URGENT: REDHAT 6.1 STORES SAMBA PRIVATE FILES IN /etc
Luke Kenneth Casson Leighton
lkcl at samba.org
Mon Dec 20 22:13:02 GMT 1999
On Mon, 20 Dec 1999 vorlon at netexpress.net wrote:
> On Tue, 21 Dec 1999, Luke Kenneth Casson Leighton wrote:
>
> > > I agree it would be safer to have a /etc/samba-private
> > > directory set root only, but they do not ship the system
> > > as insecure by default (ie. they *can* put root read
> > > only files in /etc, and it *is* safe to do so).
>
> > jeremy, the pam writers created an /etc/security directory for these sorts
> > of things. the /etc/security directory is there to make it really, really
> > obvious that these files are not to be messed with.
>
> % ls -l /etc/security
> -rw-r--r-- 1 root root 1971 Jun 7 1999 access.conf
> drwxr-xr-x 2 root root 1024 Jun 7 1999 console.apps/
> -rw-r--r-- 1 root root 1342 Jun 7 1999 console.perms
> -rw-r--r-- 1 root root 2145 Jun 7 1999 group.conf
> -rw-r--r-- 1 root root 1296 Jun 7 1999 limits.conf
> -rw-r--r-- 1 root root 2736 Jun 7 1999 pam_env.conf
> -rw-r--r-- 1 root root 2154 Jun 7 1999 time.conf
>
> % ls -ld /etc/security
> drwxr-xr-x 3 root root 1024 Jun 7 1999 /etc/security/
>
> These files are not normally locked down. The reason for creating an
> /etc/security directory is simply to put all of these configuration files
> in a single, easy-to-find place. It is *not* expected to provide
> additional security for the files contained within; it is only there to
> provide some semblance of heirarchical organization in the often-cluttered
> /etc directory.
steve,
as usual, i need to have other people such as yourself to be a voice of
reason.
thx.
luke
More information about the samba-technical
mailing list