[Samba] smbstatus as non-root
Michael Tokarev
mjt at tls.msk.ru
Fri Apr 5 08:10:31 UTC 2024
05.04.2024 11:02, Michael Tokarev via samba wrote:
> Hi!
>
> What's the way to see list of open files on samba server (information which smbstatus
> gives) without giving user full root privs for the server?
It looks like samba wrongly insists on two things:
1. smbstatus explicitly checks if it is running as root for absolutely no reason
2. lock directory is required to have exactly 0755 permissions, also for
absolutely no reason (eg, it can be 0775 just as well, root:root).
After fixing these two issues, smbstatus can be run to a non-root user.
I'll think how this can be done in a secure way. It looks like
global_messaging_context() insists on creating a file in the lock directory
even if/when it isn't needed.
/mjt
More information about the samba
mailing list