> The application would be called by my program, in a way in which no > additional options other then the ones I have told my application can be > specified (hardcoded in program). then why not become root in your app before running it? Or write a setuid wrapper? Having the smbpasswd binary itself setuid seems unnecessary