[Pkg-samba-maint] [printers] path=/var/spool/samba - another but bad /var/tmp ?
Mathieu Parent
math.parent at gmail.com
Tue May 17 20:22:42 BST 2022
On Tue, May 3, 2022 at 4:39 PM Michael Tokarev <mjt at tls.msk.ru> wrote:
>
> Hi!
>
> In debian, samba is shipping with smb.conf having a [printers]
> section which points to /var/spool/samba/ directory which is
> created with mode 1777, - the same as /tmp and /var/tmp.
>
> So anyone can create files in there, just like in /var/tmp/.
> And sometimes, samba does not remove printer jobs from there,
> for whatever reason. I had it not once when /var/spool/samba
> filled up /var completely with many gigs of files being there.
>
> But unlike /var/tmp/, there's no process on the system which
> takes care of the old files in there.
>
> So there are 2 questions.
>
> 1. why do we ship it this way, instead of using /var/tmp ?
> There's no difference wrt the security part, since the two
> directories has exactly the same permissions.
>
> 2. how can we move it from /var/spool/samba/ to /var/tmp/?
> For new installs it is easy, but for already running installs
> it is not. I don't think we can just drop /var/spool/samba dir
> out of the samba package, - because if, at the time of upgrade,
> this directory is empty, it will be deleted by dpkg, and if
> smb.conf still have this path configured, printing wont work.
>
> Maybe it's okay to check if there are any shares defined in
> smb.conf that points to /var/spool/samba and if yes, re-create
> it in postinst (or create an empty file in there before upgrade)?
> But even there it's interesting: if smb.conf didn't change,
> the preinst script will see the old config which points to this
> dir, but after the package upgrade, new config will not anymore.
> I guess the solution is to always create a file in there before
> upgrade, and after the upgrade check if we still have a share
> pointing there, and remove both the file and the directory
> (non-recursively) if not.
>
> (The prob here is to preserve permissions of this dir).
>
> What do you think?
No precise idea, but we should take a look at what other distributions do,
notably Fedora (and RHEL).
Regards
--
Mathieu
More information about the Pkg-samba-maint
mailing list