On Mon, Jul 05, 2010 at 10:00:46AM +0100, Atkinson, Robert wrote: > Before I reply, please take my response in the light it's meant, which is > curious interest and intrigue. I'm not and don't want to drag this out into a > full blown dissemination of Windows security. > > > The 'admins' directive in the CONF file holds a list of Admin users, and > gives elevated privileges to those accounts. I'm at a loss to see how this > differs from also giving root visibility to the same users. > > I see this one of two ways. Either there isn't enough faith in the SAMBA code > to feel that it's a robust secure system (I personally think it is), or > there's a paranoia amongst the community. Given the way Windows is constantly > hacked, this second observation may well be indirectly true.
It isn't a matter of either or. It's a belt-and-braces approach. Yes, if the root elevated privilege code has a bug it's game over, but with an admin share of "/", now you have *two* avenues of attack not one. Why make everyone pay that cost instead of just the people who want it ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba