CVS update: samba/packaging/Solaris
Andrew Bartlett
abartlet at pcug.org.au
Mon Jan 14 13:52:31 EST 2002
Shirish Kalele wrote:
>
> I thought 0711 wouldn't allow users to list the contents of the var
> directory to find out which log files there were in the first place. They
> would need to find out which log files there are in order to try and read
> one.. security through obscurity, I admit, but still slightly better than
> 755.
Well smb.conf is (almost) always world readable, and inlcudes the log
file path, so your 'slightly better' has rather evarportated :-(.
> Can't sort out the permissions on the actual files in the packaging. Are
> people okay with changing Samba to create log files with root-only
> permissions?
I think 'yet another smb.conf option' for this would actually be quite
suitable.
But why can't you 0700 the dir? If samba can't cope with this, then
maybe we should look for the bug there.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba-cvs
mailing list