CVS update: samba/packaging/Solaris

Shirish Kalele kalele at veritas.com
Mon Jan 14 14:10:02 EST 2002


> Shirish Kalele wrote:
> >
> > I thought 0711 wouldn't allow users to list the contents of the var
> > directory to find out which log files there were in the first place.
They
> > would need to find out which log files there are in order to try and
read
> > one.. security through obscurity, I admit, but still slightly better
than
> > 755.
>
> Well smb.conf is (almost) always world readable, and inlcudes the log
> file path, so your 'slightly better' has rather evarportated :-(.
>

Sadly true, unless they use smb.conf variables; "slightly better" :-)

> > Can't sort out the permissions on the actual files in the packaging. Are
> > people okay with changing Samba to create log files with root-only
> > permissions?
>
> I think 'yet another smb.conf option' for this would actually be quite
> suitable.
>
> But why can't you 0700 the dir?  If samba can't cope with this, then
> maybe we should look for the bug there.
>

That's what I did, but it seems that breaks some things: check Guy Roussin's
mail of Jan 9th to samba-tech.

- Shirish





More information about the samba-cvs mailing list