Configurable list of swat administrators

Michael James michaelj at coombs.anu.edu.au
Thu Nov 16 23:11:50 GMT 2000


I want to allow a list of users to authenticate as themselves
 and get write access to SWAT.
I know this gives them root, they already have it through sudo.

So I tried creating a group "swat"
 and sticking myself into it in /etc/group.
Then `chgrp swat smb.conf` and `chmod 664 smb.conf`
Telnet back in as myself and I can vi the file and save changes.

But SWAT still gives me bare read access,
 only when I chgrp smb.conf to my native group
 do I get the "Commit" button.

This much surfaced back in July
 but it's messy to demand that the sudoers all be native to the same group.
(It might be a good idea, but it's messy to get there from here.)

There is another piece of documented whierdness:
 if the file is writeable by group root, it is considered world writeable.


The piece of code within source/web/swat.c that controls this is:


static BOOL have_write_access = False;
static BOOL have_read_access = False;


and then after a lot of    if (has_write_access) { ...


        if (!file_exist(servicesf, NULL)) {
                have_read_access = True;
                have_write_access = True;
        } else {
                /* check if the authenticated user has write access - if not then
                   don't show write options */
                have_write_access = (access(servicesf,W_OK) == 0);

                /* if the user doesn't have read access to smb.conf then
                   don't let them view it */
                have_read_access = (access(servicesf,R_OK) == 0);
        }



So "have_write_acess" is the token we need.

And we get it if (access(servicesf,W_OK) == 0)

Where is "access(servicesf,W_OK)" defined
 why doesn't it look at the groups list as well as gid
 and can it be easily changed to?

Thanks for any help with this,
michaelj
-- 

Michael James       _/      _/      _/ _/     _/  v +61 2 6279 8318
Network Programmer _/_/     _/_/    _/ _/     _/
Coombs Computing  _/  _/    _/ _/   _/ _/     _/  f +61 2 6257 1893
 Australian      _/    _/   _/   _/ _/ _/     _/
  National      _/_/_/_/_/  _/    _/_/ _/     _/      michaelj@
   University  _/        _/ _/      _/  _/_/_/_/  coombs.anu.edu.au




More information about the samba mailing list