Hello Family, I had encounted that as "user" I couldn't change my own passwd with "smbpasswd" and noticed the permission differences between smbpasswd and passwd. This is Samba-2.2.2 -rwxr-xr-x 1 root root 782415 Dec 28 03:14 /usr/local/samba/bin/smbpasswd -r-s--x--x 1 root root 12244 Feb 7 2000 /usr/bin/passwd Is there a reason why the perms are not the same ? TIA -- Bill Schoolcraft PO Box 210076 -o) San Francisco CA 94121 /\ "UNIX, A Way Of Life." _\_v http://forwardslashunix.com
(my smbpasswd is -rw------- )
The password hashes stored in smbpasswd can be used "as is" to gain
access
to the files on the samba server, so they have to be kept secret (only
readable by root).
You can read a little more by looking at smbpasswd(5) ('man 5
smbpasswd').
The ones in /etc/passwd can't be used for anything except checking a
password (or brute force hack attempts by checking lots of passwords), so it
doesn't have to be secret.
In fact, /etc/passwd has to be world readable so that various applications
can see user the user properties in it.
> I had encounted that as "user" I couldn't change my own
passwd with
> "smbpasswd" and noticed the permission differences between
smbpasswd
> and passwd. This is Samba-2.2.2
>
> -rwxr-xr-x 1 root root 782415 Dec 28 03:14
> /usr/local/samba/bin/smbpasswd
>
> -r-s--x--x 1 root root 12244 Feb 7 2000
> /usr/bin/passwd
>
> Is there a reason why the perms are not the same ?
>
> TIA
>
> --
> Bill Schoolcraft
> PO Box 210076 -o)
> San Francisco CA 94121 /\
> "UNIX, A Way Of Life." _\_v
> http://forwardslashunix.com
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
Bill Schoolcraft wrote:> > Hello Family, > > I had encounted that as "user" I couldn't change my own passwd with > "smbpasswd" and noticed the permission differences between smbpasswd > and passwd. This is Samba-2.2.2 > > -rwxr-xr-x 1 root root 782415 Dec 28 03:14 > /usr/local/samba/bin/smbpasswd > > -r-s--x--x 1 root root 12244 Feb 7 2000 > /usr/bin/passwd > > Is there a reason why the perms are not the same ?Setuid root programs are *very* hard to write. As such, smbpasswd is no longer setuid root, it instead assumes that smbd is running on localhost, and changes the password 'over the network'. Should this not be the desired behaviour, then look at pam_smbpass. But I'm not sure how safe pam_smbpass is, becouse it calls code not originally intended to be setuid root... Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net