Adding users with usrmgr.exe
Peter Samuelson
peter at cadcamlab.org
Fri May 5 03:32:42 GMT 2000
> > > smbpasswd is allways rw-------. samba changes to these permissions when not
> > > using these ... so there is no way for an non-uid 0 account to create a samba
> > > user :(
[Luke Leighton]
> > this is not good, it's got to go.
[Jeremy Allison <jeremy at valinux.com>]
> No, this is *essential* for security !
Please, you two, don't go and have that argument again. (:
Yes, it's (currently) essential that John Q. Public not be able to read
smbpasswd (the file), but this could be just as well accomplished with
smbpasswd (the utility) being setgid to a specialized group that has no
power other than reading and writing smbpasswd (the file). smbpasswd
(the utility) has no business being able to bind to low ports, change
the system time, or read /var/spool/mail/*. Maybe we need:
smbpasswd group = smbpass
(default "smbpasswd group = 0")
Peter
More information about the samba-ntdom
mailing list