Univention Bugzilla – Bug 45345
Listenermodule is unable to remove netlogon script
Last modified: 2023-06-12 15:39:54 CEST
02.09.17 19:43:43.906 LISTENER ( PROCESS ) : updating 'uid=o7rbfhjszy,cn=lehrer,cn=users,ou=c2qsr05gua,dc=nstx,dc=local' command d 02.09.17 19:43:43.932 LISTENER ( PROCESS ) : samba4-idmap: removing entry for S-1-5-21-3842850871-998187786-178935136-5488 02.09.17 19:43:43.937 LISTENER ( WARN ) : remove-old-homedirs: not removing home of user o7rbfhjszy: /home/c2qsr05gua/lehrer/o7rbfhjszy does not exist 02.09.17 19:43:43.939 LISTENER ( WARN ) : ucs-school-user-logonscript: Deleting netlogon script /var/lib/samba/netlogon/user/o7rbfhjszy.vbs... 02.09.17 19:43:43.939 LISTENER ( ERROR ) : ucs-school-user-logonscript: error=OSError(13, 'Permission denied') 02.09.17 19:43:43.943 LISTENER ( ERROR ) : ucs-school-user-logonscript: Traceback (most recent call last): File "/usr/lib/univention-directory-listener/system/ucs-school-user-logonscript.py", line 645, in user_change os.remove(vbs_path) OSError: [Errno 13] Permission denied: '/var/lib/samba/netlogon/user/o7rbfhjszy.vbs' Traceback (most recent call last): File "/usr/lib/univention-directory-listener/system/ucs-school-user-logonscript.py", line 654, in handler script_handler.user_change(new, old) File "/usr/lib/univention-directory-listener/system/ucs-school-user-logonscript.py", line 645, in user_change os.remove(vbs_path) OSError: [Errno 13] Permission denied: '/var/lib/samba/netlogon/user/o7rbfhjszy.vbs' 02.09.17 19:43:43.945 LISTENER ( WARN ) : at least one delete handler failed
Strange: the code is run after a "listener.setuid(0)"... When the listener is rewritten, I suggest to use a dedicated user account for all script generation and make the directory writable for that user. The initialization of the future listener should check and possibly rectify the directory permissions only once when starting. I think this will be cleaner than all those listener.[un]setuid() throughout the code.
I would bet that the ACLs of /var/lib/samba/netlogon/ are part of this problem.
This issue has been filed against UCS@school 4.2. UCS@school 4.2 is out of maintenance and many UCS@school components have changed in later releases. Thus, this issue is now being closed. If this issue still occurs in newer UCS@school versions, please reopen it and update the UCS@school version. In this case please provide detailed information on how this issue is affecting you.