Uploaded image for project: 'FreeNAS / TrueNAS'
  1. FreeNAS / TrueNAS
  2. NAS-101818

Stop granting Samba privileges to local users for standalone servers

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Done (View Workflow)
    • Priority: Low
    • Resolution: Done
    • Affects Version/s: 11.2-U4.1
    • Fix Version/s: 11.2-U5
    • Component/s: Services
    • Labels:
      None
    • Attempts to pass:
      1
    • Testing System:
      X10-HA
    • QA Status:
      Test Passes TrueNAS
    • Acceptance Criteria:
      Hide
      Create local user, then run the command pdbedit -Lv and observe user's SID. Then `tdbdump /var/db/system/samba4/account_policy.tdb` and check for entry granting that SID additional privileges. Failing that, run `net rpc rights list accounts` to dump a list of users / groups with their permissions.
      Show
      Create local user, then run the command pdbedit -Lv and observe user's SID. Then `tdbdump /var/db/system/samba4/account_policy.tdb` and check for entry granting that SID additional privileges. Failing that, run `net rpc rights list accounts` to dump a list of users / groups with their permissions.

      Description

      These rights are an unnecessary privilege elevation for regular users. Does not affect 11.3.

        Attachments

          Container Issues

            Activity

              People

              • Assignee:
                awalker Andrew Walker
                Reporter:
                awalker Andrew Walker
                QE Engineer:
                Ryan McKenzie
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Summary Panel