URGENT: REDHAT 6.1 STORES SAMBA PRIVATE FILES IN /etc

Christian Perrier perrier at onera.fr
Tue Dec 21 17:50:28 GMT 1999


Quoting Luke Kenneth Casson Leighton (lkcl at samba.org):

> this is REALLY bad.

For me this is *somewhat* bad only..:-)

> 2) you CANNOT put private files DOMAIN.TRUST_ACCOUNT.mac in /etc.

As far as the files are not world-readable, I do not really see the
problem.

> 
> i know that these require root access, however if your users start to
> assume that just because these files are in /etc, they are equivalent to
> /etc/passwd, they may decide to make these world-readable, and as a result


Sorry, but the argument is quite weak here. In /etc, you'll find
several other files for which world readability is prohibited
(/etc/shadow for instance). So, if an "administrator" decides to
make /etc/smbpasswd or *.mac files world-readable, *he* is the
culprit. He just does not deserve to be called sysadmin..

Of course, if the rpm package install smbpasswd as world-readable,
it is a bug. If the file permissions are 0600, I do not consider
this a bug. Maybe somehting that could be enhanced...

Anyway, the choice of putting configuration files somewhere under
/etc is the choice of nearly all Linux distributions now.

But, for sure, /etc/samba is a far better choice. That's Debian
choice : smb.conf is in /etc/samba and private files are under
/etc/samba/private (which is, as far as I remember, not
world-readable).

I use Debian for such reasons..:-)




More information about the samba-ntdom mailing list