smbpasswd
John E. Malmberg
wb8tyw at qsl.net
Tue Oct 1 23:56:08 GMT 2002
<jean-yves.collot at cofiroute.france> wrote:
>>
> The reason why smbpasswd with -j and -r option does not work is probably
> because it's executed from a user which is not considered as "root" by
> Samba/VMS.
>
> Presently, the user is considered as "root" only if his UIC is either [1,4]
> or [1,1]. I kept this feature from an older Samba/VMS port. However, I don't
> like it too much.
In SAMBA 2.0.6 for OpenVMS, the requirement that SMBPASSWD be run from
the SYSTEM UIC is a bug.
SMBPASSWD needs to be specially coded to for OpenVMS so it can be
installed with GRPPRV so that users can change their own SMB passwords.
GRPPRV is needed to access the UAF file to verify that the user exists.
It will also allow users to be able to change both their VMS passwords
and LANMAN passwords at the same time.
On the UNIX version, the SMBPASSWD is SETUID to root. This is
equivalent to it being installed as a shared image with privileges under
OpenVMS.
The internal tests in SMBPASSWD are meant for that if it is really
runing as root, instead of a non-privileged user, it provides additional
functionality.
> Here is a couple of propositions about that. Could you tell me which one
> looks good for you (you can make other ones, too...) ?
>
> 1. the user is root if his UIC group is within the SYSGEN parameter
> MAXSYSGROUP
> 2. if it has some identifier (like SAMBA_ROOT)
> 3. If his USERNAME is SYSTEM
My plans for a future FRONTPORT shared image is similar to that if the
current real USER account has SYSPRV, that it would pass the SAMBA root
tests.
Currently FRONTPORT allows the program to designate what account is
"root", or 0,0. The default is SYSTEM.
There is no real reason for the SMBD to run with all the privileges of
the SYSTEM account.
This change to FRONTPORT would make UNIX programs that test for "root"
to behave more like OpenVMS users expect.
Have you reviewed the FRONTPORT documentation from the SAMBA 2.0.6 port?
-John
wb8tyw at qsl.network
Personal Opinion Only
More information about the samba-vms
mailing list