[samba-tng] msrpc status
Luke Kenneth Casson Leighton
lkcl at samba.org
Thu Dec 16 18:39:29 GMT 1999
> > 2) msrpc loop-back interface, aka "ncalrpc" in dce/rpc terminology.
>
> > /tmp/.msrpc 0777
> > /tmp/.msrpc/PIPE_name 0770 (or any other permissions)
> > /tmp/.msrpc/PIPE_name/socket 1777 - this is the actual unix socket.
>
> first off, it should be in /usr/local/samba/var (or equivalent) not
> /tmp. Secondly, it should be permission 0600 and be a single level
> (ie. no directory at all).
some unixes do not allow you to chmod sockets, e.g solaris (which has a
VFS and someone probably forgot to implement chmod for the unix socket
VFS).
therefore you have to have a directory on which you place the required
permissions.
> This is all part of the "you do not need to run msrpc as non-root"
> argument that I have been giving all along. Maybe it will sink in some
> day :)
it won't. i don't want anonymous users to be able to access msrpc
services as root. that's just insane and unacceptable.
More information about the samba-technical
mailing list