[prev in list] [next in list] [prev in thread] [next in thread] 

List:       samba
Subject:    Re: [Samba] Only root can use net command, because of permissions of secrets.tdb
From:       Andrew Bartlett via samba <samba () lists ! samba ! org>
Date:       2018-10-30 0:47:09
Message-ID: 1540860429.23891.111.camel () samba ! org
[Download RAW message or body]

On Mon, 2018-10-29 at 16:50 -0700, Deft Developer via samba wrote:
> It seems that I can only run "net ads" commands as sudo, otherwise I get an
> error:
> 
> Failed to open /var/lib/samba/private/secrets.tdb
> 
> This is because secrets.tbd has the permissions 700.
> 
> This is the case even for listing users with the machine account:
> 
> net ads user -P
> 
> Is this the normal behavior? Is there a correct way to configure so that
> ordinary users can use net without sudo?
> 

Correct, -P means to read the machine account from secrets.tdb, so this
is a privileged operation and so needs root permissions.

Andrew Bartlett

-- 
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT   
https://catalyst.net.nz/services/samba





-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
[prev in list] [next in list] [prev in thread] [next in thread]