Web lists-archives.com

Re: [Samba] Reload config with SIGHUP does not immediately revoke access to host removed from hosts allow




On Thu, 2018-02-01 at 10:50 +0530, Akash Jain via samba wrote:
> Hello All
> 
> My samba-4.x server has lot of registry shares added. There are windows
> clients connected to it and I wanted to remove the access to one of the
> hosts.
> 
> I did net conf setparm to set the updated list of IPs in "hosts allow"
> param and then reloaded samba config with killall -1 smbd .

> I see that the host which is not part of the hosts allow but already have a
> open window in Windows Explorer still continues to get the access for good
> amount of time which is a security flaw.
> 
> I see that the smbd process serving that host (which we see in smbstatus
> command) received the reload config with and logs show that it reads the
> latest configuration for that registry share, but we do not see the effect
> immediately.
> 
> Any idea why is it happening so? Is it a known behaviour or known issue?

To disconnect a client, see smbcontrol kill-client-ip.

Andrew Bartlett
-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba