<title>Why are so many smbd processes eating memory?</title>
<para>
+<quote>
Site that is running Samba on an AIX box. They are sharing out about 2 terabytes using samba.
Samba was installed using smitty and the binaries. We seem to be experiencing a memory problem
with this box. When I do a <command>svmon -Pu</command> the monitoring program shows that &smbd; has several
processes of smbd running:
+</quote>
</para>
<para>
+ <quote>
Is samba suppose to start this many different smbd processes? Or does it run as one smbd process? Also
is it normal for it to be taking up this much memory?
+</quote>
</para>
<para>
<para>
-<emphasis>ANSWER:</emphasis> Samba consists on three core programs:
+Samba consists on three core programs:
&nmbd;, &smbd;, &winbindd;. &nmbd; is the name server message daemon,
&smbd; is the server message daemon, &winbindd; is the daemon that
handles communication with Domain Controllers.
</para>
</sect2>
+
+ <sect2>
+ <title>I'm getting "open_oplock_ipc: Failed to get local UDP socket for address 100007f. Error was Cannot assign requested" in the logs</title>
+ <para>Your loopback device isn't working correctly. Make sure it's running. </para>
+ </sect2>
+
</sect1>
</chapter>
</sect2>
+ <sect2>
+ <title>Why can users access home directories of other users?</title>
+
+ <para>
+ <quote>
+ We are unable to keep individual users from mapping to any other user's
+ home directory once they have supplied a valid password! They only need
+ to enter their own password. I have not found *any* method that I can
+ use to configure samba to enforce that only a user may map their own
+ home directory.
+ </quote>
+ </para>
+
+ <para><quote>
+ User xyzzy can map his home directory. Once mapped user xyzzy can also map
+ *anyone* elses home directory!
+ </quote></para>
+
+ <para>
+ This is not a security flaw, it is by design. Samba allows
+ users to have *exactly* the same access to the UNIX filesystem
+ as they would if they were logged onto the UNIX box, except
+ that it only allows such views onto the file system as are
+ allowed by the defined shares.
+ </para>
+
+ <para>
+ This means that if your UNIX home directories are set up
+ such that one user can happily cd into another users
+ directory and do an ls, the UNIX security solution is to
+ change the UNIX file permissions on the users home directories
+ such that the cd and ls would be denied.
+ </para>
+
+ <para>
+ Samba tries very hard not to second guess the UNIX administrators
+ security policies, and trusts the UNIX admin to set
+ the policies and permissions he or she desires.
+ </para>
+
+ <para>
+ Samba does allow the setup you require when you have set the
+ <parameter>only user = yes</parameter> option on the share, is that you have not set the
+ valid users list for the share.
+ </para>
+
+ <para>
+ Note that only user works in conjunction with the users= list,
+ so to get the behavior you require, add the line :
+ <programlisting>
+ users = %S
+ </programlisting>
+ this is equivalent to:
+ <programlisting>
+ valid users = %S
+ </programlisting>
+ to the definition of the <parameter>[homes]</parameter> share, as recommended in
+ the &smb.conf; man page.
+ </para>
+ </sect2>
+
</sect1>
</chapter>