IPC User Problem (was Situational Deadlock)
Andrew Bartlett
abartlet at samba.org
Mon Feb 2 20:39:16 GMT 2004
On Tue, 2004-02-03 at 04:18, Simo Sorce wrote:
> On Mon, 2004-02-02 at 18:05, Gerald (Jerry) Carter wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Esh, Andrew wrote:
> >
> > | I have tested the code below (and in the included HEAD
> > | patch file) and it passes all my regression tests with
> > | "force group" set in the global area. The patch prevents
> > | "force user" and "force group" from having any effect on
> > | the IPC service.
> > |
> > | Without this fix, Windows NT can fail to obtain access to
> > | the IPC service on Samba 3.0 (release-3-0alpha20) and later
> > | when either "force" tag is in the global configuration section.
> > | This prevents user access to other shares due to the new
> > | code "force" tests added in smbd/uid.c:check_user_ok at
> > | version 1.94.
> >
> > Does anyone object to this patch ? It would seem to help
> > prevent an admin from getting into trouble that is hard to
> > diagnose on a mailing list.
> >
> > Just trying to get some resolution here.
>
> Seem OK to me, I'll bet there is no more than 0.00001% of admin out
> there that ever tought of setting such permissions on the IPC$ share on
> samba knowingly.
If everybody else thinks this is a good idea, then I'm in.
It needs to also not honer 'admin users' on those shares. (Which ends
up being implemented as a 'force user')
Personally, I would prefer to have each admin hit over the head with a
clue-stick, but failing that...
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20040203/59cf61bf/attachment.bin
More information about the samba-technical
mailing list