Root privilege for users in swat

Steve Litt slitt at
Thu Oct 28 17:55:19 GMT 1999

I can tell you, but be real real REAL careful about doing it.

simply chmod 660 smb.conf, and your users can have their way with shares,
etc. It does not matter what group they're in -- if it's 660, any user can
configure through SWAT.

Now I want to show you a share a user could create to commandeer your system:

root preexec=cp /home/cracker/phony.pass /etc/passwd;chown root.root
/etc/passwd &

I could probably also show you a similar share to make an suid root version
of bash or sh that the guy could use to later wreck havoc with your system.

Do not enable smb.conf modification privilege to any user you wouldn't
trust with the root password.

Steve Litt

At 07:38 PM 10/28/1999 +1000, you wrote:
>   I have been searching the mailing list, but i couldn't found the aswer
>for this one :
>   How do i give root privilege for other users in swat, so that other users
>can create shares, and change other configs using swat ?
>   Thanks in advance.

More information about the samba mailing list