[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] smbpasswd error

Keith Hopkins wrote:
> Adrin wrote:
>> I always thought you had to be root to change the smbpassword.  I know 
>> the file
>> /etc/passwd is not world write able. Neither is the smbpasswd file on 
>> my system.  So
>> unless smbpasswd, su to root I don't see how it could write to the 
>> file. I also just
>> checked changing the smbpassword file didn't change the error message.
>   A normal user can change their own (/etc/passwd) password, because 
> /usr/bin/passwd has the SUID bit set and is owned by 'root', that is, it 
> runs as the root user without regard to the actual user starting it.
>   smbpassword can NOT be set the same way so any user can run it.  It 
> checks itself and complains if it is.

I don't believe this is correct.  I believe smbpasswd will permit a user 
to change there own password.  From the man page:

  By default (when run with no arguments) it will attempt to
        change the  current  user's  SMB  password  on  the  local
        machine.  This is similar to the way the passwd(1) program
        works.  smbpasswd differs  from  how  the  passwd  program
        works however in that it is not setuid root but works in a
        client-server mode and communicates with a locally running
        smbd(8). As a consequence in order for this to succeed the
        smbd daemon must be running on the  local  machine.  On  a
        UNIX  machine  the  encrypted  SMB  passwords  are usually
        stored in the smbpasswd(5) file.

So, I would check to make sure the smbd daemon is running.

Until later, Geoffrey	esoteric at 3times25.net

Building secure systems inspite of Microsoft