Adding users with usrmgr.exe

Peter Samuelson peter at
Fri May 5 03:32:42 GMT 2000

> > > smbpasswd is allways rw-------. samba changes to these permissions when not
> > > using these ... so there is no way for an non-uid 0 account to create a samba
> > > user :(
  [Luke Leighton]
> > this is not good, it's got to go.

[Jeremy Allison <jeremy at>]
> No, this is *essential* for security !

Please, you two, don't go and have that argument again. (:

Yes, it's (currently) essential that John Q. Public not be able to read
smbpasswd (the file), but this could be just as well accomplished with
smbpasswd (the utility) being setgid to a specialized group that has no 
power other than reading and writing smbpasswd (the file).  smbpasswd
(the utility) has no business being able to bind to low ports, change
the system time, or read /var/spool/mail/*.  Maybe we need:

  smbpasswd group = smbpass

(default "smbpasswd group = 0")


More information about the samba-ntdom mailing list