CVS update: samba/packaging/Solaris

Shirish Kalele kalele at veritas.com
Mon Jan 14 13:40:51 EST 2002


I thought 0711 wouldn't allow users to list the contents of the var
directory to find out which log files there were in the first place. They
would need to find out which log files there are in order to try and read
one.. security through obscurity, I admit, but still slightly better than
755.

Can't sort out the permissions on the actual files in the packaging. Are
people okay with changing Samba to create log files with root-only
permissions?

- SK

----- Original Message -----
From: "Andrew Bartlett" <abartlet at pcug.org.au>
To: <kalele at samba.org>
Cc: <samba-cvs at samba.org>
Sent: Saturday, January 12, 2002 2:24 AM
Subject: Re: CVS update: samba/packaging/Solaris


> kalele at samba.org wrote:
> >
> > Date:   Wed Jan  9 08:36:19 2002
> > Author: kalele
> >
> > Update of /data/cvs/samba/packaging/Solaris
> > In directory va:/tmp/cvs-serv1707
> >
> > Modified Files:
> >       Tag: SAMBA_2_2
> >         prototype.master
> > Log Message:
> > Modified samba/var permissions to be 0711. I don't know if 0755 is
better.
> > I just didn't want non-root users to access the log files.
>
> Well 0711 and 0755 are eqivilant as far as log file access is
> concerned...
>
> If you are worried, sort out the permissions on the actual files - or
> 0700 the dir.
>
> Andrew Bartlett
>
> --
> Andrew Bartlett                                 abartlet at pcug.org.au
> Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
> Student Network Administrator, Hawker College   abartlet at hawkerc.net
> http://samba.org     http://build.samba.org     http://hawkerc.net
>





More information about the samba-cvs mailing list