I want to allow a list of users to authenticate as themselves and get write access to SWAT. I know this gives them root, they already have it through sudo. So I tried creating a group "swat" and sticking myself into it in /etc/group. Then `chgrp swat smb.conf` and `chmod 664 smb.conf` Telnet back in as myself and I can vi the file and save changes. But SWAT still gives me bare read access, only when I chgrp smb.conf to my native group do I get the "Commit" button. This much surfaced back in July but it's messy to demand that the sudoers all be native to the same group. (It might be a good idea, but it's messy to get there from here.) There is another piece of documented whierdness: if the file is writeable by group root, it is considered world writeable. The piece of code within source/web/swat.c that controls this is: static BOOL have_write_access = False; static BOOL have_read_access = False; and then after a lot of if (has_write_access) { ... if (!file_exist(servicesf, NULL)) { have_read_access = True; have_write_access = True; } else { /* check if the authenticated user has write access - if not then don't show write options */ have_write_access = (access(servicesf,W_OK) == 0); /* if the user doesn't have read access to smb.conf then don't let them view it */ have_read_access = (access(servicesf,R_OK) == 0); } So "have_write_acess" is the token we need. And we get it if (access(servicesf,W_OK) == 0) Where is "access(servicesf,W_OK)" defined why doesn't it look at the groups list as well as gid and can it be easily changed to? Thanks for any help with this, michaelj -- Michael James _/ _/ _/ _/ _/ v +61 2 6279 8318 Network Programmer _/_/ _/_/ _/ _/ _/ Coombs Computing _/ _/ _/ _/ _/ _/ _/ f +61 2 6257 1893 Australian _/ _/ _/ _/ _/ _/ _/ National _/_/_/_/_/ _/ _/_/ _/ _/ michaelj@ University _/ _/ _/ _/ _/_/_/_/ coombs.anu.edu.au