URGENT: REDHAT 6.1 STORES SAMBA PRIVATE FILES IN /etc

Mike Harris mike at psand.net
Tue Dec 21 15:45:17 GMT 1999 

Luke,

Redhat makes the file (I believe) rw root only, so it is reasonably secure.
Caldera OpenLinux puts the files in /etc/samba.d.  I personally don't like
the SID and PID etc.  files to wind up in /etc as it clutters an already
cluttered area.  /usr/private is one option.

The reason for the mail, is that I'm in a book about Samba and in one
section that discusses the installation, I've described how to update Samba
OVER the existing locations for RedHat, Caldera and Debian.  Therefore, it
puts them in the (possibly) vulnerable locations.  I'd like that the chapter
as much as possible relays the sentiments of the Samba Team to its readers
and therefore can alter it to either suggest an alternative, preffered
location (/etc/private, /etc/samba, /usr/private etc.) or simply add in a
note with respect to this issue for administrators.  Do you have any input
on this?

Thanks in advance and regards,


Mike Harris,
Psand España.
----- Original Message -----
From: Luke Kenneth Casson Leighton <lkcl at samba.org>
To: Multiple recipients of list SAMBA-NTDOM <samba-ntdom at samba.org>
Sent: Monday, December 20, 1999 11:10 PM
Subject: Re: URGENT: REDHAT 6.1 STORES SAMBA PRIVATE FILES IN /etc


> david,
>
> my fault: it appears that they may have taken the default rpms from the
> packaging directory this time, so there are two people that need to be
> smacked:
>
> - me (for assuming that it was redhat that set this up)
>
> - john (for creating the rpm with /etc/ as the root)
>
> - me again for telling everyone it's such a big deal.
>
> luke
>
> On Tue, 21 Dec 1999, David Bannon wrote:
>
> > At 08:27 AM 21/12/1999 +1100, Luke Kenneth Casson Leighton wrote:
> > >dear redhat,
> > >
> > >i examined a friend's system today, to help him configure it.  assuming
> > >that he just "installed" from scratch the samba package, it appears
that
> > >you have provided a default smb.conf file for redhat 6.1 that puts
samba
> > >private configuration files in /etc.  the suggested options, for
example
> > >show "smbpasswd file = /etc/smbpasswd".
> > >
> > >this is REALLY bad.
> >
> > Thanks for smacking their hand over this. Redhat has a habit of changing
> > the layout of standard packages (ie Apache, PPP as well as samba). It is
a
> > real pain because things are never where you expect them and you need to
do
> > a fairly drastic uninstall before you can update.
> >
> > I advise people to leave out the major packages when installing redhat
and
> > get them from the primary source, now I can use security as an
additional
> > argument !
> >
> > David
> > ------------------------------------------------------------
> > David Bannon                      D.Bannon at latrobe.edu.au
> > School of Biochemistry            Phone 61 03 9479 2197
> > La Trobe University, Plenty Rd,   Fax   61 03 9479 2467
> > Bundoora, Vic, Australia, 3083    http://bioserve.latrobe.edu.au
> > ------------------------------------------------------------
> > ..... Humpty Dumpty was pushed !
> >

More information about the samba-ntdom mailing list