Samba 4.1.3 on openSuse 13.1 fails to start: can't write file

For Samba 4.1.3 and openSuSE 13.1 on a Dell 2970 server:

Installed samba server via Yast2. Set it to start on boot, so it wasn’t running. Yast ‘services manager’ failed to start smb daemon: the error message in the ‘show details’ log said it couldn’t write the PID file /var/run/samba/ because the file or directory didn’t exist. Dolphin confirmed that the directory ‘samba’ did not exist in var/run/ so I manually created (as root) a ‘samba’ directory there. Then started smb with Yast’s ‘services manager’ and that succeeded. Closing and reopening ‘services manager’ showed smbd is active. KSysGuard also shows smbd–in fact two instances with different PIDs. The process with the lower PID uses more than twice as much memory 3.9 K as the other 1.6 K.
After a restart (logging in as a user and not as root) smbd again didn’t start, the ‘samba’ directory had disappeared, and the ‘show details’ log had the ‘failed to write’ error for the .pid file. Again created a ‘samba’ directory manually, and was able to start smbd (producing two instances and PIDs in KSysGuard).
I’ve not seen a directory disappear like this. Is it normal or a bug?

Searching older posting in this forum I saw the suggestion that AppArmor might be a problem. Disabled it, restarted. smbd is running (2 instances). So hand me that other can of worms (AppArmor). I really need something else to chew on this evening :slight_smile:

Toward the end of this topic
it’s clear that AppArmor is the culprit that deletes the ‘samba’ directory.

No. AppArmor doesn’t delete anything.
It prevents Samba from creating the directory (/var)/run/samba/ if it doesn’t exist.

(/var)/run/ is a tmpfs, so it doesn’t really exist on disk, only in RAM. Therefore its content gets lost when you reboot.

This is going to be fixed on two sides:

  • An updated AppArmor profile that allows Samba to create that directory (already submitted, should be released in a week at the latest)
  • include a tmpfiles.d config in the samba package that creates that directory on boot

And exactly this are your two workarounds:

  • Run “sudo /usr/sbin/logprof” and allow smbd and nmbd to create that directory
  • create a file /etc/tmpfiles.d/samba.conf with the following content:
d /var/run/samba 755 root root

This will create the directory on boot so Samba can use it.

Or disable AppArmor/set it to complain only mode.