URGENT: REDHAT 6.1 STORES SAMBA PRIVATE FILES IN /etc

[Luke Kenneth Casson Leighton]

On Mon, 20 Dec 1999 vorlon at netexpress.net wrote:

> On Tue, 21 Dec 1999, Luke Kenneth Casson Leighton wrote:
> 
> > > I agree it would be safer to have a /etc/samba-private
> > > directory set root only, but they do not ship the system
> > > as insecure by default (ie. they *can* put root read
> > > only files in /etc, and it *is* safe to do so).
> 
> > jeremy, the pam writers created an /etc/security directory for these sorts
> > of things. the /etc/security directory is there to make it really, really
> > obvious that these files are not to be messed with.
> 
> % ls -l /etc/security
> -rw-r--r--   1 root     root         1971 Jun  7  1999 access.conf
> drwxr-xr-x   2 root     root         1024 Jun  7  1999 console.apps/
> -rw-r--r--   1 root     root         1342 Jun  7  1999 console.perms
> -rw-r--r--   1 root     root         2145 Jun  7  1999 group.conf
> -rw-r--r--   1 root     root         1296 Jun  7  1999 limits.conf
> -rw-r--r--   1 root     root         2736 Jun  7  1999 pam_env.conf
> -rw-r--r--   1 root     root         2154 Jun  7  1999 time.conf
> 
> % ls -ld /etc/security
> drwxr-xr-x   3 root     root         1024 Jun  7  1999 /etc/security/
> 
> These files are not normally locked down.  The reason for creating an
> /etc/security directory is simply to put all of these configuration files
> in a single, easy-to-find place.  It is *not* expected to provide
> additional security for the files contained within; it is only there to
> provide some semblance of heirarchical organization in the often-cluttered
> /etc directory.

steve,

as usual,  i need to have other people such as yourself to be a voice of
reason.

thx.

luke