2009/184 SMB/CIFS Share Exec Properties

[Jordan Brown]

Darren J Moffat wrote:
> Or - and this is my preferred option - there should be a requirement 
> that the commands be listed in a specific RBAC exec_attr(4) profile and 
> that smbd 'pfexec' them and by default they only run with basic privs 
> (unless the exec_attr(4) profile gives them more.

That sounds like it might be theoretically correct, but it seems like a 
pretty heavyweight thing to ask users to set up.  Remember that this is 
a mechanism intended to allow users to plug their own components - 
typically but not necessarily scripts - into the SMB connect/disconnect 
process.