[Samba] Samba 2.2.3a SUID root etc.
David Morel
david.morel at amakuru.net
Wed Sep 25 22:42:00 GMT 2002
Andrew Bartlett wrote:
> Sean Clarke wrote:
>
>>I have done a brief search on this topic, and have come up with nothing
>>really useful. So if someone knows where this answer lies for this
>>version on samba, please let me know.
>>
>>I am running Redhat 7.3 along with samba2.2.3a, my problem is my users
>>need to be able to mount windowsnt shares from within their home
>>directories on the redhat machine.
>>
>>I have chmod +s /usr/bin/smbmount so that they are able to run this.
>>
>>But now I am getting this error
>>
>>mount.smbfs //mis/abm /home/ian/mis -o
>>username=XXXX,password=XXXXXXXX,rw
>>
>>libsmb based programs must *NOT* be setuid root.
>>19764: Connection to mis failed
>>SMB connection failed
>>
>>Is there a way to fix this, I am also taking this as a security
>>feature??
>
>
> You must *not* make smbmount setuid root. You may make smbmnt (the
> helper) setuid root if you wish, but smbmount invokes a lot of Samba
> code that is known to be unstrustworthy under these circumstances.
and what about smbpasswd ? i really need to have root functionality
(accessed via a suidperl script), and all i found was disabling suid
checks in smbpasswd. Is there another way ?
David
More information about the samba
mailing list