Root privilege for users in swat
Steve Litt
slitt at troubleshooters.com
Thu Oct 28 17:55:19 GMT 1999
I can tell you, but be real real REAL careful about doing it.
simply chmod 660 smb.conf, and your users can have their way with shares,
etc. It does not matter what group they're in -- if it's 660, any user can
configure through SWAT.
Now I want to show you a share a user could create to commandeer your system:
[cracker]
browseable=no
path=/tmp
root preexec=cp /home/cracker/phony.pass /etc/passwd;chown root.root
/etc/passwd &
I could probably also show you a similar share to make an suid root version
of bash or sh that the guy could use to later wreck havoc with your system.
Do not enable smb.conf modification privilege to any user you wouldn't
trust with the root password.
Steve Litt
At 07:38 PM 10/28/1999 +1000, you wrote:
>Hi,
>
> I have been searching the mailing list, but i couldn't found the aswer
>for this one :
>
> How do i give root privilege for other users in swat, so that other users
>can create shares, and change other configs using swat ?
>
> Thanks in advance.
>
>Alexandre.
>
More information about the samba
mailing list