[Samba] Re: What file gets corrupted in Samba when perms stop
working correctly?
Gerald (Jerry) Carter
jerry at samba.org
Thu Nov 10 16:46:59 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Michael Lueck wrote:
| Think I found something... Jerry, seems like an old setting is leaking
| up through the floor boards.
|
| Before the "net rpc rights grant domain\\account
| SeMachineAccountPrivilege" stuff existed, I used "admin users =
| @domadmin" to get the job done. That unfortunately made accounts
| "root" on the server. So, admin users is now commented out
| and rpc rights has been in use since that went production.
|
| HOWEVER, here's the connection from my special account...
| (as it shows up in lsof)
|
| smbd 2614 root cwd DIR 8,9 4096 100663424
| /srv/shares/stage
|
| Sure looks like "admin users" is leaking through the
| floor boards somehow. Obviously since "root" is not a member
| of the group which has write perms, no write perms granted.
|
| So, how else could this user become root on the server if
| "admin users" is commented out? I properly see the user
| name for other connections to the server.
Nah. Remember that smbd runs as root and changes back
and forth to the uid of the user.
cheers, jerry
=====================================================================
Alleviating the pain of Windows(tm) ------- http://www.samba.org
GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc
"There's an anonymous coward in all of us." --anonymous
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDc3mDIR7qMdg1EfYRArE6AJ4j1pvNX0Jo4pkjh/wbcohBdJyTAgCgtMOO
RdTE1lbCm5MqUDRdEQkThAg=
=i6pf
-----END PGP SIGNATURE-----
More information about the samba
mailing list