Question about become_user/become_root

gcarter at gcarter at
Fri Oct 29 02:58:33 GMT 1999


We have Samba running on Dynx/PTX 4.4.6. This OS supports
"vectored superuser privledges." This can be used to 
allow a process to read any file and descend any directory.
It does not allow them to write, though.

We would like to use this functionality for the admin_user
list. This would have the advantage of having any file they
create being created as themselves, but still have visibilty.

The question is...

It seems pretty clear that "become_user" is the only place
in the code where the decision is made regarding not changing
user id to the connected user per the administrative user list.

What concerns me is finding all the places where users get
demoted. Is unbecome_user the single appropriate place to remove
the vectored privledge?

Obviously, what i want to avoid is a case where multiple
users are being handled by a single smbd process(as would happen
with a NT terminal server?) and this vectored privledge accidently
transfered to another user.


More information about the samba-technical mailing list