[SAMBA] How to stop winbindd from granitng UID=0? Security hole?
Adam Tauno Williams
adam at morrison-ind.com
Wed Jul 6 19:57:01 GMT 2005
> But now there is a real problem. There is a domain user root. If the
> domain is present, we can login to the client with putting simple
> "root" as a username, and using domain password. And we are actually
> getting uid 0, so we are real root, not just dorm user with
> funny-looking username.
> Of course this behaviour is great for normal (unprivileaged) user
> account, but not for root account.
> So, domain operators can have root domain acocunt and this way get
> root acces to all linux boxes with this setup.
>
> Does anyone know how can I stop it?
> I'll post configs if requested, but maybe it is just a simple problem...
man slapd-access
More information about the samba
mailing list