[Pkg-samba-maint] Bug#886897: samba: samba cannot export LUKs encrypted disks mounted manually after systemd boot
David Maslen
dmm_au at yahoo.com
Thu Jan 11 02:58:56 UTC 2018
Package: samba
Version: 2:4.7.3+dfsg-1
Severity: important
Dear Maintainer,
I recently added a LUKS encrypted data disk to my system working system.
I have samba configured to share some of the directories from that disk,
mounted at /mnt/crypt.
By default, when my system boots I am prompted to enter my LUKs
password. When I do, the systemd boots and samba serves the /mnt/crypt
directories. My encrypted disks is mounted via the fstab, via the cryptab.
However the server is generally headless, so it suited me better to boot
the machine remotely, then ssh in and mount the encypted data disk
manually.
To achieve this I added "noauto" to the relevant line in /etc/crypttab
and /etc/fstab.
Once logged in I could run
# cryptdisks_start mydisk
followed by
# mount /mnt/crypt
While this appear to work, I noticed that I got errors when attempting
to mount the samba directories on my macbook. The connection would time
out with an error about files not not found.
Samba logs showed this error
[2018/01/11 11:14:10.716971, 0] ../source3/smbd/service.c:774(make_connection_snum)
canonicalize_connect_path failed for service multimedia, path /mnt/crypt/multimedia
[2018/01/11 11:14:14.121656, 0] ../source3/param/loadparm.c:3066(check_usershare_stat)
check_usershare_stat: file /var/lib/samba/usershares/ owned by uid 0 is not a regular file
Reverting back to unlocking the LUKS disk during the init everything
works again.
I think the difference in the two startup methods is that this
mnt-crypt.mount service is only created when I enter the LUKs password
at boot, and for some reason the Samba service depends on it having been
mounted by systemd rather than manually, post boot.
# systemctl |grep mnt-crypt
systemctl |grep mnt-crypt
mnt-crypt.mount loaded active mounted /mnt/crypt
This is an inconvenience to me as it causes samba to fail without a
useful error message.
I have classified the bug as important, because it may simply appear
that samba wont export shares with underlying encryption to others.
I can reproduce this bug.
-- Package-specific info:
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20180111/d30533e0/attachment.ksh>
-------------- next part --------------
-- System Information:
Debian Release: buster/sid
APT prefers unstable
APT policy: (150, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.14.0-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE=en_AU:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages samba depends on:
ii adduser 3.116
ii dpkg 1.19.0.4
ii libattr1 1:2.4.47-2+b2
ii libbsd0 0.8.6-3
ii libc6 2.26-2
ii libldb1 2:1.2.2-2
ii libpam-modules 1.1.8-3.6
ii libpam-runtime 1.1.8-3.6
ii libpopt0 1.16-10+b2
ii libpython2.7 2.7.14-4
ii libtalloc2 2.1.10-2
ii libtdb1 1.3.15-2
ii libtevent0 0.9.34-1
ii lsb-base 9.20170808
ii procps 2:3.3.12-3
ii python 2.7.14-4
ii python-dnspython 1.15.0-1
ii python-samba 2:4.7.3+dfsg-1
ii python2.7 2.7.14-4
ii samba-common 2:4.7.3+dfsg-1
ii samba-common-bin 2:4.7.3+dfsg-1
ii samba-libs 2:4.7.3+dfsg-1
ii tdb-tools 1.3.15-2
Versions of packages samba recommends:
ii attr 1:2.4.47-2+b2
ii logrotate 3.11.0-0.1
ii samba-dsdb-modules 2:4.7.3+dfsg-1
ii samba-vfs-modules 2:4.7.3+dfsg-1
Versions of packages samba suggests:
ii bind9 1:9.11.2+dfsg-5
ii bind9utils 1:9.11.2+dfsg-5
ii ctdb 2:4.7.3+dfsg-1
ii ldb-tools 2:1.2.2-2
ii ntp 1:4.2.8p10+dfsg-5
ii smbldap-tools 0.9.9-1
pn ufw <none>
ii winbind 2:4.7.3+dfsg-1
-- debconf information:
samba/run_mode: daemons
samba-common/title:
More information about the Pkg-samba-maint
mailing list