[Samba] Samba 2.2.3a SUID root etc.

Andrew Bartlett abartlet at samba.org
Wed Sep 25 21:23:01 GMT 2002


Sean Clarke wrote:
> 
> I have done a brief search on this topic, and have come up with nothing
> really useful. So if someone knows where this answer lies for this
> version on samba, please let me know.
> 
> I am running Redhat 7.3 along with samba2.2.3a,  my problem is my users
> need to be able to mount windowsnt shares from within their home
> directories on the redhat machine.
> 
> I have chmod +s /usr/bin/smbmount so that they are able to run this.
> 
> But now I am getting this error
> 
> mount.smbfs //mis/abm /home/ian/mis -o
> username=XXXX,password=XXXXXXXX,rw
> 
> libsmb based programs must *NOT* be setuid root.
> 19764: Connection to mis failed
> SMB connection failed
> 
> Is there a way to fix this, I am also taking this as a security
> feature??

You must *not* make smbmount setuid root.  You may make smbmnt (the
helper) setuid root if you wish, but smbmount invokes a lot of Samba
code that is known to be unstrustworthy under these circumstances.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net



More information about the samba mailing list