Bug 229 - passwd program not executed as root
Summary: passwd program not executed as root
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts (show other bugs)
Version: 3.0.0preX
Hardware: All Linux
: P2 normal
Target Milestone: none
Assignee: Jeremy Allison
QA Contact:
Depends on:
Reported: 2003-07-16 02:20 UTC by Thilo
Modified: 2005-11-14 09:31 UTC (History)
1 user (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Thilo 2003-07-16 02:20:31 UTC
It seems that the passwd program in beta2 is not executed as root but as the user who tries to 
change his password. 
I assumed this because the passwd chat debug told me that the passwd program asks for an 
old password (what would not happen as root) and Chee Wai Yeung 
(cheewai_yeung2003@yahoo.com.hk) wrote a wrapper and was able to prove this behaviour. 
Comment 1 Gerald (Jerry) Carter (dead mail address) 2003-07-24 21:03:00 UTC
Do you have a reason why pass_oem_change() doesn't try to execute the
password change as root anymore?  the password change is being done as the
user which can't work for obvious reasons.  I see where you made the
change to smbd/chgpasswd.c r1.88.2.5 in SAMBA_3_0 but am thinking it was a
Comment 2 Gerald (Jerry) Carter (dead mail address) 2003-07-24 21:03:44 UTC
note that the calls to change_oem_password() in srv_samr_nt.c are being called
with as_root == True.
Comment 3 Andrew Bartlett 2003-07-25 02:28:42 UTC
No, that looks like a pretty standard bug to me.

We need to give 'change_oem_password()' an as_root parameter I suppose.

Whatever we do, we need to ensure that a user cannot just do it as root by
entering a NULL/"" old password (for the *very* rarely used codepath where we
have the old password in plaintext).

Andrew Bartlett
Comment 4 Jeremy Allison 2003-07-30 18:31:08 UTC
I have checked in a fix for this. PLEASE CHECK !!!!!

Comment 5 Jeremy Allison 2003-07-30 18:31:52 UTC
I have checked in a fix for this. PLEASE TEST !!

Comment 6 Gerald (Jerry) Carter (dead mail address) 2005-02-07 08:40:37 UTC
originally reported against 3.0.0beta2.  CLeaning out 
non-production release versions.
Comment 7 Gerald (Jerry) Carter (dead mail address) 2005-08-24 10:28:04 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.
Comment 8 Gerald (Jerry) Carter (dead mail address) 2005-11-14 09:31:21 UTC
database cleanup