Combining passwd programs

Jean-Francois Micouleau Jean-Francois.Micouleau at
Thu Jun 18 23:56:12 GMT 1998

On Fri, 19 Jun 1998, Tavis Barr wrote:

> A couple of us have been talking about writing a passwd binary that would 
> basically take the smbpasswd.c program and add a routine to change the 
> Unix password right after the one that changes the smbpasswd file.  

That's already done. It's not smbclient which changes the Unix password
but smbd itself.
Take a look at the 'unix password sync' option

> The only trouble is, in order to change the Unix password, as far as I know 
> the program has to be run setuid root.

Because usually root don't have to type the old password in clear-text
form when changing a user's password

>  I remember that smbpasswd was 
> changed recently so that it didn't have to be run this way (in fact it 
> couldn't but that's easy enough to comment out of the code).  My question 
> for ye wise ones: Are there any particular security holes created by running 
> the smb password-changing routine as setuid root that aren't created by 
> running other programs (e.g.., Unix passwd) as setuid root?

Pinky: "What are we going to do tonight, Brain?"
Brain: "The same thing we do every night, Pinky :
	try to install Windows NT !"

More information about the samba-ntdom mailing list