SYSKEY, TNG freeze, 2.0.x->TNG merge and other thoughts
James Sutherland
jas88 at cam.ac.uk
Wed Feb 9 23:02:55 GMT 2000
On Thu, 10 Feb 2000, Luke Kenneth Casson Leighton wrote:
> > Worse than useless, IMO - you do NOT want users to have access to the
> > FILE, only (some of) the contents - and only when accessed via RPC, NOT
> > when access as files...
>
> so you want /etc/passwd to be made root-only access, right, on all UNIX
> systems across the world, right?
>
No. Do you want /etc/shadow world-WRITABLE, so users can change their
passwords? Or create a couple of files PER USER? Neither seems like a very
good idea.
More to the point, the SAM permissions do not correspond to file
permissions. OK, you could split user attributes up into three categories
(things they can change, things they can read, and things they cannot
access at all), and then have three files per user (YUK) - or just do it
the normal Unix way, and have the file accessable directly only by the
daemon, which then performs its own access control.
James.
More information about the samba-technical
mailing list