Samba under Coherant and Macintosh

Michael Stockman pgmtekn-micke at
Sun Dec 19 15:49:40 GMT 1999


> > why is it that you think that msrpc services don't need to do file
> > what about access to private/smbpasswd from samrd?
> we do become_root() before those anyway, so thats totally
> irrelevant. (the smbpasswd can _only_ be accessed as root).

Don't, pretty please. become_root must only be used when samba is
collecting data for internal use. It is not acceptable that samba
return any data that a user would not have access to if logged in to
the machine while samba isn't running.

Why are you so against allowing the administrator control who has
access to smbpasswd? Maybe we should split it into two (or even more)
files sometime in the future, so that the admin could control who can
see/change what based on unix file permissions?

> > do you want anonymous users to be able to read the SAM database,
> > just like NT allows?
> of course not, but doing become_user() won't stop that. It will just
> give you a false sense of security.

In regards to disk access, you would have to elabourate to convince me
(supposing that I or anyone else can prevent you from calling
become_root everywhere).

Best regards
  Michael Stockman
  pgmtekn-micke at

PS. Though of the day: become_root is almost equal to become_rotten,
if used badly ;).

More information about the samba-technical mailing list