[Samba] Re: What file gets corrupted in Samba when perms stop working correctly?

Gerald (Jerry) Carter jerry at samba.org
Thu Nov 10 16:46:59 GMT 2005

Hash: SHA1

Michael Lueck wrote:
| Think I found something... Jerry, seems like an old setting is leaking
| up through the floor boards.
| Before the "net rpc rights grant domain\\account
| SeMachineAccountPrivilege" stuff existed, I used "admin users =
| @domadmin" to get the job done. That unfortunately made accounts
| "root" on the server. So, admin users is now commented out
| and rpc rights has been in use since that went production.
| HOWEVER, here's the connection from my special account...
| (as it shows up in lsof)
| smbd       2614        root  cwd       DIR        8,9    4096  100663424
| /srv/shares/stage
| Sure looks like "admin users" is leaking through the
| floor boards somehow. Obviously since "root" is not a member
| of the group which has write perms, no write perms granted.
| So, how else could this user become root on the server if
| "admin users"  is commented out? I properly see the user
| name for other connections to the server.

Nah. Remember that smbd runs as root and changes back
and forth to the uid of the user.

cheers, jerry
Alleviating the pain of Windows(tm)      ------- http://www.samba.org
GnuPG Key                ----- http://www.plainjoe.org/gpg_public.asc
"There's an anonymous coward in all of us."               --anonymous
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org


More information about the samba mailing list