How the heck can it work?

Gerald Carter gcarter at valinux.com
Mon Jul 24 20:57:55 GMT 2000 

Ron Alexander wrote:
> 
> What do you mean by It? Can you kindly be a little 
> more specific as I see it the following are involved.

'It' is SWAT.

> 1. The inetd daemon. What perms, SUID etc should it have.

root.  The user specified in smb.conf

> 2. The inetd.conf. It specifies root as one of the 
> parameters. Why?

In order to bind to the privildged port 901 (as a 
general rule).

> 3. The swat program. If I make it SUID it works 
> differently.

I have never tried this.  It should not be necessary.
Of course I could quit speculating and actually dig 
into the code.  :-)

OK...look at the web/cgi.c in lines 379 - 395

if((ret = pass_check(user, user_pass, 
                     strlen(user_pass), NULL, NULL)) == True) 
{

	/*
         * Password was ok.
         */

	if(pass->pw_uid != 0) {
		/*
	         * We have not authenticated as root,
	         * become the user *permanently*.
	         */
	         become_user_permanently(pass->pw_uid, pass->pw_gid);
         }

	/* Save the users name */
        C_user = strdup(user);
}

become_user_permanently() is defined in lib/util_sec.c

Therefore, 

  * swat starts as root
  * user logs in
  * upon successful logon, SWAT changes its effective 
    uid to that of the authenticated user

Make sense?

> 4. The perms on the smb.conf file.

Access to modify smb.conf should be controlled by 
the UNIX uid of the suer you logged onto the SWAT 
session as.  That is the way it has always worked 
for me.  (see above explanation).

> I know VOS is not Unix. Do you mind helping someone port 
> samba to a new platform? (notwithstanding the non 
> POSIX port of 1.9... by Erik)

I don't mind answering questions at all.  Time wise I half 
a really full plate at the moement.  :-)





jerry
----------------------------------------------------------------------
   /\  Gerald (Jerry) Carter                     Professional Services
 \/    http://www.valinux.com  VA Linux Systems    gcarter at valinux.com
       http://www.samba.org       SAMBA Team           jerry at samba.org
       http://www.eng.auburn.edu/~cartegw

       "...a hundred billion castaways looking for a home."
                                - Sting "Message in a Bottle" ( 1979 )

More information about the samba-technical mailing list