3.0a22: Minor Issue with passwd program + kludge fix
Matt Roberts, GRDA
mattro at grda.com
Thu Mar 6 19:16:12 GMT 2003
I am using 3.0a22 as a PDC with LDAP SAM backend. I am using a python script as a "passwd program" to sync ldap passwords.
My python script uses a first line of "#!/usr/bin/env python" and is normally mode 750, owned by root:root. It worked fine under 3.0a21.
Under 3.0a21, the script no longer executes when a remote user requests a password change. I can make it work, but first let me say that with SMBD set to log level of 100 and passwd chat debug = YES, I see this:
[2003/03/06 12:54:47, 3] smbd/chgpasswd.c:chat_with_program(441)
Dochild for user mattro (uid=0,gid=0)
[2003/03/06 12:54:47, 10] smbd/chgpasswd.c:dochild(215)
Invoking '/usr/local/sbin/ldapsamutil.py -p mattro' as password change program.
[2003/03/06 12:54:47, 0] lib/util_sock.c:read_socket_with_timeout(275)
read_socket_with_timeout: timeout read. read error = Input/output error.
[2003/03/06 12:54:47, 100] smbd/chgpasswd.c:expect(270)
expect: expected [New Password: ] received [sh: /usr/local/sbin/ldapsamutil.py: Permission denied
] match no
To make it work, I add read and execute bits for everybody (need read for python interpreter and execute to make the script executable) then it works. It's insecure, but it works.
So it looks like the logfile entry above that says the child is executing as uid=0,gid=0 is not actually happening.
Working modes for the script include 755 and 005, of all things, on a script owned by root:root. Nonworking modes for the script include 750 770, etc.
If anyone would like to see more logfile data, please let me know.
Thanks,
Matt
More information about the samba-technical
mailing list