Jordan Brown wrote: > Darren J Moffat wrote: >> Or - and this is my preferred option - there should be a requirement >> that the commands be listed in a specific RBAC exec_attr(4) profile >> and that smbd 'pfexec' them and by default they only run with basic >> privs (unless the exec_attr(4) profile gives them more. > > That sounds like it might be theoretically correct, but it seems like a > pretty heavyweight thing to ask users to set up. Remember that this is > a mechanism intended to allow users to plug their own components - > typically but not necessarily scripts - into the SMB connect/disconnect > process.
I don't thing it is heavyweight at all. In fact all that would be required is a single entry in the specific RBAC exec_attr(4) table that listed what uid/gid and privs the "script" ran with. That can even be done once for the whole network and stored in NIS, NIS+, LDAP. -- Darren J Moffat
