How does impersonation work in Samba?

Jeremy Allison jra at
Tue Oct 25 21:20:16 GMT 2005

On Tue, Oct 25, 2005 at 01:51:17PM -0700, Krishna Ganugapati wrote:
> Hello, I've been grepping through the source code and I'm trying to understand how the client impersonation works on the server side.  Typically after whatever authentication has been done (NTLMv2 or Kerberos) - the server must impersonate the client.  I find a bunch of references to become_root() and unbecome_root() - which I'm assuming to mean that since (atleast on my box) Samba runs as root - when an authenticated server request comes in, the appropriate call within the server is now run as the client that on whose behalf the request is being serviced. At times there is the need to become_root()  perform some appropriate house-keeping etc etc  that only root can and then unbecome_root(). 
> Can someone explain/point me to understanding how the client impersonation is done...

Look inside smbd/uid.c


More information about the samba-technical mailing list