On 02/18/2013 03:41 PM, I wrote: > Perhaps people on this mailing > list using non-standard map programs could give this patch a try? I forgot that I actually ran into a problem with my own auto.smb script (Patch 2/2) myself :-) For the servers which are not in the Kerberos realm, I was using credentials files under /etc/creds, the permissions of which were root.root and 0700 - this couldn't work any more after dropping root priviliges. I fixed the problem by changing permissions on /etc/creds to root.root, 0750. This worked because we called setuid() only, not setgid(). I suppose that most problems that my patch may cause for various program maps out there will have similar solutions - fixing permissions of some files somewhere. That might actually be good because admins are forced to take a closer look at the security aspects of autofs and program maps. Martin -- Dr. Martin Wilck PRIMERGY System Software Engineer x86 Server Engineering FUJITSU Fujitsu Technology Solutions GmbH Heinz-Nixdorf-Ring 1 33106 Paderborn, Germany Phone: ++49 5251 525 2796 Fax: ++49 5251 525 2820 Email: martin.wilck@xxxxxxxxxxxxxx Internet: http://ts.fujitsu.com Company Details: http://ts.fujitsu.com/imprint -- To unsubscribe from this list: send the line "unsubscribe autofs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
