URGENT: REDHAT 6.1 STORES SAMBA PRIVATE FILES IN /etc

[Luke Kenneth Casson Leighton]

On Mon, 20 Dec 1999, Jeremy Allison wrote:

> Luke Kenneth Casson Leighton wrote:
> > 
> > dear redhat,
> > 
> > i examined a friend's system today, to help him configure it.  assuming
> > that he just "installed" from scratch the samba package, it appears that
> > you have provided a default smb.conf file for redhat 6.1 that puts samba
> > private configuration files in /etc.  the suggested options, for example
> > show "smbpasswd file = /etc/smbpasswd".
> > 
> > this is REALLY bad.
> > 
> > 1) you CANNOT put smbpasswd in /etc.
> > 
> > 2) you CANNOT put private files DOMAIN.TRUST_ACCOUNT.mac in /etc.
> > 
> > i know that these require root access, however if your users start to
> > assume that just because these files are in /etc, they are equivalent to
> > /etc/passwd, they may decide to make these world-readable, and as a result
> > they will compromise the security of the box, and potentially the security
> > of remote nt-compatible boxes too (including other samba servers) because
> > these files contain CLEAR_TEXT EQUIVALENT PASSWORDS.
> 
> Hang on a sec. Luke. They can do this so long as these
> files are read only by root. Only stupid people will
> change these files to world readable. Stupid people
> shouldn't be admining systems :-).

sum(0..n)(security)t tends to zero, as number of idiots tends to infinity.

> I agree it would be safer to have a /etc/samba-private
> directory set root only, but they do not ship the system
> as insecure by default (ie. they *can* put root read
> only files in /etc, and it *is* safe to do so).

jeremy, the pam writers created an /etc/security directory for these sorts
of things. the /etc/security directory is there to make it really, really
obvious that these files are not to be messed with.

we create a private/ directory for the same reasons.

we modify the permissions not only on the file but also on the directory
to be root-access only.

readhat thinks otherwise, it seems.