Re: "trapdoor uid"?

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Michael Riepe: "Re: aarrggghhh !!!!"
• Previous message: Pedro Roque: "Re: IPv6 and the "average user""
• Maybe in reply to: Ulf Jaenicke-Roessler: ""trapdoor uid"?"

| Warning: You appear to have a trapdoor gid system
|
| From 'man smbd' I learned, that the program was unable to change its
| uid to root and back. Is this a (local) misconfiguration (and what
| should I do to correct it)

It's probably because you have set the uid of `nobody' to -1. This is
wrong, because, for security reasons, samba uses setreuid() to change uid
from root to nobody. However, passing -1 to setreuid() won't work:

[setreuid.2]:

Supplying a value of -1 for either the real or effective user ID
forces the system to leave that ID unchanged.

The fix is to change nobody to e.g. -2.

-- 
Karl Anders Øygard <karl.oygard@fou.telenor.no>, +47 6384 8862
Telenor Research and Development

• Next message: Michael Riepe: "Re: aarrggghhh !!!!"
• Previous message: Pedro Roque: "Re: IPv6 and the "average user""
• Maybe in reply to: Ulf Jaenicke-Roessler: ""trapdoor uid"?"