[Samba] Bug report

Mon Mar 10 17:03:47 GMT 2003

Hallo everyone,
I successfully installed and compiled samba version 2.2.7a on  a sistem
running AIX v. 4.3.3. ML 10.
I had a problem in order to permit the management of configuration file
(smb.conf) by means of swat, to a  group (or a groups on AIX) of users.
The problem was: if I put '"write permission" on group of file smb.conf,
swat permit to edit to many users than the specified group. Why ?
Reading the code I saw that swat does not set the supplementary groups
before switch to the autenticated user, so all users of all groups of root
user can modify the file.
In order to permit modification to users of specified group (or groups if
AIX extended ACL is enabled), I changed the code of cgi.c in the following
way (diff -u format):

--- cgi.c.org   Tue Dec 10 15:58:17 2002
+++ cgi.c       Mon Mar 10 16:32:34 2003
@@ -388,8 +388,18 @@
                         * We have not authenticated as root,
                         * become the user *permanently*.
-                       become_user_permanently(pass->pw_uid, pass->pw_gid);
-               }
+                 /*
+                   I inserted initgroups call in order to set
+                   the supplementary groups of authenticated user
+                   FC (5/2/3)
+                  */
+                 if (initgroups(pass->pw_name,pass->pw_gid) != 0)
+                   {
+                     goto err;
+                   }
+               }
+               become_user_permanently(pass->pw_uid, pass->pw_gid);

                /* Save the users name */
                C_user = strdup(user);

I do not know if the described problem is a general problem.

Please note that what I described above is NOT a criticism but is a small
(very small) attempt to contribute to swat code.

Best regards,
Fabio Cecchi

More information about the samba mailing list