URGENT: REDHAT 6.1 STORES SAMBA PRIVATE FILES IN /etc
Christian Perrier
perrier at onera.fr
Tue Dec 21 17:50:28 GMT 1999
Quoting Luke Kenneth Casson Leighton (lkcl at samba.org):
> this is REALLY bad.
For me this is *somewhat* bad only..:-)
> 2) you CANNOT put private files DOMAIN.TRUST_ACCOUNT.mac in /etc.
As far as the files are not world-readable, I do not really see the
problem.
>
> i know that these require root access, however if your users start to
> assume that just because these files are in /etc, they are equivalent to
> /etc/passwd, they may decide to make these world-readable, and as a result
Sorry, but the argument is quite weak here. In /etc, you'll find
several other files for which world readability is prohibited
(/etc/shadow for instance). So, if an "administrator" decides to
make /etc/smbpasswd or *.mac files world-readable, *he* is the
culprit. He just does not deserve to be called sysadmin..
Of course, if the rpm package install smbpasswd as world-readable,
it is a bug. If the file permissions are 0600, I do not consider
this a bug. Maybe somehting that could be enhanced...
Anyway, the choice of putting configuration files somewhere under
/etc is the choice of nearly all Linux distributions now.
But, for sure, /etc/samba is a far better choice. That's Debian
choice : smb.conf is in /etc/samba and private files are under
/etc/samba/private (which is, as far as I remember, not
world-readable).
I use Debian for such reasons..:-)
More information about the samba-ntdom
mailing list