[Samba] Samba 2.2.3a SUID root etc.
Andrew Bartlett
abartlet at samba.org
Wed Sep 25 21:23:01 GMT 2002
Sean Clarke wrote:
>
> I have done a brief search on this topic, and have come up with nothing
> really useful. So if someone knows where this answer lies for this
> version on samba, please let me know.
>
> I am running Redhat 7.3 along with samba2.2.3a, my problem is my users
> need to be able to mount windowsnt shares from within their home
> directories on the redhat machine.
>
> I have chmod +s /usr/bin/smbmount so that they are able to run this.
>
> But now I am getting this error
>
> mount.smbfs //mis/abm /home/ian/mis -o
> username=XXXX,password=XXXXXXXX,rw
>
> libsmb based programs must *NOT* be setuid root.
> 19764: Connection to mis failed
> SMB connection failed
>
> Is there a way to fix this, I am also taking this as a security
> feature??
You must *not* make smbmount setuid root. You may make smbmnt (the
helper) setuid root if you wish, but smbmount invokes a lot of Samba
code that is known to be unstrustworthy under these circumstances.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba
mailing list