Samba under Coherant and Macintosh
Michael Stockman
pgmtekn-micke at algonet.se
Sun Dec 19 15:49:40 GMT 1999
Hello,
> > why is it that you think that msrpc services don't need to do file
access?
> > what about access to private/smbpasswd from samrd?
>
> we do become_root() before those anyway, so thats totally
> irrelevant. (the smbpasswd can _only_ be accessed as root).
Don't, pretty please. become_root must only be used when samba is
collecting data for internal use. It is not acceptable that samba
return any data that a user would not have access to if logged in to
the machine while samba isn't running.
Why are you so against allowing the administrator control who has
access to smbpasswd? Maybe we should split it into two (or even more)
files sometime in the future, so that the admin could control who can
see/change what based on unix file permissions?
> > do you want anonymous users to be able to read the SAM database,
> > just like NT allows?
>
> of course not, but doing become_user() won't stop that. It will just
> give you a false sense of security.
In regards to disk access, you would have to elabourate to convince me
(supposing that I or anyone else can prevent you from calling
become_root everywhere).
Best regards
Michael Stockman
pgmtekn-micke at algonet.se
PS. Though of the day: become_root is almost equal to become_rotten,
if used badly ;).
More information about the samba-technical
mailing list