[Pkg-samba-maint] Bug#444781: during samba install bogus useraccounts (like debian-exim, www-data, etc) are added to the samba user database

Michael Schmitt mschmitt at unixkiste.org
Mon Oct 1 11:11:02 UTC 2007 

reopen 444781

thanks

Am Sonntag, den 30.09.2007, 19:58 -0700 schrieb Steve Langasek:
> On Sun, Sep 30, 2007 at 10:54:48PM +0000, Michael Schmitt wrote:
> > Package: samba
> > Version: 3.0.24-6etch4
> > Severity: minor
> 
> > Hi folks,
> 
> > during install all accounts from /etc/passwd are added to the samba
> > database, why?
> 
> So that SAM entries are subsequently available for all users on the system
> without further administrator action, regardless of whether these are
> accounts that would be granted password access to samba.
> 
> > Is there any deeper sense behind this that I just don't understand? I
> > think this is not intentional and therefore I report this as a bug.
> 
> No, it is deliberate; but thank you for taking the time to report this.
sorry that I think I have to reopen this bug, but think of this:

One sets up "nt4 user manager for domains" to ease administration for
non unix guys, then another one sees "Debian-exim", "fetchmail",
"roundup", thinks a second, knows that it does not make sense, deletes
these accounts with "nt4 usermanager for domains" and goes on... the
next day angry and very annoyed folks in that company realise that mail
and the local issue tracking system is broken.
In a perfect world this would never happen and I know there are very
sensible arguments to justify the current behaviour of the samba package
in this regard... BUT this is not a perfect world, sometimes users and
admins are dumb and "you need to know what you do!" seems to be very
common on the unix side, but on the windows side? This is not a
prejudice, I've seen such things in real-life! And of course another
thing... I had a discussion about this with two costomers who wanted a
low cost domain controller with the ability to manage accounts from a
windows client (without putty *g*)... in short words it was like "What
are these accounts for? It confuses/annoys me!"
Sure, no real problem deleting those accounts from the samba user
database without touching the unix groups... but they could be not added
at the first place too, don't you think?
As a suggestion, maybe during install debconf should ask what accounts
to be added to the samba db, or only accounts with uid between 1000 and
$something should be added by default.

I hope you understand my apprehension a bit. I thought about changeing
it to a wishlist bug, but then again it may break a system at a very low
level very easily...

Your thoughts on this?

regards
Michael

More information about the Pkg-samba-maint mailing list