No subject
Mon Dec 1 11:34:25 GMT 2003
letting the opsys determine what access a user has to a file. I do not know
if this is deliberate or not and it has pros and cons with respect to
security.
I solved the 'problem' by changing the group id on smb.conf to 10 (wheel on
Linux, staff on Soalris) and changing the permissions to 660. Since only
admins have wheel as their primary group, this restricts access to people
who have root access anyway. I will have to change my sudo strategy but
that's OK. Keeps me employed :-)
-- Stephen Carville
310-342-3623
stephen.carville at acefis.com
------_=_NextPart_001_01C0CC46.5A12EA60
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2653.12">
<TITLE>RE: SWAT users other than root</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=3D2>- You can try creating a user giving making him a =
member of the root </FONT>
<BR><FONT SIZE=3D2>- group...</FONT>
</P>
<P><FONT SIZE=3D2>From what I can see, SWAT reads the passwd file for =
permissions rather than letting the opsys determine what access a user =
has to a file. I do not know if this is deliberate or not and it =
has pros and cons with respect to security.</FONT></P>
<P><FONT SIZE=3D2>I solved the 'problem' by changing the group id on =
smb.conf to 10 (wheel on Linux, staff on Soalris) and changing the =
permissions to 660. Since only admins have wheel as their primary =
group, this restricts access to people who have root access =
anyway. I will have to change my sudo strategy but that's =
OK. Keeps me employed :-)</FONT></P>
<P><FONT SIZE=3D2>-- Stephen Carville</FONT>
<BR><FONT SIZE=3D2>310-342-3623</FONT>
<BR><FONT SIZE=3D2>stephen.carville at acefis.com</FONT>
</P>
</BODY>
</HTML>
------_=_NextPart_001_01C0CC46.5A12EA60--
More information about the samba
mailing list