You beat me to it Lars,  I found it yesterday on my system here...

Thank goodness there's only *one* user right now, so the only one I could
blame was me <g>.  Well, as my cat always says when it falls off the
buffet --- "I meant to do that!" ;-)

Best,
Joe "Doin' the Samba and Deleted an Account" Geiser

----------------------------------------------------------------------
Joe Geiser
CSI Business Solutions
140 Bristol-Oxford Valley Road, Suite 102
Langhorne, PA 19047-3083
Toll Free (US/Canada): (888) 956-9812
[log in to unmask] (at work)
[log in to unmask] (at play)
----------------------------------------------------------------------

----------
> From: Lars Appel <[log in to unmask]>
> To: [log in to unmask]
> Subject: Samba/iX Security Advice (important)
> Date: Thursday, April 03, 1997 12:30 PM
>
> Hi all,
>
> IF you are using Samba/iX with the "default" setup suggested by the
> ReadMe file(s) i.e. with the PM programs SMBD and NMBD in SAMBA.SYS
> with group access rights something like R,X:ANY ...
>
> THEN I _strongly_recommend_ to modify this by adding ACD's with
>
>   :ALTSEC @.SAMBA.SYS ;NEWACD=(X:MGR.SAMBA)
>
> AND furthermore make sure that MGR.SAMBA (if that is the user you
> chose for running the SMBMON and/or NMBMON jobs or in inetd.conf)
> is secured with proper passwords and is the only one who has write
> access to the Samba config files (smb.conf and alike).
>
> For obvious reasons I don't want to go into details here...
>
> Lars "oops" Appel
>
> By the way, am I the first one to notice this issue or
> am I just the first one putting out a public warning??