilt (>= 0.40), uuid-dev
Build-Conflicts: libfam-dev
Standards-Version: 3.7.2
Package: samba
Architecture: any
-Depends: samba-common (= ${binary:Version}), logrotate, ${shlibs:Depends}, ${misc:Depends}, libpam-runtime (>= 0.76-13.1), libpam-modules, lsb-base (>= 3.0-6), procps, update-inetd
+Depends: samba-common (= ${binary:Version}), logrotate, ${shlibs:Depends}, ${misc:Depends}, libpam-runtime (>= 0.76-13.1), libpam-modules, lsb-base (>= 3.0-6), procps, update-inetd, adduser
Recommends: smbldap-tools
Suggests: openbsd-inetd | inet-superserver
Replaces: samba-common (<= 2.0.5a-2)
Copied: branches/samba/experimental/debian/patches/chgpasswd.patch (from rev 1581, trunk/samba/debian/patches/chgpasswd.patch)
===================================================================
--- branches/samba/experimental/debian/patches/chgpasswd.patch (rev 0)
+++ branches/samba/experimental/debian/patches/chgpasswd.patch 2008-03-24 08:07:33 UTC (rev 1778)
@@ -0,0 +1,51 @@
+Goal: Recent versions of Linux-PAM support localization of user prompts,
+so Samba must use the C locale when invoking PAM (directly or via
+/usr/bin/passwd) to ensure that password chat values match the prompts in a
+locale-invariant fashion.
+
+Authors: Mathias Gug <mathiaz at ubuntu.com>,
+ Steve Langasek <vorlon at debian.org>
+
+Upstream status: submitted in bugzilla bug #5082
+
+Index: samba-3.0.26a/source/smbd/chgpasswd.c
+===================================================================
+--- samba-3.0.26a.orig/source/smbd/chgpasswd.c
++++ samba-3.0.26a/source/smbd/chgpasswd.c
+@@ -126,6 +126,7 @@
+ struct termios stermios;
+ gid_t gid;
+ uid_t uid;
++ char *eptrs[1] = { NULL };
+
+ if (pass == NULL)
+ {
+@@ -222,7 +223,7 @@
+ passwordprogram));
+
+ /* execl() password-change application */
+- if (execl("/bin/sh", "sh", "-c", passwordprogram, NULL) < 0)
++ if (execle("/bin/sh", "sh", "-c", passwordprogram, NULL, eptrs) < 0)
+ {
+ DEBUG(3, ("Bad status returned from %s\n", passwordprogram));
+ return (False);
+@@ -498,6 +499,9 @@
+ #ifdef WITH_PAM
+ if (lp_pam_password_change()) {
+ BOOL ret;
++#ifdef HAVE_SETLOCALE
++ char *prevlocale = setlocale(LC_MESSAGES, "C");
++#endif
+
+ if (as_root)
+ become_root();
+@@ -511,6 +515,9 @@
+ if (as_root)
+ unbecome_root();
+
++#ifdef HAVE_SETLOCALE
++ setlocale(LC_MESSAGES, prevlocale);
++#endif
+ return ret;
+ }
+ #endif
Deleted: branches/samba/experimental/debian/patches/cups.patch
===================================================================
--- branches/samba/experimental/debian/patches/cups.patch 2008-03-24 04:07:52 UTC (rev 1777)
+++ branches/samba/experimental/debian/patches/cups.patch 2008-03-24 08:07:33 UTC (rev 1778)
@@ -1,25 +0,0 @@
-Goal: Do not make CUPS the default printing system
-
-Fixes: ?
-
-Status wrt upstream: Debian specific
-
-Note: We need to decide whether it's still reasonable to use "printing=bsd"
- as a default. Probably provide a debconf-supported way to upgrade
-
-Index: samba-3.0.25c/source/include/includes.h
-===================================================================
---- samba-3.0.25c.orig/source/include/includes.h 2007-08-26 13:07:03.425508276 +0200
-+++ samba-3.0.25c/source/include/includes.h 2007-08-26 13:08:58.419896656 +0200
-@@ -811,10 +811,7 @@
- #endif
-
- #ifndef DEFAULT_PRINTING
--#ifdef HAVE_CUPS
--#define DEFAULT_PRINTING PRINT_CUPS
--#define PRINTCAP_NAME "cups"
--#elif defined(SYSV)
-+#if defined(SYSV)
- #define DEFAULT_PRINTING PRINT_SYSV
- #define PRINTCAP_NAME "lpstat"
- #else
Copied: branches/samba/experimental/debian/patches/get_global_sam_sid-non-root.patch (from rev 1581, trunk/samba/debian/patches/get_global_sam_sid-non-root.patch)
===================================================================
--- branches/samba/experimental/debian/patches/get_global_sam_sid-non-root.patch (rev 0)
+++ branches/samba/experimental/debian/patches/get_global_sam_sid-non-root.patch 2008-03-24 08:07:33 UTC (rev 1778)
@@ -0,0 +1,73 @@
+Goal: client programs should short-circuit before calling
+get_global_sam_sid() as not-root, because the SAM SID can't be read without
+root privileges and get_global_sam_sid() panics when it can't be accessed --
+reasonable for the server, not reasonable for the client.
+
+Author: Steve Langasek <vorlon at debian.org>
+
+Upstream status: submitted in bugzilla bug #3727
+
+Index: samba-3.0.26a/source/utils/smbpasswd.c
+===================================================================
+--- samba-3.0.26a.orig/source/utils/smbpasswd.c
++++ samba-3.0.26a/source/utils/smbpasswd.c
+@@ -96,6 +96,10 @@
+ while ((ch = getopt(argc, argv, "c:axdehminjr:sw:R:D:U:LW")) != EOF) {
+ switch(ch) {
+ case 'L':
++ if (getuid() != 0) {
++ fprintf(stderr, "smbpasswd -L can only be used by root.\n");
++ exit(1);
++ }
+ local_flags |= LOCAL_AM_ROOT;
+ break;
+ case 'c':
+Index: samba-3.0.26a/source/pam_smbpass/pam_smb_auth.c
+===================================================================
+--- samba-3.0.26a.orig/source/pam_smbpass/pam_smb_auth.c
++++ samba-3.0.26a/source/pam_smbpass/pam_smb_auth.c
+@@ -100,6 +100,12 @@
+ _log_err(pamh, LOG_DEBUG, "username [%s] obtained", name);
+ }
+
++ if (geteuid() != 0) {
++ _log_err(pamh, LOG_DEBUG, "Cannot access samba password database, not running as root.");
++ retval = PAM_AUTHINFO_UNAVAIL;
++ AUTH_RETURN;
++ }
++
+ if (!initialize_password_db(True)) {
+ _log_err(pamh, LOG_ALERT, "Cannot access samba password database");
+ retval = PAM_AUTHINFO_UNAVAIL;
+Index: samba-3.0.26a/source/pam_smbpass/pam_smb_acct.c
+===================================================================
+--- samba-3.0.26a.orig/source/pam_smbpass/pam_smb_acct.c
++++ samba-3.0.26a/source/pam_smbpass/pam_smb_acct.c
+@@ -69,6 +69,11 @@
+ _log_err(pamh, LOG_DEBUG, "acct: username [%s] obtained", name);
+ }
+
++ if (geteuid() != 0) {
++ _log_err(pamh, LOG_DEBUG, "Cannot access samba password database, not running as root.");
++ return PAM_AUTHINFO_UNAVAIL;
++ }
++
+ /* Getting into places that might use LDAP -- protect the app
+ from a SIGPIPE it's not expecting */
+ oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN);
+Index: samba-3.0.26a/source/pam_smbpass/pam_smb_passwd.c
+===================================================================
+--- samba-3.0.26a.orig/source/pam_smbpass/pam_smb_passwd.c
++++ samba-3.0.26a/source/pam_smbpass/pam_smb_passwd.c
+@@ -124,6 +124,11 @@
+ _log_err(pamh, LOG_DEBUG, "username [%s] obtained", user);
+ }
+
++ if (geteuid() != 0) {
++ _log_err(pamh, LOG_DEBUG, "Cannot access samba password database, not running as root.");
++ return PAM_AUTHINFO_UNAVAIL;
++ }
++
+ /* Getting into places that might use LDAP -- protect the app
+ from a SIGPIPE it's not expecting */
+ oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN);
Modified: branches/samba/experimental/debian/patches/series
===================================================================
--- branches/samba/experimental/debian/patches/series 2008-03-24 04:07:52 UTC (rev 1777)
+++ branches/samba/experimental/debian/patches/series 2008-03-24 08:07:33 UTC (rev 1778)
@@ -1,4 +1,3 @@
-cups.patch
#documentation.patch
#fhs-newpaths.patch
#fhs-filespaths.patch
@@ -22,3 +21,6 @@
cifs-umount-trailing-slashes.patch
#cifs-umount-same-user.patch
smbpasswd-syslog.patch
+get_global_sam_sid-non-root.patch
+usershare.patch
+chgpasswd.patch
Modified: branches/samba/experimental/debian/patches/smbstatus-locking.patch
===================================================================
--- branches/samba/experimental/debian/patches/smbstatus-locking.patch 2008-03-24 04:07:52 UTC (rev 1777)
+++ branches/samba/experimental/debian/patches/smbstatus-locking.patch 2008-03-24 08:07:33 UTC (rev 1778)
@@ -1,6 +1,6 @@
Goal: Unknown
-Fixes: Maybe #164179?
+Fixes: #164179. Patch later corrected in #164489
Status wrt upstream: Should maybe be forwarded
Copied: branches/samba/experimental/debian/patches/usershare.patch (from rev 1581, trunk/samba/debian/patches/usershare.patch)
===================================================================
--- branches/samba/experimental/debian/patches/usershare.patch (rev 0)
+++ branches/samba/experimental/debian/patches/usershare.patch 2008-03-24 08:07:33 UTC (rev 1778)
@@ -0,0 +1,205 @@
+Goal: enable net usershares by default at build time, with a limit of
+100, and update the corresponding documentation
+
+Fixes: Debian bug #443230
+
+Authors: Mathias Gug <mathiaz at ubuntu.com>,
+ Steve Langasek <vorlon at debian.org>
+
+Status wrt upstream: Debian-specific
+
+Index: samba-3.0.26a/docs/manpages/smb.conf.5
+===================================================================
+--- samba-3.0.26a.orig/docs/manpages/smb.conf.5
++++ samba-3.0.26a/docs/manpages/smb.conf.5
+@@ -253,7 +253,7 @@
+ .PP
+ usershare path
+ .RS 3n
+-Points to the directory containing the user defined share definitions. The filesystem permissions on this directory control who can create user defined shares.
++Points to the directory containing the user-defined share definitions. The filesystem permissions on this directory control who can create user-defined shares.
+ .RE
+ .PP
+ usershare prefix allow list
+@@ -271,32 +271,7 @@
+ Names a pre-existing share used as a template for creating new usershares. All other share parameters not specified in the user defined share definition are copied from this named share.
+ .RE
+ .PP
+-To allow members of the UNIX group
+-foo
+-to create user defined shares, create the directory to contain the share definitions as follows:
+-.PP
+-Become root:
+-
+-.nf
+-
+-mkdir /usr/local/samba/lib/usershares
+-chgrp foo /usr/local/samba/lib/usershares
+-chmod 1770 /usr/local/samba/lib/usershares
+-
+-.fi
+-.PP
+-Then add the parameters
+-
+-.sp
+-
+-.nf
+-
+- usershare path = /usr/local/samba/lib/usershares
+- usershare max shares = 10 # (or the desired number of shares)
+-
+-.fi
+-to the global section of your
+-\fIsmb.conf\fR. Members of the group foo may then manipulate the user defined shares using the following commands.
++Members of the \fBsambashare\fR group can manipulate the user-defined shares using the following commands:
+ .PP
+ net usershare add sharename path [comment] [acl] [guest_ok=[y|n]]
+ .RS 3n
+@@ -6964,9 +6939,9 @@
+ .PP
+ usershare path (G)
+ .RS 3n
+-This parameter specifies the absolute path of the directory on the filesystem used to store the user defined share definition files. This directory must be owned by root, and have no access for other, and be writable only by the group owner. In addition the "sticky" bit must also be set, restricting rename and delete to owners of a file (in the same way the /tmp directory is usually configured). Members of the group owner of this directory are the users allowed to create usershares. If this parameter is undefined then no user defined shares are allowed.
++This parameter specifies the absolute path of the directory on the filesystem used to store the user-defined share definition files. This directory must be owned by root, and have no access for other, and be writable only by the group owner. In addition the "sticky" bit must also be set, restricting rename and delete to owners of a file (in the same way the /tmp directory is usually configured). Members of the group owner of this directory are the users allowed to create usershares. If this parameter is undefined then no user-defined shares are allowed.
+ .sp
+-For example, a valid usershare directory might be /usr/local/samba/lib/usershares, set up as follows.
++For example, on Debian the default usershare directory of /var/lib/samba/usershares is set up as follows.
+ .sp
+
+
+@@ -6974,16 +6949,16 @@
+
+ .nf
+
+- ls -ld /usr/local/samba/lib/usershares/
+- drwxrwx--T 2 root power_users 4096 2006-05-05 12:27 /usr/local/samba/lib/usershares/
++ ls -ld /var/lib/samba/usershares/
++ drwxrwx--T 2 root sambashare 4096 2006-05-05 12:27 /var/lib/samba/usershares/
+
+ .fi
+
+ .sp
+-In this case, only members of the group "power_users" can create user defined shares.
++In this case, only members of the group "sambashare" can create user defined shares.
+ .sp
+ Default:
+-\fB\fIusershare path\fR = NULL \fR
++\fB\fIusershare path\fR = /var/lib/samba/usershares \fR
+ .RE
+ .PP
+ usershare prefix allow list (G)
+Index: samba-3.0.26a/docs/manpages/net.8
+===================================================================
+--- samba-3.0.26a.orig/docs/manpages/net.8
++++ samba-3.0.26a/docs/manpages/net.8
+@@ -675,9 +675,9 @@
+ Store a secret for the sepcified domain, used primarily for domains that use idmap_ldap as a backend. In this case the secret is used as the password for the user DN used to bind to the ldap server.
+ .SS "USERSHARE"
+ .PP
+-Starting with version 3.0.23, a Samba server now supports the ability for non-root users to add user define shares to be exported using the "net usershare" commands.
++Starting with version 3.0.23, a Samba server now supports the ability for non-root users to add user-defined shares to be exported using the "net usershare" commands.
+ .PP
+-To set this up, first set up your smb.conf by adding to the [global] section : usershare path = /usr/local/samba/lib/usershares Next create the directory /usr/local/samba/lib/usershares, change the owner to root and set the group owner to the UNIX group who should have the ability to create usershares, for example a group called "serverops". Set the permissions on /usr/local/samba/lib/usershares to 01770. (Owner and group all access, no access for others, plus the sticky bit, which means that a file in that directory can be renamed or deleted only by the owner of the file). Finally, tell smbd how many usershares you will allow by adding to the [global] section of smb.conf a line such as : usershare max shares = 100. To allow 100 usershare definitions. Now, members of the UNIX group "serverops" can create user defined shares on demand using the commands below.
++Members of the UNIX group "sambashare" can create user-defined shares on demand using the commands below.
+ .PP
+ The usershare commands are:
+ .IP "" 3n
+Index: samba-3.0.26a/source/param/loadparm.c
+===================================================================
+--- samba-3.0.26a.orig/source/param/loadparm.c
++++ samba-3.0.26a/source/param/loadparm.c
+@@ -1676,7 +1676,7 @@
+ pstrcat(s, "/usershares");
+ string_set(&Globals.szUsersharePath, s);
+ string_set(&Globals.szUsershareTemplateShare, "");
+- Globals.iUsershareMaxShares = 0;
++ Globals.iUsershareMaxShares = 100;
+ /* By default disallow sharing of directories not owned by the sharer. */
+ Globals.bUsershareOwnerOnly = True;
+ /* By default disallow guest access to usershares. */
+Index: samba-3.0.26a/docs/htmldocs/manpages/smb.conf.5.html
+===================================================================
+--- samba-3.0.26a.orig/docs/htmldocs/manpages/smb.conf.5.html
++++ samba-3.0.26a/docs/htmldocs/manpages/smb.conf.5.html
+@@ -164,8 +164,8 @@
+ their own share definitions has been added. This capability is called <span class="emphasis"><em>usershares</em></span> and
+ is controlled by a set of parameters in the [global] section of the smb.conf.
+ The relevant parameters are :
+- </p><div class="variablelist"><dl><dt><span class="term">usershare allow guests</span></dt><dd><p>Controls if usershares can permit guest access.</p></dd><dt><span class="term">usershare max shares</span></dt><dd><p>Maximum number of user defined shares allowed.</p></dd><dt><span class="term">usershare owner only</span></dt><dd><p>If set only directories owned by the sharing user can be shared.</p></dd><dt><span class="term">usershare path</span></dt><dd><p>Points to the directory containing the user defined share definitions.
+- The filesystem permissions on this directory control who can create user defined shares.</p></dd><dt><span class="term">usershare prefix allow list</span></dt><dd><p>Comma-separated list of absolute pathnames restricting what directories
++ </p><div class="variablelist"><dl><dt><span class="term">usershare allow guests</span></dt><dd><p>Controls if usershares can permit guest access.</p></dd><dt><span class="term">usershare max shares</span></dt><dd><p>Maximum number of user defined shares allowed.</p></dd><dt><span class="term">usershare owner only</span></dt><dd><p>If set only directories owned by the sharing user can be shared.</p></dd><dt><span class="term">usershare path</span></dt><dd><p>Points to the directory containing the user-defined share definitions.
++ The filesystem permissions on this directory control who can create user-defined shares.</p></dd><dt><span class="term">usershare prefix allow list</span></dt><dd><p>Comma-separated list of absolute pathnames restricting what directories
+ can be shared. Only directories below the pathnames in this list are permitted.</p></dd><dt><span class="term">usershare prefix deny list</span></dt><dd><p>Comma-separated list of absolute pathnames restricting what directories
+ can be shared. Directories below the pathnames in this list are prohibited.</p></dd><dt><span class="term">usershare template share</span></dt><dd><p>Names a pre-existing share used as a template for creating new usershares.
+ All other share parameters not specified in the user defined share definition
+@@ -4509,25 +4509,25 @@
+ </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>usershare owner only</code></em> = <code class="literal">True</code>
+ </em></span>
+ </p></dd><dt><span class="term"><a name="USERSHAREPATH"></a>usershare path (G)</span></dt><dd><p>This parameter specifies the absolute path of the directory on the
+- filesystem used to store the user defined share definition files.
++ filesystem used to store the user-defined share definition files.
+ This directory must be owned by root, and have no access for
+ other, and be writable only by the group owner. In addition the
+ "sticky" bit must also be set, restricting rename and delete to
+ owners of a file (in the same way the /tmp directory is usually configured).
+ Members of the group owner of this directory are the users allowed to create
+- usershares. If this parameter is undefined then no user defined
++ usershares. If this parameter is undefined then no user-defined
+ shares are allowed.
+ </p><p>
+- For example, a valid usershare directory might be /usr/local/samba/lib/usershares,
+- set up as follows.
++ For example, on Debian the default usershare directory of
++ /var/lib/samba/usershares is set up as follows.
+ </p><p>
+ </p><pre class="programlisting">
+- ls -ld /usr/local/samba/lib/usershares/
+- drwxrwx--T 2 root power_users 4096 2006-05-05 12:27 /usr/local/samba/lib/usershares/
++ ls -ld /var/lib/samba/usershares/
++ drwxrwx--T 2 root sambashare 4096 2006-05-05 12:27 /var/lib/samba/usershares/
+ </pre><p>
+ </p><p>
+- In this case, only members of the group "power_users" can create user defined shares.
+- </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>usershare path</code></em> = <code class="literal">NULL</code>
++ In this case, only members of the group "sambashare" can create user defined shares.
++ </p><p>Default: <span class="emphasis"><em><em class="parameter"><code>usershare path</code></em> = <code class="literal">/var/lib/samba/usershares</code>
+ </em></span>
+ </p></dd><dt><span class="term"><a name="USERSHAREPREFIXALLOWLIST"></a>usershare prefix allow list (G)</span></dt><dd><p>This parameter specifies a list of absolute pathnames
+ the root of which are allowed to be exported by user defined share definitions.
+Index: samba-3.0.26a/docs/htmldocs/manpages/net.8.html
+===================================================================
+--- samba-3.0.26a.orig/docs/htmldocs/manpages/net.8.html
++++ samba-3.0.26a/docs/htmldocs/manpages/net.8.html
+@@ -249,30 +249,10 @@
+ that use idmap_ldap as a backend. In this case the secret is used
+ as the password for the user DN used to bind to the ldap server.
+ </p></div><div class="refsect2" lang="en"><a name="id302073"></a><h3>USERSHARE</h3><p>Starting with version 3.0.23, a Samba server now supports the ability for
+-non-root users to add user define shares to be exported using the "net usershare"
++non-root users to add user-defined shares to be exported using the "net usershare"
+ commands.
+ </p><p>
+-To set this up, first set up your smb.conf by adding to the [global] section :
+-
+-usershare path = /usr/local/samba/lib/usershares
+-
+-Next create the directory /usr/local/samba/lib/usershares, change the owner to root and
+-set the group owner to the UNIX group who should have the ability to create usershares,
+-for example a group called "serverops".
+-
+-Set the permissions on /usr/local/samba/lib/usershares to 01770.
+-
+-(Owner and group all access, no access for others, plus the sticky bit,
+-which means that a file in that directory can be renamed or deleted only
+-by the owner of the file).
+-
+-Finally, tell smbd how many usershares you will allow by adding to the [global]
+-section of smb.conf a line such as :
+-
+-usershare max shares = 100.
+-
+-To allow 100 usershare definitions. Now, members of the UNIX group "serverops"
+-can create user defined shares on demand using the commands below.
++Members of the UNIX group "sambashare" can create user-defined shares on demand using the commands below.
+ </p><p>The usershare commands are:
+
+ </p><table class="simplelist" border="0" summary="Simple list"><tr><td>net usershare add sharename path [comment] [acl] [guest_ok=[y|n]] - to add or change a user defined share.</td></tr><tr><td>net usershare delete sharename - to delete a user defined share.</td></tr><tr><td>net usershare info [-l|--long] [wildcard sharename] - to print info about a user defined share.</td></tr><tr><td>net usershare list [-l|--long] [wildcard sharename] - to list user defined shares.</td></tr></table><p>
Modified: branches/samba/experimental/debian/rules
===================================================================
--- branches/samba/experimental/debian/rules 2008-03-24 04:07:52 UTC (rev 1777)
+++ branches/samba/experimental/debian/rules 2008-03-24 08:07:33 UTC (rev 1778)
@@ -51,7 +51,8 @@
--with-shared-modules=idmap_rid,idmap_ad \
--with-automount \
--with-ldap \
- --with-ads
+ --with-ads \
+ --with-dnsupdate
ifeq ($(DEB_HOST_ARCH_OS),linux)
conf_args += \
Modified: branches/samba/experimental/debian/samba.init
===================================================================
--- branches/samba/experimental/debian/samba.init 2008-03-24 04:07:52 UTC (rev 1777)
+++ branches/samba/experimental/debian/samba.init 2008-03-24 08:07:33 UTC (rev 1778)
@@ -31,6 +31,9 @@
case "$1" in
start)
log_daemon_msg "Starting Samba daemons"
+ # Make sure we have our PIDDIR, even if it's on a tmpfs
+ install -o root -g root -m 755 -d $PIDDIR
+
NMBD_DISABLED=`testparm -s --parameter-name='disable netbios' 2>/dev/null`
if [ "$NMBD_DISABLED" != 'Yes' ]; then
log_progress_msg "nmbd"
Modified: branches/samba/experimental/debian/samba.postinst
===================================================================
--- branches/samba/experimental/debian/samba.postinst 2008-03-24 04:07:52 UTC (rev 1777)
+++ branches/samba/experimental/debian/samba.postinst 2008-03-24 08:07:33 UTC (rev 1778)
@@ -124,6 +124,30 @@
mv -f /var/log/nmb* /var/log/samba/ 2> /dev/null || true
mv -f /var/log/smb* /var/log/samba/ 2> /dev/null || true
+# add the sambashare group
+if ! getent group sambashare > /dev/null 2>&1
+then
+ addgroup --system sambashare
+ # Only on Ubuntu, use the "admin" group as a template for the
+ # initial users for this group; Debian has no equivalent group,
+ # so leaving the sambashare group empty is the more secure default
+ if [ -x "`which lsb_release 2>/dev/null`" ] \
+ && [ "`lsb_release -s -i`" = "Ubuntu" ]
+ then
+ OLDIFS="$IFS"
+ IFS=","
+ for USER in `getent group admin | cut -f4 -d:`; do
+ adduser "$USER" sambashare
+ done
+ IFS="$OLDIFS"
+ fi
+fi
+
+if [ ! -e /var/lib/samba/usershares ]
+then
+ install -d -m 1770 -g sambashare /var/lib/samba/usershares
+fi
+
#DEBHELPER#
exit 0
Modified: branches/samba/experimental/debian/smb.conf
===================================================================
--- branches/samba/experimental/debian/smb.conf 2008-03-24 04:07:52 UTC (rev 1777)
+++ branches/samba/experimental/debian/smb.conf 2008-03-24 08:07:33 UTC (rev 1778)
@@ -169,12 +169,6 @@
; printing = cups
; printcap name = cups
-# When using [print$], root is implicitly a 'printer admin', but you can
-# also give this right to other users to add drivers and set printer
-# properties
-; printer admin = @ntadmin
-
-
############ Misc ############
# Using the following line enables you to customise your configuration
@@ -214,6 +208,12 @@
; winbind enum groups = yes
; winbind enum users = yes
+# Setup usershare options to enable non-root users to share folders
+# with the net usershare command.
+
+# Maximum number of usershare. 0 (default) means that usershare is disabled.
+; usershare max shares = 100
+
#======================= Share Definitions =======================
[homes]
More information about the Pkg-samba-maint
mailing list