Smbpasswd and setuid

Gerald (Jerry) Carter jerry at samba.org
Sat Oct 20 05:58:02 GMT 2001


On Sat, 20 Oct 2001, The DJ wrote:

> You'r thinking too much unix style now ;-)
> It wouldn't be the mac way to do.

Has anyone mentioned that if the smbpasswd binary is setuid root,
then any user can change any user's password (or add accounts
such as root to the smbpasswd file)?  Making the surrent smbpasswd
setuid root would be very bad in regards to security.







cheers, jerry





More information about the samba-technical mailing list