Darren J Moffat wrote: > Or - and this is my preferred option - there should be a requirement > that the commands be listed in a specific RBAC exec_attr(4) profile and > that smbd 'pfexec' them and by default they only run with basic privs > (unless the exec_attr(4) profile gives them more.
That sounds like it might be theoretically correct, but it seems like a pretty heavyweight thing to ask users to set up. Remember that this is a mechanism intended to allow users to plug their own components - typically but not necessarily scripts - into the SMB connect/disconnect process.
