vorlon at netexpress.net vorlon at netexpress.net
Mon Dec 20 22:09:05 GMT 1999

On Tue, 21 Dec 1999, Luke Kenneth Casson Leighton wrote:

> > I agree it would be safer to have a /etc/samba-private
> > directory set root only, but they do not ship the system
> > as insecure by default (ie. they *can* put root read
> > only files in /etc, and it *is* safe to do so).

> jeremy, the pam writers created an /etc/security directory for these sorts
> of things. the /etc/security directory is there to make it really, really
> obvious that these files are not to be messed with.

% ls -l /etc/security
-rw-r--r--   1 root     root         1971 Jun  7  1999 access.conf
drwxr-xr-x   2 root     root         1024 Jun  7  1999 console.apps/
-rw-r--r--   1 root     root         1342 Jun  7  1999 console.perms
-rw-r--r--   1 root     root         2145 Jun  7  1999 group.conf
-rw-r--r--   1 root     root         1296 Jun  7  1999 limits.conf
-rw-r--r--   1 root     root         2736 Jun  7  1999 pam_env.conf
-rw-r--r--   1 root     root         2154 Jun  7  1999 time.conf

% ls -ld /etc/security
drwxr-xr-x   3 root     root         1024 Jun  7  1999 /etc/security/

These files are not normally locked down.  The reason for creating an
/etc/security directory is simply to put all of these configuration files
in a single, easy-to-find place.  It is *not* expected to provide
additional security for the files contained within; it is only there to
provide some semblance of heirarchical organization in the often-cluttered
/etc directory.

-Steve Langasek
postmodern programmer

More information about the samba-technical mailing list