2009/184 SMB/CIFS Share Exec Properties
Alan M Wright
amw at sun.com
Mon Mar 23 13:35:54 PDT 2009
On 03/23/09 13:22, Jordan Brown wrote:
> Darren J Moffat wrote:
>> Or - and this is my preferred option - there should be a requirement
>> that the commands be listed in a specific RBAC exec_attr(4) profile
>> and that smbd 'pfexec' them and by default they only run with basic
>> privs (unless the exec_attr(4) profile gives them more.
>
> That sounds like it might be theoretically correct, but it seems like a
> pretty heavyweight thing to ask users to set up. Remember that this is
> a mechanism intended to allow users to plug their own components -
> typically but not necessarily scripts - into the SMB connect/disconnect
> process.
I thought about that a while ago but was concerned about end
user flexibility. We can take a look at it.
Alan
More information about the opensolaris-arc
mailing list