Samba under Coherant and Macintosh
Andrew Tridgell
tridge at linuxcare.com
Fri Dec 17 23:05:30 GMT 1999
> *oh* - there is one slight problem that we have to work-around if not
> doing a become_user(), andrew: that's that reload_services() currently
> relies on you being the current user context.
I don't think it is reliant at all on the security context, we
normally do a reload_services() as root in smbd. It does rely on some
variables to choose things like %u, but that certainly won't need a
become_user().
> i do need to add an entire security model on a per-pipe, per-function and
> per-info level basis.
>
> i was hoping not to have to do this _quite_ just yet and to use a
> simplified model, first.
you'd need it anyway, as become_user() would never have protected any
of your data structures. So if there are data structures that can only
be accessed as particular users then you need access control code. The
underlying OS can't help with that because it doesn't know anything
about those data structures.
More information about the samba-technical
mailing list