samba

Luke Kenneth Casson Leighton lkcl at lkcl.net
Thu Jun 3 21:04:13 GMT 2004


just to _really_ put the cat among the pigeons: remember that
there is also "svcctl" - a DCE/RPC service that allows the
creation (including under which user context), management,
starting and stopping of services.

in other words, if this service was implemented under samba(3),
(i am not privy to the designs of samba(4)) then the SE/Linux
policy required would have to pretty much allow everything.

whereas, with the samba tng approach, you only need give the
svcctld - the service control daemon - sufficient privileges
to be able to exec "run_init /etc/init.d/startstopscript"
without requiring a password.

l.

-- 
-- 
expecting email to be received and understood is a bit like
picking up the telephone and immediately dialing without
checking for a dial-tone; speaking immediately without listening
for either an answer or ring-tone; hanging up immediately and
believing that you have actually started a conversation.
--
<a href="http://lkcl.net">      lkcl.net      </a> <br />
<a href="mailto:lkcl at lkcl.net"> lkcl at lkcl.net </a> <br />



More information about the samba-technical mailing list