passwd program now called as user, not as root?

Jeremy Allison jra at samba.org
Wed Sep 3 17:27:11 GMT 2003


On Wed, Sep 03, 2003 at 05:12:17PM +0200, Volker Lendecke wrote:
> Hi, (abartlet)!
> 
> With 
> http://lists.samba.org/pipermail/samba-cvs/2003-January/079377.html
> in change_oem_password we introduced the call to chgpasswd with
> as_root=False. At least for me this leads to a broken unix passwd sync.
> Now it is called as unprivileged user, not as root anymore. So the
> passwd program has to ask for the old password, which is not available.
> 
> If this is needed due to security reasons, we should at least document
> that it does not work anymore as it did in 2.2
> 
> Or is it simply a bug? I don't dare to change the "False" in
> chgpasswd.c:984 it "True" as I'm not sure about the consequences.

Are you running out of latest CVS or RC2 ? I'm pretty sure 
I fixed it for that.

The reason this can be called as non-root at all is that there is
one old password changing RAP call (used by DOS I believe) where
the plaintext old password is given (along with plaintext new).
But there should only be one case that calls it this way.

Jeremy.



More information about the samba-technical mailing list