[Samba] root preexec problem

[Ryan Novosielski]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jeremy Allison wrote:
> On Fri, Mar 07, 2008 at 04:44:15PM -0500, Ryan Novosielski wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> I'm reposting this as no one has responded. Is there something in here
>> in particular that would have caused a problem? I guess I use multiple
>> commands, but there is no use of % variables inside my one script that
>> formats the date.
>>
>> Jeremy Allison wrote:
>>> On Mon, Feb 11, 2008 at 11:04:25AM -0800, Robert wrote:
>>>
>>>> Is this perhaps related to the folowing bug:
>>>>
>>>> https://bugzilla.samba.org/show_bug.cgi?id=4812
>>> Yes, this is certainly it. We're not going to
>>> fix this though - the security change was painful enough
>>> that I don't feel safe in allowing arbitrary characters
>>> in smb.conf scripts - remember the % substitution can
>>> allow client input here. The best solution is to rewite
>>> prexecs to use a single script.
>> I'm not sure if I got nailed by this one, but I'm doing this:
>>
>> root preexec=/bin/sh -c 'echo C:
>> \%u,\%m,%I::`/etc/opt/samba/scripts/getdate`' >> /var/opt/samba/accounting
> 
> The multiple commands are no longer supported. Rewrite this
> to call a single script command with parameters.

Something akin to "accounting start %u %m %I" I'm assuming.

It would be nice if this complained at all or warned you in testparm --
I didn't notice the problem until suddenly the file it was creating was
no longer up to date.

- --
 ---- _  _ _  _ ___  _  _  _
 |Y#| |  | |\/| |  \ |\ |  | |Ryan Novosielski - Systems Programmer II
 |$&| |__| |  | |__/ | \| _| |novosirj at umdnj.edu - 973/972.0922 (2-0922)
 \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFH0boLmb+gadEcsb4RAgCcAJ9PBYLoe0914N7KbpsqSv30FGSd/gCg1uaW
UHTeyZXAK+l2Fz97CEIcNuM=
=4Bh1
-----END PGP SIGNATURE-----