[Samba] DOMAIN\Administrator mapped to root vs. CVE-2020-25717 fix including "min domain uid" = 1000
bjacke at SerNet.DE
Sat Jun 4 16:31:30 UTC 2022
On 2022-05-27 at 23:12 +0200 Reginald via samba sent off:
> If I add
> min domain uid = 0
> to the smb.conf of the fileserver, everything works fine again. :)
> So I could manage the permissions and finish work. :)
> But... This change was probably introduced for good reasons. And I worked around it. What do you think?
> Did I open up a horrible security hole?
> What are the implications?
> Should "DOMAIN\Administrator" actually never be mapped to root?
this reminds me of that old bug report
I still have hope that Andrew will remove his veto on the change so that we can
finally get this properly by default for future setups.
More information about the samba