SWAT - administrator account

Robert Dahlem Robert.Dahlem at gmx.net
Tue Oct 24 06:47:07 GMT 2000


On Thu, 19 Oct 2000 10:50:36 -0500, Matthew Foust wrote:

>We would like to give our HelpDesk staff the ability to change an 
>individual's password without giving them the root password to our 
>server.  Is this possible?  Can you set up and administrator account 
>that is not root?  We do not want to allow individual users to see 
>SWAT, so that is not an option.

You can try the following:

Create a group helpdesk. Create accounts for your helpdesk staff. Make 
them members of the newly created group. Locate your smbpasswd binary, 
cd to that directory, issue the following commands:

    cp smbpasswd smbpasswd.hd
    chown root smbpasswd.hd
    chgrp helpdesk smbpasswd.hd
    chmod 710 smbpasswd.hd
    chmod u+s smbpasswd.hd

This will allow members of the group helpdesk to run smbpasswd.hd with 
superuser rights. Beware: they now can do everything you can do with 
smbpasswd as root.


Robert.Dahlem at gmx.net           Fax +49-69-432647

Sent using PMMail (http://www.pmmail2000.com) - fast, decent, email
software; far better than Outlook. Try it sometime.

More information about the samba mailing list