Your message dated Tue, 7 Jun 2011 15:12:10 -0700
with message-id <[email protected]>
and subject line Re: Bug#378454: A solution was given for this suggestion
has caused the Debian Bug report #378454,
regarding swat: not usable when root account is disabled (pure sudo system)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
378454: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=378454
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: swat
Version: 3.0.22-1
Severity: important
debian-installer now offers the option to disable the root account and
grant a normal user full sudo priviledges instead.
With such a setup swat is not usable, since it seems to insist on a
login with username 'root' + root's unix password.
Extensive googling seems to suggest that swat authenticates against
the samba passwords -- at the moment it does not, but I like the idea.
Please provide some way for logging in to swat as admin without having
to have a root account. This would have the added benefit that people
who one don't have to transmit the password in the clear.
Regards,
Christian
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17.4-99-em64t-p4-smp
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages swat depends on:
ii debconf [debconf-2.0] 1.5.2 Debian configuration management sy
ii libc6 2.3.6-15 GNU C Library: Shared libraries
ii libcomerr2 1.39-1 common error description library
ii libcupsys2 1.2.1-3 Common UNIX Printing System(tm) -
ii libkrb53 1.4.3-7 MIT Kerberos runtime libraries
ii libldap2 2.1.30-13+b1 OpenLDAP libraries
ii libpam0g 0.79-3.1 Pluggable Authentication Modules l
ii libpopt0 1.10-2 lib for parsing cmdline parameters
ii netbase 4.25 Basic TCP/IP networking system
ii samba 3.0.22-1 a LanManager-like file and printer
ii samba-doc 3.0.22-1 Samba documentation
swat recommends no packages.
-- debconf information excluded
--- End Message ---
--- Begin Message ---
On Tue, Jun 07, 2011 at 08:10:54PM +0200, Christian PERRIER wrote:
> I think that Jerôme Warnier's suggestion in this bug's log:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=29;bug=378454
> Is a good way to address the original concern. Hence, I'm closing this
> bug report.
Not with that particular group; the 'adm' group confers privileges to read
logfiles under /var/log, and shouldn't be reused for something like this
unless the sysadmin is sure this is a correct security policy for their
specific site.
But yes, changing the permissions on smb.conf to let other users edit it
(possibly users in the group 'sudo'?) would seem to be a good solution.
(Really closing this bug report :)
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
[email protected] [email protected]
signature.asc
Description: Digital signature
--- End Message ---
