Samba 3.0.22 Porting by Vidya Sagar
23
3.9 Setting proper Capabilities and ownership
As we discussed earlier some binaries (smbd, nmbd & swat installed in /$HPACCOUNT/$HPGROUP/sbin)
require that they be run as super user that is UID should be set to 0. In MPE/iX that is achieved by allowing the
code to run into privileged mode by invoking MPE/iX intrinsic GETPRIVMODE(). In order to GETPRIVEMODE,
the binary must be linked with the capability PM and must be moved into the MPE file system name space (that is
/ACCOUNT/GROUP/PROGRAM or PROGRAM.GROUP.ACCOUNT). Also, the ownership of these files should
be changed to MANAGER.SYS. The following script performs the job of putting the essential binaries into MPE/iX
name space and assigns proper capability for Samba.
shell/iX> cat ~/mpebin/progs
#!/bin/sh
cd /$HPACCOUNT/$HPGROUP/sbin
for FILE in *; do
UPPER=$(echo $FILE | tr [a-z] [A-Z])
if [ ! -L $FILE ]; then
mv -f $FILE ../$UPPER
ln -s ../$UPPER $FILE
fi
callci "xeq linkedit.pub.sys 'altprog ../$UPPER;cap=ia,ba,ph,pm'"
chown MANAGER.SYS ../$UPPER
done
Invoke the above script to perform the same as follows:
shell/iX> pwd
/SAMBA/SMB3022/src/samba-3.0.22-mpe/source
shell/iX> sh ~/mpebin/progs
shell/iX> sh ~/mpebin/progs
HP Link Editor/iX (HP30315A.06.24) Copyright Hewlett-Packard Co 1986
LinkEd> altprog ../NMBD;cap=ia,ba,ph,pm
LinkEd> altprog ../SMBD;cap=ia,ba,ph,pm
LinkEd> altprog ../SWAT;cap=ia,ba,ph,pm
You can verify the changed ownership and modified capability and as follows:
shell/iX> ls -l NMBD SMBD SWAT
-rwxr-xr-x 1 MANAGER.SYS SAMBA 2537216 Jul 4 05:30 NMBD
-rwxr-xr-x 1 MANAGER.SYS SAMBA 5799168 Jul 4 05:30 SMBD
-rwxr-xr-x 1 MANAGER.SYS SAMBA 3835904 Jul 4 05:30 SWAT
shell/iX> exit
MPE/iX: linkedit "listprog nmbd.smb3022.samba"
HP Link Editor/iX (HP30315A.06.17) Copyright Hewlett-Packard Co 1986
LinkEd> listprog nmbd.smb3022.samba
PROGRAM : NMBD.SMB3022.SAMBA
XL LIST : /SAMBA/SMB3022/LIBCPXL
CAPABILITIES : BA, IA, PM, PH
NMHEAP SIZE :
NMSTACK SIZE :
ENTRY NAME :
UNSAT NAME :
PRIORITY :
MAX PRIORITY :