smbpasswd not called suid root ??

[Jeremy Allison]

David Bannon wrote:
> 
> Is the problem because the origional smbpasswd itself was suid and when
> that changed the author put this code in to be sure that no one continued
> to have it suid ? (I don't want smbpasswd suid, just to call it from a suid
> binary)
> 

Yep - I added that code when I changed my original
smbpasswd binary from setuid root to non-setuid
root - exactly for the reasons you mention.

Writing setuid root code is *hard* - it was getting
difficult to add the features I wanted to smbpasswd
and keep it secure and understandable - both pre-requisites
for a setuid root binary.

The client-server change I added made it possible
for me to make it just an ordinary binary and I
jumped at the chance.

Jeremy.

-- 
--------------------------------------------------------
Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.
--------------------------------------------------------