VB: become_root remove patches (head)

Stephen Langasek vorlon at netexpress.net
Wed Aug 18 22:26:27 GMT 1999

Sorry, another thing occured to me... you wouldn't want /all/ the
information in the smbpasswd file moved to individual files owned by the
users.  Users could not only fill the files with bogus data, they could also
do things like, oh... re-enabling their own accounts after they've been
disabled by the administrator.

Also, Unix traditionally requires the user to be able to prove he knows the
old password before allowing a password change.  Compromising user accounts
becomes a lot easier if any process running with the user's permissions can
modify the smb password entry.

Just some thoughts.

-Steve Langasek
postmodern programmer

On Thu, 19 Aug 1999, Luke Kenneth Casson Leighton wrote:

> ok.  you _could_ get away with splitting the passwords out of
> private/smbpasswd into:
> private/DOMAIN.user1 owner user1 -rw-------
> private/DOMAIN.user2 owner user2 -rw-------
> ..

More information about the samba-technical mailing list