On 7/12/07, Henrik Zagerholm <henke@mac.se> wrote:> I wonder if it is a really bad idea to setuid bit on samba daemons to
> make them start with root privileges?
>
> I need it in an embedded systems where the daemons are started by a
> non root user and I don't have access to sudo etc and we all know
> that smbd should run under root.
If setuid, any user with the ability to execute programs on the system
could start Samba with the configuration file of their choosing, and
smbd's flexible enough that this would translate into full control of
the system.
That sounds like a really bad idea to me, but _maybe_ there are enough
mitigating factors for your embedded environment to make it not an
issue.
Josh Kelley