[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: possible samba security problem

Use setfacl to set/remove rights to smbstatus.
chmod 700 /usr/bin/smbstatus
setfacl -m u:adminuser:r-x /usr/bin/smbstatus
setfacl -m u:baduser:--- /usr/bin/smbstatus

Use groups instead of users when posible.
setfacl is part of the acl package.

On Thu, 2005-01-27 at 15:28 +0100, Thorsten Giese wrote:
> Hello there. 
> I just discovered, that smbstatus can be run by a normal user. It gives 
> sensible Information about usernames and pathes to files (locked files). I do 
> not find this behaviour reasonable.  Any comments? suggestions how to fix 
> this? Should I file a bug report? 
Daniel van Eeden <daniel_e@dds.nl>

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply to: