samba - Oct 1999 - Root privilege for users in swat

Hi,

   I have been searching the mailing list, but i couldn't found the aswer
for this one :

   How do i give root privilege for other users in swat, so that other users
can create shares, and change other configs using swat ?

   Thanks in advance.

Alexandre.

I can tell you, but be real real REAL careful about doing it.

simply chmod 660 smb.conf, and your users can have their way with shares,
etc. It does not matter what group they're in -- if it's 660, any user
can
configure through SWAT.

Now I want to show you a share a user could create to commandeer your system:

[cracker]
browseable=no
path=/tmp
root preexec=cp /home/cracker/phony.pass /etc/passwd;chown root.root
/etc/passwd &

I could probably also show you a similar share to make an suid root version
of bash or sh that the guy could use to later wreck havoc with your system.

Do not enable smb.conf modification privilege to any user you wouldn't
trust with the root password.

Steve Litt



At 07:38 PM 10/28/1999 +1000, you wrote:
>Hi,
>
>   I have been searching the mailing list, but i couldn't found the
aswer
>for this one :
>
>   How do i give root privilege for other users in swat, so that other users
>can create shares, and change other configs using swat ?
>
>   Thanks in advance.
>
>Alexandre.
>