Bug 7238 - Users with SeMachineAccountPrivilege right are able to change users and groups accounts
Summary: Users with SeMachineAccountPrivilege right are able to change users and group...
Status: NEW
Alias: None
Product: Samba 3.3
Classification: Unclassified
Component: User & Group Accounts (show other bugs)
Version: 3.3.4
Hardware: PPC Linux
: P3 major
Target Milestone: ---
Assignee: Guenther Deschner
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-03-11 06:38 UTC by Carlos Eduardo Pedroza Santiviago
Modified: 2010-03-18 09:21 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Carlos Eduardo Pedroza Santiviago 2010-03-11 06:38:04 UTC
Users with SeMachineAccountPrivilege right are able to change users and groups accounts

Using samba-3.3.4-0.1.146 on PPC SLES10.
Comment 1 Volker Lendecke 2010-03-11 07:02:56 UTC
Can you please upload your smb.conf together with a debug level 10 log of smbd doing an operation that it should have denied?

Thanks,

Volker
Comment 2 Guenther Deschner 2010-03-11 07:35:02 UTC
Volker, I remember that we worked (hopefully fixed) exactly this during the samr cleanup for 3.4.
Comment 3 Volker Lendecke 2010-03-11 07:54:24 UTC
Ok, you're the boss here :-)

Volker
Comment 4 Guenther Deschner 2010-03-12 07:21:07 UTC
Do you have a chance to use a recent 3.4 release ? There have been quite some fixes in the area of these access checks that should resolve your issue. 

There won't be a new 3.3.x release as this is a discontinued series, so no backports for these access checks are available right now. 
Comment 5 Carlos Eduardo Pedroza Santiviago 2010-03-18 09:21:30 UTC
I've upgraded to 3.5.1 and will look into this.