letting the opsys determine what access a user has to a file. I do not know
if this is deliberate or not and it has pros and cons with respect to
security.
I solved the 'problem' by changing the group id on smb.conf to 10 (wheel
on
Linux, staff on Soalris) and changing the permissions to 660. Since only
admins have wheel as their primary group, this restricts access to people
who have root access anyway. I will have to change my sudo strategy but
that's OK. Keeps me employed :-)
-- Stephen Carville
310-342-3623
stephen.carville@acefis.com
------_=_NextPart_001_01C0CC46.5A12EA60
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html;
charset=3Diso-8859-1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version
5.5.2653.12">
<TITLE>RE: SWAT users other than root</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=3D2>- You can try creating a user giving making him a
member of the root </FONT>
<BR><FONT SIZE=3D2>- group...</FONT>
</P>
<P><FONT SIZE=3D2>From what I can see, SWAT reads the passwd file
for permissions rather than letting the opsys determine what access a user has
to a file. I do not know if this is deliberate or not and it has pros
and cons with respect to security.</FONT></P>
<P><FONT SIZE=3D2>I solved the 'problem' by changing the
group id on smb.conf to 10 (wheel on Linux, staff on Soalris) and changing the
permissions to 660. Since only admins have wheel as their primary
group, this restricts access to people who have root access anyway. I
will have to change my sudo strategy but that's OK. Keeps me
employed :-)</FONT></P>
<P><FONT SIZE=3D2>-- Stephen Carville</FONT>
<BR><FONT SIZE=3D2>310-342-3623</FONT>
<BR><FONT SIZE=3D2>stephen.carville@acefis.com</FONT>
</P>
</BODY>
</HTML>
------_=_NextPart_001_01C0CC46.5A12EA60--
