How the heck can it work?
Gerald Carter
gcarter at valinux.com
Mon Jul 24 20:57:55 GMT 2000
Ron Alexander wrote:
>
> What do you mean by It? Can you kindly be a little
> more specific as I see it the following are involved.
'It' is SWAT.
> 1. The inetd daemon. What perms, SUID etc should it have.
root. The user specified in smb.conf
> 2. The inetd.conf. It specifies root as one of the
> parameters. Why?
In order to bind to the privildged port 901 (as a
general rule).
> 3. The swat program. If I make it SUID it works
> differently.
I have never tried this. It should not be necessary.
Of course I could quit speculating and actually dig
into the code. :-)
OK...look at the web/cgi.c in lines 379 - 395
if((ret = pass_check(user, user_pass,
strlen(user_pass), NULL, NULL)) == True)
{
/*
* Password was ok.
*/
if(pass->pw_uid != 0) {
/*
* We have not authenticated as root,
* become the user *permanently*.
*/
become_user_permanently(pass->pw_uid, pass->pw_gid);
}
/* Save the users name */
C_user = strdup(user);
}
become_user_permanently() is defined in lib/util_sec.c
Therefore,
* swat starts as root
* user logs in
* upon successful logon, SWAT changes its effective
uid to that of the authenticated user
Make sense?
> 4. The perms on the smb.conf file.
Access to modify smb.conf should be controlled by
the UNIX uid of the suer you logged onto the SWAT
session as. That is the way it has always worked
for me. (see above explanation).
> I know VOS is not Unix. Do you mind helping someone port
> samba to a new platform? (notwithstanding the non
> POSIX port of 1.9... by Erik)
I don't mind answering questions at all. Time wise I half
a really full plate at the moement. :-)
jerry
----------------------------------------------------------------------
/\ Gerald (Jerry) Carter Professional Services
\/ http://www.valinux.com VA Linux Systems gcarter at valinux.com
http://www.samba.org SAMBA Team jerry at samba.org
http://www.eng.auburn.edu/~cartegw
"...a hundred billion castaways looking for a home."
- Sting "Message in a Bottle" ( 1979 )
More information about the samba-technical
mailing list