URGENT: REDHAT 6.1 STORES SAMBA PRIVATE FILES IN /etc
Luke Kenneth Casson Leighton
lkcl at samba.org
Tue Dec 21 18:43:07 GMT 1999
IN MY OPINION :)
- smb.conf file is file in /etc
- if you are concerned about novice users who may not be aware of the
risks associated with modifying the file permisions: smbpasswd and *.mac
are better off in a private directory (we use /usr/local/samba/private)
where the permissions on the directory are rwx------ to root only.
best regards,
luke
p.s just my opinion.
On Tue, 21 Dec 1999, Mike Harris wrote:
> Luke,
>
> Redhat makes the file (I believe) rw root only, so it is reasonably secure.
> Caldera OpenLinux puts the files in /etc/samba.d. I personally don't like
> the SID and PID etc. files to wind up in /etc as it clutters an already
> cluttered area. /usr/private is one option.
>
> The reason for the mail, is that I'm in a book about Samba and in one
> section that discusses the installation, I've described how to update Samba
> OVER the existing locations for RedHat, Caldera and Debian. Therefore, it
> puts them in the (possibly) vulnerable locations. I'd like that the chapter
> as much as possible relays the sentiments of the Samba Team to its readers
> and therefore can alter it to either suggest an alternative, preffered
> location (/etc/private, /etc/samba, /usr/private etc.) or simply add in a
> note with respect to this issue for administrators. Do you have any input
> on this?
>
> Thanks in advance and regards,
>
>
> Mike Harris,
> Psand España.
> ----- Original Message -----
> From: Luke Kenneth Casson Leighton <lkcl at samba.org>
> To: Multiple recipients of list SAMBA-NTDOM <samba-ntdom at samba.org>
> Sent: Monday, December 20, 1999 11:10 PM
> Subject: Re: URGENT: REDHAT 6.1 STORES SAMBA PRIVATE FILES IN /etc
>
>
> > david,
> >
> > my fault: it appears that they may have taken the default rpms from the
> > packaging directory this time, so there are two people that need to be
> > smacked:
> >
> > - me (for assuming that it was redhat that set this up)
> >
> > - john (for creating the rpm with /etc/ as the root)
> >
> > - me again for telling everyone it's such a big deal.
> >
> > luke
> >
> > On Tue, 21 Dec 1999, David Bannon wrote:
> >
> > > At 08:27 AM 21/12/1999 +1100, Luke Kenneth Casson Leighton wrote:
> > > >dear redhat,
> > > >
> > > >i examined a friend's system today, to help him configure it. assuming
> > > >that he just "installed" from scratch the samba package, it appears
> that
> > > >you have provided a default smb.conf file for redhat 6.1 that puts
> samba
> > > >private configuration files in /etc. the suggested options, for
> example
> > > >show "smbpasswd file = /etc/smbpasswd".
> > > >
> > > >this is REALLY bad.
> > >
> > > Thanks for smacking their hand over this. Redhat has a habit of changing
> > > the layout of standard packages (ie Apache, PPP as well as samba). It is
> a
> > > real pain because things are never where you expect them and you need to
> do
> > > a fairly drastic uninstall before you can update.
> > >
> > > I advise people to leave out the major packages when installing redhat
> and
> > > get them from the primary source, now I can use security as an
> additional
> > > argument !
> > >
> > > David
> > > ------------------------------------------------------------
> > > David Bannon D.Bannon at latrobe.edu.au
> > > School of Biochemistry Phone 61 03 9479 2197
> > > La Trobe University, Plenty Rd, Fax 61 03 9479 2467
> > > Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au
> > > ------------------------------------------------------------
> > > ..... Humpty Dumpty was pushed !
> > >
>
More information about the samba-ntdom
mailing list