Package: samba Version: 3.0.21a-1 Priority: wishlist Currently samba's postinst does this if the user says 'yes' to generate automatically the smbpasswd file:
getent passwd | /usr/sbin/mksmbpasswd > /etc/samba/smbpasswd
pdbedit -i smbpasswd -e tdbsam
rm /etc/samba/smbpasswd
This means that *all* users, including regular users and system users
are added in the smbpasswd file. The default smb.conf file has this:
invalid users = root
Which means that 'root' cannot log on to the system through SMB but since
the PAM configuration for samba is the default:
@include common-auth
@include common-account
@include common-session
All other system users will be allowed in, if they have a valid password
when the smbpasswd is generated. I don't really see what's the need
to have admin users like gdm, sshd, bin, daemon, sys, or identd (some
of those are created by packages and are not default system users) allowed
access through SMB. Granted, they don't have a valid password in most
systems but it might be better off, just in case, to improve the postinst
so that only local users (i.e. uid over FIRST_UID as defined in adduser.conf)
are added to the smbpasswd file.
That could be a debconf question if the user asked to automatically generate
the smbpasswd file. Something like : "Do you want to add the admin users to
smbpasswd?" (low priority defaulting to 'no')
If this looks like a valid change I can go ahead and propose a patch.
Regards
Javier
signature.asc
Description: Digital signature
