I want to allow a list of users to authenticate as themselves
and get write access to SWAT.
I know this gives them root, they already have it through sudo.
So I tried creating a group "swat"
and sticking myself into it in /etc/group.
Then `chgrp swat smb.conf` and `chmod 664 smb.conf`
Telnet back in as myself and I can vi the file and save changes.
But SWAT still gives me bare read access,
only when I chgrp smb.conf to my native group
do I get the "Commit" button.
This much surfaced back in July
but it's messy to demand that the sudoers all be native to the same group.
(It might be a good idea, but it's messy to get there from here.)
There is another piece of documented whierdness:
if the file is writeable by group root, it is considered world writeable.
The piece of code within source/web/swat.c that controls this is:
static BOOL have_write_access = False;
static BOOL have_read_access = False;
and then after a lot of if (has_write_access) { ...
if (!file_exist(servicesf, NULL)) {
have_read_access = True;
have_write_access = True;
} else {
/* check if the authenticated user has write access - if not
then
don't show write options */
have_write_access = (access(servicesf,W_OK) == 0);
/* if the user doesn't have read access to smb.conf then
don't let them view it */
have_read_access = (access(servicesf,R_OK) == 0);
}
So "have_write_acess" is the token we need.
And we get it if (access(servicesf,W_OK) == 0)
Where is "access(servicesf,W_OK)" defined
why doesn't it look at the groups list as well as gid
and can it be easily changed to?
Thanks for any help with this,
michaelj
--
Michael James _/ _/ _/ _/ _/ v +61 2 6279 8318
Network Programmer _/_/ _/_/ _/ _/ _/
Coombs Computing _/ _/ _/ _/ _/ _/ _/ f +61 2 6257 1893
Australian _/ _/ _/ _/ _/ _/ _/
National _/_/_/_/_/ _/ _/_/ _/ _/ michaelj@
University _/ _/ _/ _/ _/_/_/_/ coombs.anu.edu.au