[Samba] Re: Authentication Question; WAS: installing Samba as non-root user

[simo]

On Wed, 2007-09-26 at 11:39 -0700, spamreceptacle at gmail.com wrote:
> It's amazing how indignant people get when they think someone hasn't
> done
> his homework.  I've read the man pages in depth, and the official
> HOWTO.
> Unless I overlooked something, no where does it explain the
> authentication
> in the kind of detail that is necessary to understand if there's a way
> to
> have multiple users have proper access to their home directories when
> the
> daemon is not being run as root.

You will not find this knowledge in the Samba material simply because it
is basic unix architecture knowledge.
In unix only root owned process (modulo SELinux) can change privileges.
File access is controlled by the kernel and based on said privileges.
So logical consequence is:
1. no root -> no change in privileges -> no access to files beyond
existing privileges
2. root -> impersonation (change in privileges) -> access to files with
provided privileges

For the password part, I only say that authentication is not magic, it
is just an exchange of information (usually involving encryption of some
sort to protect said information) to establish a remote process is who
it claim it is (or represent). If your app performs authentication, it
is the only one that knows about it, and unless it has mighty powers
(root) it can't force the rest of the system to believe it.


Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org
http://samba.org