LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 02-21-2006, 08:43 AM   #1
Unconfigured
LQ Newbie
 
Registered: Feb 2006
Posts: 2

Rep: Reputation: 0
Samba --> nobody run "add user script = /usr/sbin/useradd %u ....." ????


Greetings!

I have the following configuration:

Two PDCs with Fedora Core 4: PDC1 and PDC2.

PDC1 trusts PDC2, respectively PDC2 is trusted to PDC1.
I join an XP workstation to PDC2. After restart i can see both domains in the login screen domain combo box.
I can logon to PDC2 , but not to PDC1, since the PDC2's /etc/passwd lacks the username from PDC1 i am trying to log in with. To correct this i edit smb.conf adding this line:


add user script = /usr/sbin/useradd %u -g users -s /bin/false -d /dev/null

After another unsuccessful login to PDC1 (with username ivan for example) in the PDC2's log (/var/log/samba/winxp.log) can be seen the following lines:

useradd: unable to lock password file
useradd ....gave 1


When i try to access a share on PDC2 with a PDC1 user (ivan for example), useradd is executed successfully, and user ivan is added to /etc/passwd.

I found out that during login "add user script = /usr/sbin/useradd %u ......" is executed with user nobody, and this user has no right to execute useradd, hence an error occurs.

After that i added user nobody in the /etc/sudoers so he could execute sudo on PDC2:

visudo -f sudoers
%nobody ALL=/usr/sbin/useradd

And edited smb.conf on PDC2 like this:

add user script = sudo -u root /usr/sbin/useradd %u ......


Now the logging to PDC1 works fine, but this is not normal!

My question is:
Is this a bug in samba, why when mapping a drive useradd runs as root (as described in the samba manual), but when logging, it runs as user nobody who has no right to execute useradd?

If am wrong - correct me, or point me to another solution.

Thanks in advance :-)
 
Old 02-21-2006, 09:01 AM   #2
stress_junkie
Senior Member
 
Registered: Dec 2005
Location: Massachusetts, USA
Distribution: Ubuntu 10.04 and CentOS 5.5
Posts: 3,873

Rep: Reputation: 331Reputation: 331Reputation: 331Reputation: 331
Do not add the nobody account to sudoers or any other group. The nobody account is intended to be the least privileged account on the system. Other utilities such as updatedb run under this account.

I don't know what you should do, but just don't do what you suggested.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
NFS problems - "/usr/sbin/exportfs" just hangs meeble Linux - Networking 4 07-03-2008 07:14 AM
Shell Script: Find "Word" Run "Command" granatica Linux - Software 5 07-25-2007 07:42 AM
Samba --> nobody run "add user script = /usr/sbin/useradd ....." ??!! Unconfigured Fedora 1 02-23-2006 04:54 AM
Can't run "halt" or "reboot" as user, can somebody help? ro_nicu Slackware 4 11-01-2004 07:57 AM
Compromised? Files "/usr/lib.hwm", "/usr/lib.pwd", "/usr/lib.pwi" Klaus Pforte Linux - Security 4 09-28-2004 11:33 PM


All times are GMT -5. The time now is 05:07 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration