[PATCH] s4/provision: don't mix local uid numbers with domain mappings
Björn Jacke
bjacke at sernet.de
Thu Dec 14 10:53:46 UTC 2017
On 2017-12-14 at 11:01 +1300 Andrew Bartlett via samba-technical sent off:
> My primary concern with this is will, after this, administrator have
> the rights of root in terms of being able to override permissions on
> the files owned by others?
of course, other domain admin members, who don't have uidNumber=0 would have
issues also otherwise. On the other hand there are plenty of problems when uid
0 randomly resolves to a non-root user with a home directory which is not
/root/. I'm a bit puzzed that you argue against this now after
https://bugzilla.samba.org/show_bug.cgi?id=9837 was reported in the early days
of Samba 4.0 (5 years ago), and you did never comment on it, not even after
Michael also mentioned that this should urgently be changed. On fileservers
there are file permissions and privileges to handle things right. Bringing up a
broken idmap configuration involving the messing up of the root user by default
to enable people to get admin rights on fileservers is really bad.
Björn
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
More information about the samba-technical
mailing list