[PATCH] LDAP server privileged socket mode
Jelmer Vernooij
jelmer at samba.org
Wed Aug 29 08:12:46 MDT 2012
Hi Samuel,
On Thu, Aug 09, 2012 at 05:17:26PM +0200, Samuel Cabrero wrote:
> This patch allows to specify the LDAP server privileged socket directory
> umask as a smb.conf option.
> Samba checks that /var/lib/samba/private/ldap_priv/ is root owned and
> has 750 permissions. We need to relax these permissions to 770 to allow
> users that belong to this directory group, access the privileged socket.
> Any management software (like Zentyal) will need an external non-root
> user to modify restricted attributes via this privileged socket.
Sorry for taking so long to get back to you.
Access to this pipe effectively provides root access; allowing
non-root users access to it would give them an easy way to become
root.
What attributes do you need to modify exactly?
Cheers,
Jelmer
More information about the samba-technical
mailing list