URGENT: REDHAT 6.1 STORES SAMBA PRIVATE FILES IN /etc

Tue Dec 21 13:59:36 GMT 1999

	I would like to say that I in no way would want the samba team to think
that I don't absolutely LOVE the work they have done, it has save our Museum
from going into debt to have a PDC running.

	However, I would like to say that from what I've seen of Linux and other
UNIX's it is definitely more appropriate for config files for programs to go
into it's own directory under /etc/.  My roommate and I have heated
discussions on occassion, him being a Sun Sys Admin and I working primarily
with Linux, over where installed files should be, but I just can't defend
the fact that there isn't a common ground on where the config files are
supposed to be at.  I would much rather someone broke in and stole my
smbpasswd file and hacked away stealing all of those passwords that have
someone steal my passwd or shadow files.

	I believe that if a developer/development group doesn't want their
executables or libraries to be in the default directories, that is fine. I
would much rather have all the executables in /dev and the config files in
/etc than have the configs in /usr/local/ for the simple fact that I just
don't touch the executables as much as the config files so I'm not nearly as
worried about their placement.

	So, in a way I sympathize in that the rpms should be built to do what the
source does, but in my humble opinion, the source should put those files
there too.

	If a systems administrator installs something like Samba and makes the
smbpasswd file world readable, that person is asking for trouble.  If they
are in a situation where they could leak out severely damaging information,
and they are using Linux, the chances of that person not having someone on
staff to catch this error are slim to none.  Most of the places I've seen
using Linux have several people going over the system thoroughly before the
network cable or modem cable gets plugged in.

	This is simply my opinion and I'm sure a lot of people disagree, but that's
the way with opinions, everyone is wrong in someone else's opinion.

Chris Tooley
ctooley at joslyn.org
Joslyn Art Museum
2200 Dodge St.
Omaha, NE  68102
(402)342-3300

> > 1) you CANNOT put smbpasswd in /etc.
>
> SuSE does this as well. It was partly my decision. For a standard
> installation I did not want to clobber the directories. I really do
> not see any further security benefit if smbpasswd is put somewhere
> else. People who play with permissions in /etc/ have to know what they
> do. The standard installation does it just fine, and if you chmod
> anything there, you are on your own.

It still is a bit of a pain though when you want to upgrade using the source
distribution. I'd be much in favour of keeping stuff as much as possible in
[/usr/][s]bin/ for the "out of the box" packages, and in /usr/local/[s]bin/
for later added packages, since this does reduce lots and lots of PATH
definitions.
However, when an author decices/suggests a certain /usr/local/<package>/
prefix, it would be prudent to stick to that for future updates. Since
samba has a rather substantial sub-directory structure, it makes even
more sense.

Michel.

>