1

I have Hitachi ID Password Manager (formerly p-synch) set up to change the password on (among other systems) an aix 6.1 server running samba. p-synch has the capability of executing additional commands by configuring "chat script" in the conf file. But p-sync does not send the old password and runs the script as the "p-sync admin ID".

Only root can change the samba password without the old password. I could get around this problem with sudo, but it is not currently installed on the aix system, and I want to make sure that sudo is the only option before installing and configuring it.

Any suggestions?

jpolache
  • 155
  • 8

2 Answers2

0

Sudo is by far the best solution for this, and if I recall from my days working in their support department, the documentation might actually call for that when you are using the legacy unix listener.

You could probably hack around it by changing the service account it uses to root, but that is a bit ugly, and running network listeners as root is undesirable.

You'd be better off using the newer SSH connector, assuming your support contract is current and you'd be willing to upgrade.

Falcon Momot
  • 24,975
  • 13
  • 61
  • 92
-1

You could try making smbpasswd setuid root (e.g. chmod 4755 /where/is/smbpasswd) - but sudo is a much cleaner/better solution.

James
  • 7,553
  • 2
  • 24
  • 33
  • It probably already is (it presumably has to manipulate a password file that's read-only to normal users), and if it wasn't, then you've just allowed any local user on the box to change passwords for any user. – Stephen Veiss Sep 30 '09 at 01:04
  • Yep, which is why I said sudo is a much better solution... :) – James Oct 01 '09 at 08:27