I have done a brief search on this topic, and have come up with nothing really useful. So if someone knows where this answer lies for this version on samba, please let me know. I am running Redhat 7.3 along with samba2.2.3a, my problem is my users need to be able to mount windowsnt shares from within their home directories on the redhat machine. I have chmod +s /usr/bin/smbmount so that they are able to run this. But now I am getting this error mount.smbfs //mis/abm /home/ian/mis -o username=XXXX,password=XXXXXXXX,rw libsmb based programs must *NOT* be setuid root. 19764: Connection to mis failed SMB connection failed Is there a way to fix this, I am also taking this as a security feature?? Thanks any help greatly appreciated.
Sean Clarke wrote:> > I have done a brief search on this topic, and have come up with nothing > really useful. So if someone knows where this answer lies for this > version on samba, please let me know. > > I am running Redhat 7.3 along with samba2.2.3a, my problem is my users > need to be able to mount windowsnt shares from within their home > directories on the redhat machine. > > I have chmod +s /usr/bin/smbmount so that they are able to run this. > > But now I am getting this error > > mount.smbfs //mis/abm /home/ian/mis -o > username=XXXX,password=XXXXXXXX,rw > > libsmb based programs must *NOT* be setuid root. > 19764: Connection to mis failed > SMB connection failed > > Is there a way to fix this, I am also taking this as a security > feature??You must *not* make smbmount setuid root. You may make smbmnt (the helper) setuid root if you wish, but smbmount invokes a lot of Samba code that is known to be unstrustworthy under these circumstances. Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net
Andrew Bartlett wrote:> Sean Clarke wrote: > >>I have done a brief search on this topic, and have come up with nothing >>really useful. So if someone knows where this answer lies for this >>version on samba, please let me know. >> >>I am running Redhat 7.3 along with samba2.2.3a, my problem is my users >>need to be able to mount windowsnt shares from within their home >>directories on the redhat machine. >> >>I have chmod +s /usr/bin/smbmount so that they are able to run this. >> >>But now I am getting this error >> >>mount.smbfs //mis/abm /home/ian/mis -o >>username=XXXX,password=XXXXXXXX,rw >> >>libsmb based programs must *NOT* be setuid root. >>19764: Connection to mis failed >>SMB connection failed >> >>Is there a way to fix this, I am also taking this as a security >>feature?? > > > You must *not* make smbmount setuid root. You may make smbmnt (the > helper) setuid root if you wish, but smbmount invokes a lot of Samba > code that is known to be unstrustworthy under these circumstances.and what about smbpasswd ? i really need to have root functionality (accessed via a suidperl script), and all i found was disabling suid checks in smbpasswd. Is there another way ? David