[Samba] Re: Authentication Question; WAS: installing Samba as
idra at samba.org
Sun Sep 30 14:39:19 GMT 2007
On Wed, 2007-09-26 at 11:39 -0700, spamreceptacle at gmail.com wrote:
> It's amazing how indignant people get when they think someone hasn't
> his homework. I've read the man pages in depth, and the official
> Unless I overlooked something, no where does it explain the
> in the kind of detail that is necessary to understand if there's a way
> have multiple users have proper access to their home directories when
> daemon is not being run as root.
You will not find this knowledge in the Samba material simply because it
is basic unix architecture knowledge.
In unix only root owned process (modulo SELinux) can change privileges.
File access is controlled by the kernel and based on said privileges.
So logical consequence is:
1. no root -> no change in privileges -> no access to files beyond
2. root -> impersonation (change in privileges) -> access to files with
For the password part, I only say that authentication is not magic, it
is just an exchange of information (usually involving encryption of some
sort to protect said information) to establish a remote process is who
it claim it is (or represent). If your app performs authentication, it
is the only one that knows about it, and unless it has mighty powers
(root) it can't force the rest of the system to believe it.
Samba Team GPL Compliance Officer
email: idra at samba.org
More information about the samba