[WBEL-users] /etc/shadow and Samba

[Ewan Mac Mahon]

--Bu8it7iiRSEf40bY
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Jun 23, 2004 at 11:29:01AM -0400, Shawn M. Jones wrote:
> On Wed, 23 Jun 2004, Mario Gamito wrote:
> > I'm running Samba (3.0.4 compiled by me) in WBL.
=46rom plain source, or a .src.rpm?

> > I have this script in smb.conf that allows Windows users to change their
> > domain password from their Windows machines.
> >=20
> > Well, the problem is that /etc/shadow has permissions -r-------- and
> > obviously this way there's no password change for anyone.
It's like that here too, so that's not the problem.

> You could make your script owned by root and suid,
No he can't - suid bits don't work on scripts.

> allowing it to change permissions of /etc/shadow while it's running
> and updating /etc/shadow with new data.  I'd suggest having it change
> it back to 0400 when it's done. =20
>
Ugh. This sort of mad jumping through hoops for something so simple is a
sure sign that you're doing it the wrong way.
=20
> The unix passwd command has suid permissions, and that's how it
> accomplishes said goal:
>=20
And there's the right way. The standard RH/WBEL Samba rpms have a chat
string in their smb.conf for solving exactly this problem and they do it
by calling out to passwd. If I were the OP I'd ditch the homemade samba
for the standard WBEL one which wouldn't have given him this problem in
the first place, or if he absolutely must have a wierd one just nick the
chat string from the standard rpms.

Ewan


--Bu8it7iiRSEf40bY
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFA2bF7y9yq6MKIKKQRAovbAJ4oQ2yew2GXsrVlHNGzOTU2KZZ6VgCdGkW+
msE51dafR8qidSqRu42WHCs=
=AwLo
-----END PGP SIGNATURE-----

--Bu8it7iiRSEf40bY--