2282 – the script of "add user script" runs not as "root"

Bug 2282 - the script of "add user script" runs not as "root"

Summary: the script of "add user script" runs not as "root"

Status:	RESOLVED WONTFIX

Alias:	None

Product:	Samba 3.0
Classification:	Unclassified
Component:	User/Group Accounts (show other bugs)
Version:	3.0.2a
Hardware:	x86 Linux

Importance:	P3 normal
Target Milestone:	none
Assignee:	Samba Bugzilla Account
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2005-01-27 09:33 UTC by Carsten Dumke
Modified:	2005-08-29 14:36 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Carsten Dumke 2005-01-27 09:33:09 UTC

I would like to reopen bug 1037.

We currently use Samba 3.0.2a on SuSE-Linux.
In a trust relationship between to PDCs (s1/dom1 and s2/dom2) the user bob (of 
dom2) logs in on client workstation w1 (member of dom1). During the login-
process samba calls the add user script trying to create an account for user 
bob. Because this is not done as root (as stated in smb.conf(5)) the add user 
script only works if we run it using sudo.

Refering to Jerrys cases (https://bugzilla.samba.org/show_bug.cgi?id=1037#c3) 
this is a new one:
(c) The add user script is used to create an account for a user of a trusted 
domain which is not already known locally.

The user bob is connected to s1 and the add user script is called using the 
guest context.

Thanks.

Carsten

Comment 1 list 2005-08-18 14:06:47 UTC

I am having the same problem as described by Carsten, but on Debian running
samba          3.0.14a-3. 

My workaround was to run chmod 4755 /usr/sbin/useradd.
while this opens up a very large security hole it does work.

Comment 2 Gerald (Jerry) Carter (dead mail address) 2005-08-29 14:36:37 UTC

The recommended solution at this point is to run winbindd for trusted domains.