I have searched the archives and keep reading allusions to people using swat as other that root but I cannot get it to work. I have set the perms on /etc/samba/smb.conf to 664 with ownership of root:root. I have put my regular username in the root group and verified I can log in and edit smb.conf using vi. However, when I log in as myself via SWAT, I get read only access and cannot change anything. I need to allow at least on other person to use SWAT on several boxen and I would really prefer not to have to give out root passwords. Can a user other than root edit smb.conf via SWAT without giving it all away (like -a or suid)? -- Stephen Carville 310-342-3623 stephen.carville@acefis.com -------------- next part -------------- HTML attachment scrubbed and removed
> "Carville, Stephen 1065" wrote: > > I have searched the archives and keep reading allusions to people > using swat as other that root but I cannot get it to work. I have set > the perms on /etc/samba/smb.conf to 664 with ownership of root:root. > I have put my regular username in the root group and verified I can > log in and edit smb.conf using vi. However, when I log in as myself > via SWAT, I get read only access and cannot change anything. I need > to allow at least on other person to use SWAT on several boxen and I > would really prefer not to have to give out root passwords. > > Can a user other than root edit smb.conf via SWAT without giving it > all away (like -a or suid)? >Just remember that the user you give SWAT away to is only a 'root preexec' away from being root, so this might not be what you want. Andrew Bartlett abartlet@pcug.org.au -- Andrew Bartlett abartlet@pcug.org.au
- Just remember that the user you give SWAT away to is only a 'root - preexec' away from being root, so this might not be what you want. The alternative is to hand him the root password so the net effect is the same. If I can add "root preexec" as 'pseudo' root I can add it as the 'real' root. I am trying to arrange things -- mostly with sudo -- so that the root password is only needed in emergencies. If there is another way to allow editing the smb.conf file without giving away root I am all ears. In any case. I am not handing this to some win-feeb. The other admin is UNIX savvy (and my boss so I don't have much choice). -------------- next part -------------- HTML attachment scrubbed and removed
You can try creating a user giving making him a member of the root group...> This message is in MIME format. Since your mail reader does notunderstand> this format, some or all of this message may not be legible. > > > - Just remember that the user you give SWAT away to is only a 'root > - preexec' away from being root, so this might not be what you want. > > The alternative is to hand him the root password so the net effect isthe> same. If I can add "root preexec" as 'pseudo' root I can add it asthe> 'real' root. I am trying to arrange things -- mostly with sudo -- sothat> the root password is only needed in emergencies. > > If there is another way to allow editing the smb.conf file withoutgiving> away root I am all ears. In any case. I am not handing this to some > win-feeb. The other admin is UNIX savvy (and my boss so I don't havemuch> choice). > >--- Spawn -- the Scourge of the Dammed Chris G Haravata Backend Team Leader IT Resources Asia Pacific College #3 Humabon Place, Magallanes Village, 1232 Makati City Tel 8529232 loc 402