Operating System - HP-UX
1825374 Members
3884 Online
109679 Solutions
New Discussion юеВ

New files are creating with the ownership nobody:sys

 
Benoy Easaw
Occasional Advisor

New files are creating with the ownership nobody:sys

Hi All,

I have an issue with my HP-UX 11.23 system on IA64.

When I logon with the user root and try to create a File/directory in a particular FS it create with the ownership nobody:sys . The ownership of the FS is root:sys with full permission. Even after changing the ownership of the FS to other user IтАЩm getting the same issue. But if I logon to the system with a user other than root I can create the files in the same FS without any issue. So the issue occurs only with the root login.

There are a few filessystem with this issue but not all. For egs I can create any file/dir in / with ownership root:sys. The filesystems with the issue are in Service guard Cluster. The issue started after the SG configuration. But there is no issue with the file systems in the secondary node. The SG is working fine. So this looks like nothing to do with the SG config. Because the issue persists regardless the package running on the primary or secondary node.


Can some one help me to resolve this issue?

Thanks,
Benoy Easaw
9 REPLIES 9
Geoff Wild
Honored Contributor

Re: New files are creating with the ownership nobody:sys

Is the filesystem a NFS mount?

If yes, is it setuid on the remote host for nobody?

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Steven E. Protter
Exalted Contributor

Re: New files are creating with the ownership nobody:sys

Shalom,

This could be created by a CIFS/Samba filesystem with unusual default permissions or NFS as mentioned above.

Its easier to configure for NFS in the remote /etc/exports file.

It would appear that this has been done by design.

I would guess that SG is being used to cluster CIFS or NFS and the problem is in /etc/exports or smb.conf

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Bill Hassell
Honored Contributor

Re: New files are creating with the ownership nobody:sys

Just check the source of the filesystem:

bdf /particular_Directory/sub_directory...

Network filesystems are not very secure so the default mount privilege from the server (the lefthand portion of the bdf line) is root=nobody, ie, UID=-2. And you do NOT want root privileges in a filesystem on a remote box unless there are really good reasons. If these are filesystems shared within the cluster, then you might consider adding root privilege to the exports file (hint: man exports)


Bill Hassell, sysadmin
Benoy Easaw
Occasional Advisor

Re: New files are creating with the ownership nobody:sys

Yes, This is created by Samba filesystem with default permissions

Here are some of the relevant parts in smb.conf
***************************************************************************************************
# Uncomment this if you want a guest account, you must add this to /etc/passwd
# otherwise the user "nobody" is used
; guest account = pcguest


#============================ Share Definitions ==============================
[homes]
comment = Home Directories
browseable = no
# This one is useful for people to share files
[tmp]
comment = Temporary file space
path = /tmp
read only = no
# Un-comment the following and create the netlogon directory for Domain Logons
; [netlogon]
; comment = Network Logon Service
; path = /var/opt/samba/netlogon
; guest ok = yes
; writable = no

# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
;[Profiles]
; path = /var/opt/samba/profiles
; browseable = no
; guest ok = yes

# A private directory, usable only by fred. Note that fred requires write
# access to the directory.
;[fredsdir]
; comment = Fred's Service
; path = /usr/somewhere/private
; valid users = fred
; public = no
; writable = yes
; printable = no
# a service which has a different directory for each machine that connects
# this allows you to tailor configurations to incoming machines. You could
# also use the %U option to tailor it by user name.
# The %m gets replaced with the machine name that is connecting.
;[pchome]
; comment = PC Directories
; path = /usr/pc/%m
; public = no
; writable = yes
# A publicly accessible directory, read/write to all users. Note that all files
# created in the directory by users will be owned by the default user, so
# any user with access can delete any other user's files. Obviously this
# directory must be writable by the default user. Another user could of course
# be specified, in which case all files would be owned by that user instead.
;[public]
; path = /usr/somewhere/else/public
; public = yes
; only guest = yes
; writable = yes
; printable = no
# The following two entries demonstrate how to share a directory so that two
# users can place files there that will be owned by the specific users. In this
# setup, the directory should be writable by both users and should have the
# sticky bit set on it to prevent abuse. Obviously this could be extended to
# as many users as required.
;[myshare]
; comment = Mary's and Fred's stuff
; path = /usr/somewhere/shared
; valid users = mary fred
; public = no
; writable = yes
; printable = no
; create mask = 0765
*****************************************************
"# Uncomment this if you want a guest account, you must add this to /etc/passwd"

Do I need to add guest account 'pcguest' in /etc/passwd?

***************************************

Host1:/Dir#id
uid=0(root) gid=3(sys) groups=0(root),1(other),2(bin),4(adm),5(daemon),6(mail),7(lp),20(users)
************************************************************************************************

Please let me know what changes I need to make in smb.conf file.


Is there any scripts like iaschangeowner (for BES/BDOC) to change file ownership in samba?
Ivan Ferreira
Honored Contributor

Re: New files are creating with the ownership nobody:sys

I'm not sure if I understand the problem but you can give a try to the force user option in smb.conf.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Benoy Easaw
Occasional Advisor

Re: New files are creating with the ownership nobody:sys

Hello All,

I could not find any issue with the smb.conf file because I├в m using the same (default) smb.conf file in my secondary node and there is no such issue. Even without the smb.conf file I├в m getting the same error in my primary node.

My question is why the issue occurs only when I logon with the user ├в root├в ? With other users logins I can create files/directory with out any issue in the same file system.

How can I use the force user option in smb.conf.
Geoff Wild
Honored Contributor

Re: New files are creating with the ownership nobody:sys

In your smb.conf file, in each share, add:

force user = userid1
force group = groupid1


Group is optional...

Rgds...Geoff

Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Heironimus
Honored Contributor

Re: New files are creating with the ownership nobody:sys

Did you verify that the smbusers file is the same on both nodes?
Benoy Easaw
Occasional Advisor

Re: New files are creating with the ownership nobody:sys

I'm openning another thread with more clear info.