Skip to content

lbrayner/safe_smbpasswd

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
net
net
 
 
nmap
nmap
 
 
smbpasswd
smbpasswd
 
 
.gitignore
.gitignore
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 

Repository files navigation

Run /usr/bin/smbpasswd and /usr/bin/net in a safe way.

A wrapper for /usr/bin/smbpasswd that: sanitizes arguments; and forks.

The only allowed usage is:

smbpasswd (-s -a?|-x) USERNAME

USERNAME has to match the regex ^[a-zA-Z][0-9a-zA-Z._\\-]+$. USERNAME root is not allowed.

Meant for apache or nginx. You can safely grant sudo privileges to e.g. the apache user www-data.

Copy the generated binary:

$ git clone 'https://github.com/lbrayner/safe_smbpasswd'
$ cd safe_smbpasswd
safe_smbpasswd$ make
safe_smbpasswd$ cp -f smbpasswd/safe_smbpasswd /usr/local/bin/smbpasswd

Add this sudo rule (don't forget to use visudo):

www-data ALL = (root) NOPASSWD: /usr/local/bin/smbpasswd

Now www-data can safely run smbpasswd via safe_smbpasswd.

About

Wrapper for smbpasswd that apache can safely use

Topics

linux nginx wrapper gnu-linux samba sudo bsd apache2

Resources

Readme
Activity

Stars

2 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages